Re: [squid-users] HTTPS -> Squid -> HTTP -> origin

From: Amos Jeffries <squid3@dont-contact.us>
Date: Thu, 4 Oct 2007 15:20:36 +1300 (NZDT)

> On ons, 2007-10-03 at 10:40 +0100, Bruce Badger wrote:
>> It's great to see RC releases of Squid 3.0.
>>
>> One of the things I heard would be possible with Squid 3.0 is to have
>> Squid accept HTTPS requests and to pass these on to an origin server
>> as HTTP requests and the reverse effect with responses,
>
> Yes, this has been possible since Squid-2.5, and is still possible in
> 3.0..
>
> see the https_port directive. And the FAQ chapter on reverse proxying.
>
>> I found no mention of SSL or HTTPS on the reverse proxy page.
>
> Right.. certainly deserves to be mentioned there. Any takers for writing
> up that part?
>

I was thinking of it last night with the HTTPS tests.
 The problem though was that I don't seem to understand it very well. When
I configured:

   https_port 3127 cert=/test/squid.pem key=/test/squid.key
defaultsite=treenet.co.nz
   cache_peer *** 80 0 originserver
   ...

Then requested "https://192.168.0.192:3127/" in the browser to grab from
the test cache. I kept getting squid error pages indicating it could not
connect to "https://treenet.co.nz/"

Is there something that elides the 'https' in the relayed request?

This is the test config I mentioned elsewhere that wouldn't even accept
connections unless visible_hostname matched the encrypted domain inside
the .pem.

Amos
Received on Wed Oct 03 2007 - 20:20:39 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT