Re: [squid-users] Reverse proxy HTTPS port on 8443

OK, here the problem is SSL certificate is keeping in the destination
backend server and this is initializing the SSL transaction. The
proxy server itself has some SSL cert/key for other servers for any
HTTPS request from the clients ...

I had tried redirection from http://example.com:8080/abc to
https://example.com:8443/abc in apache just for testing, but getting
some dots only in the browser ..!!

thanks,

Br-
Navas

  At 04:41 PM 9/19/2006, fulan Peng wrote:
>I show you a workable configuration file for 2.6 S3. You can replace
>those things.
>
>http_port 127.0.0.1:80 defaultsite=ddint.org
>https_port 443 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
>defaultsite=zyzg.org.ru
>https_port 9001 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
>defaultsite=192.168.0.1
>https_port 9003 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
>defaultsite=www.peacehall.com
>cache_peer www.peacehall.com parent 80 0 originserver name=peacehall
>
>cache_peer 192.168.0.1 parent 5225 0 originserver name=futurechinaforum
>cache_peer zyzg.org.ru parent 80 0 originserver name=zyzg
>cache_peer ddint.org parent 80 0 originserver name=ddint
>hierarchy_stoplist cgi-bin ?
>acl QUERY urlpath_regex cgi-bin \?
>cache deny QUERY
>acl apache rep_header Server ^Apache
>broken_vary_encoding allow apache
>access_log c:/squid/var/logs/access.log squid
>debug_options ALL,9
>refresh_pattern ^ftp: 1440 20% 10080
>refresh_pattern ^gopher: 1440 0% 1440
>refresh_pattern . 0 20% 4320
>acl www.peacehall.com dstdomain www.peacehall.com
>acl 192.168.0.1 dstdomain 192.168.0.1
>acl zyzg.org.ru dstdomain zyzg.org.ru
>acl ddint.org dstdomain ddint.org
>acl all src 0.0.0.0/0.0.0.0
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl to_localhost dst 127.0.0.0/8
>acl SSL_ports port 443 563
>acl Safe_ports port 80
>acl Safe_ports port 21
>acl Safe_ports port 443 563
>acl Safe_ports port 70
>acl Safe_ports port 210
>acl Safe_ports port 1025-65535
>acl Safe_ports port 280
>acl Safe_ports port 488
>acl Safe_ports port 591
>acl Safe_ports port 777
>acl CONNECT method CONNECT
>http_access allow zyzg.org.ru
>http_access allow www.peacehall.com
>http_access allow ddint.org
>#http_access allow www.dajiyuan.com
>http_access allow 192.168.0.1
>http_access allow localhost
>http_access allow manager localhost
>http_access deny manager
>http_access deny !Safe_ports
>http_access deny CONNECT !SSL_ports
>http_access allow all
>http_reply_access allow all
>icp_access allow all
>cache_peer_access zyzg allow zyzg.org.ru
>cache_peer_access peacehall allow www.peacehall.com
>cache_peer_access futurechinaforum allow 192.168.0.1
>#cache_peer_access dajiyuan allow www.dajiyuan.com
>cache_peer_access ddint allow ddint.org
>visible_hostname ddint.org
>coredump_dir c:/squid/var/cache
>
>
>On 9/19/06, Mohamed Navas V <abusam@gmail.com> wrote:
>>hi,
>>
>>We have one setup with a reverse proxy for multiple backend back
>>servers. All these servers are for HTTPtraffic only with accel port
>>80.
>>
>>But it's propsed one additional with the existing setup as follows:-
>>
>>
>> request on port 8080 request
>> on port 8080
>>user
>>-------------------------------->R.Proxy------------------------------->Web
>>Server
>>
>> Replay on 8443 replay on port 8443
>>user
>><--------------------------------R.Proxy<--------------------------------Web
>>Server
>>
>>ie User will request http://example.com:8080/abc but he want to get
>>HTTPS replay as https://example.com:8443/abc ....
>>
>>We are using squid 2.5, all other servers except this one are
>>listening on 80,443 ports only.
>>
>>What changes to be done config file for the same ?
>>
>>Br--
>>Navas
Received on Tue Sep 19 2006 - 23:41:55 MDT