Re: [squid-users] R: Re: [squid-users] Reverse proxy HTTPS to HTTP, with 2.6 from Joel CARNAT on 2006-11-10 (squid-users)

From: Joel CARNAT <joel@dont-contact.us>
Date: Fri, 10 Nov 2006 15:41:30 +0100

Hi,

isn't this that you want to do:
http://www.mail-archive.com/squid-users@squid-cache.org/msg41994.html

for the authent, I suspect you have to look for NTLM authent.
but I don't know how to (windows) authenticate users from Squid.

On Ven, nov 10 2006 - 14:57, Reale Marco wrote:
> Hi joel and henrik
>
> I'm interested in yours thread. Can you briefly to synthetize all needed steps?
> I would like to configure reverse proxy for my owa (exchange 2003)
>
> Actually this is my configuration
>
> Internet
> |
> |(http requestes redirected to https by isa)
> Dmz - Isa Server 2006 (reverse proxy)
> |(http communication between isa and exchange)
> |
> Internal Exchange 2003
>
>
> 1) When a user write in his browser http://webmail.mycompany.it isa before all redirect http request to https (a certificate is installed on isa) and it allow nt authentication over http (in isa there is a menu in order to enable this future); Isa "speak" through http with my internal exchange server and if user's domain credential are correct, email box is displayed.
>
> Ho can I make the same thing with Squid? I would like to substitute isa with squid
>
> Thanks
>
> -----Messaggio originale-----
> Da: Joel CARNAT [mailto:joel@carnat.net]
> Inviato: venerdì 10 novembre 2006 14.23
> A: Henrik Nordstrom
> Cc: squid-users@squid-cache.org
> Oggetto: Re: Re: [squid-users] Reverse proxy HTTPS to HTTP, with 2.6
>
> On Ven, nov 10 2006 - 12:12, Henrik Nordstrom wrote:
> > fre 2006-11-10 klockan 11:57 +0100 skrev Joel CARNAT:
> >
> > > Now that I upgraded to 2.6, I read those options don't exist anymore
> > > and are replaced by options in http_port/https_port. Publishing HTTP
> > > to HTTP is OK but publishing HTTPS to HTTP doesn't work.
> > > I have configured 2.6 as follow:
> > > ####################################################################
> > > ####
> > > http_port 80 transparent
> > > https_port 443 cert=/etc/openssl/certs/server.pem
> > > key=/etc/openssl/private/server.key
> >
> >
> > The above should be
> >
> > http_port 80 defaultsite=your.main.http.website.name vhost https_port
> > 443 defaultsite=your.https.website.name cert=...
> >
> > And then a cache_peer with the origin server option to tell Squid
> > where to forward the requests.
> >
>
> Great, it works - I had to use "vhost" on the https_port too.
>
> Thanks a lot for your help!
>
> Jo
>
Received on Fri Nov 10 2006 - 07:42:39 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST