Re: [squid-users] Reverse proxy HTTPS port on 8443

From: fulan Peng <fulanpeng@dont-contact.us>
Date: Tue, 19 Sep 2006 08:41:38 -0400

I show you a workable configuration file for 2.6 S3. You can replace
those things.

http_port 127.0.0.1:80 defaultsite=ddint.org
https_port 443 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
defaultsite=zyzg.org.ru
https_port 9001 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
defaultsite=192.168.0.1
https_port 9003 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
defaultsite=www.peacehall.com
cache_peer www.peacehall.com parent 80 0 originserver name=peacehall

cache_peer 192.168.0.1 parent 5225 0 originserver name=futurechinaforum
cache_peer zyzg.org.ru parent 80 0 originserver name=zyzg
cache_peer ddint.org parent 80 0 originserver name=ddint
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log c:/squid/var/logs/access.log squid
debug_options ALL,9
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl www.peacehall.com dstdomain www.peacehall.com
acl 192.168.0.1 dstdomain 192.168.0.1
acl zyzg.org.ru dstdomain zyzg.org.ru
acl ddint.org dstdomain ddint.org
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow zyzg.org.ru
http_access allow www.peacehall.com
http_access allow ddint.org
#http_access allow www.dajiyuan.com
http_access allow 192.168.0.1
http_access allow localhost
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
http_reply_access allow all
icp_access allow all
cache_peer_access zyzg allow zyzg.org.ru
cache_peer_access peacehall allow www.peacehall.com
cache_peer_access futurechinaforum allow 192.168.0.1
#cache_peer_access dajiyuan allow www.dajiyuan.com
cache_peer_access ddint allow ddint.org
visible_hostname ddint.org
coredump_dir c:/squid/var/cache

On 9/19/06, Mohamed Navas V <abusam@gmail.com> wrote:
> hi,
>
> We have one setup with a reverse proxy for multiple backend back
> servers. All these servers are for HTTPtraffic only with accel port
> 80.
>
> But it's propsed one additional with the existing setup as follows:-
>
>
> request on port 8080 request on port 8080
> user -------------------------------->R.Proxy------------------------------->Web
> Server
>
> Replay on 8443 replay on port 8443
> user <--------------------------------R.Proxy<--------------------------------Web
> Server
>
> ie User will request http://example.com:8080/abc but he want to get
> HTTPS replay as https://example.com:8443/abc ....
>
> We are using squid 2.5, all other servers except this one are
> listening on 80,443 ports only.
>
> What changes to be done config file for the same ?
>
> Br--
> Navas
>
Received on Tue Sep 19 2006 - 06:41:46 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT