[squid-users] R: Re: [squid-users] Reverse proxy HTTPS to HTTP, with 2.6

From: Reale Marco <Marco.Reale@dont-contact.us>
Date: Fri, 10 Nov 2006 14:57:07 +0100

Hi joel and henrik

I'm interested in yours thread. Can you briefly to synthetize all needed steps?
I would like to configure reverse proxy for my owa (exchange 2003)

Actually this is my configuration

Internet
|
|(http requestes redirected to https by isa)
Dmz - Isa Server 2006 (reverse proxy)
|(http communication between isa and exchange)
|
Internal Exchange 2003

1) When a user write in his browser http://webmail.mycompany.it isa before all redirect http request to https (a certificate is installed on isa) and it allow nt authentication over http (in isa there is a menu in order to enable this future); Isa "speak" through http with my internal exchange server and if user's domain credential are correct, email box is displayed.

Ho can I make the same thing with Squid? I would like to substitute isa with squid

Thanks

-----Messaggio originale-----
Da: Joel CARNAT [mailto:joel@carnat.net]
Inviato: venerd́ 10 novembre 2006 14.23
A: Henrik Nordstrom
Cc: squid-users@squid-cache.org
Oggetto: Re: Re: [squid-users] Reverse proxy HTTPS to HTTP, with 2.6

On Ven, nov 10 2006 - 12:12, Henrik Nordstrom wrote:
> fre 2006-11-10 klockan 11:57 +0100 skrev Joel CARNAT:
>
> > Now that I upgraded to 2.6, I read those options don't exist anymore
> > and are replaced by options in http_port/https_port. Publishing HTTP
> > to HTTP is OK but publishing HTTPS to HTTP doesn't work.
> > I have configured 2.6 as follow:
> > ####################################################################
> > ####
> > http_port 80 transparent
> > https_port 443 cert=/etc/openssl/certs/server.pem
> > key=/etc/openssl/private/server.key
>
>
> The above should be
>
> http_port 80 defaultsite=your.main.http.website.name vhost https_port
> 443 defaultsite=your.https.website.name cert=...
>
> And then a cache_peer with the origin server option to tell Squid
> where to forward the requests.
>

Great, it works - I had to use "vhost" on the https_port too.

Thanks a lot for your help!

        Jo
Received on Fri Nov 10 2006 - 06:57:14 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST