Re: [squid-users] Configuring reverse proxy for both 80/443

I've gotten part of it to work with two cache_peer lines such as:

acl incoming_ssl dstdomain ssl.domain.com
acl incoming_default dstdomain domain.com www.domain.com

http_port 80 accel vhost
https_port 443 cert=/usr/YOURCERT.cer key=/usr/YOURKEY.key vhost

cache_peer xxx.xxx.xxx.xxx parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=ssl.domain.com
cache_peer_access ssl.domain.com allow incoming_ssl

cache_peer xxx.xxx.xxx.xxx(same server) parent 80 0 no-query
originserver name=*hostname of webserver*
cache_peer_access *hostname of website* allow incoming_default

But I have a problem with this config......

Because my "domain.com" is in the acl even without the *.domain.com it
still allows an 80 connection for my 443 website "ssl.domain.com"
.... And because it still communicates with the originserver over 443,
the originserver does not have an issue..... HOW can I force squid to
accept only 443 connections for a website on a originserver that squid
already uses for 80 connections?

Please help

-l3d
On Tue, Mar 4, 2008 at 7:16 PM, Nick Duda <nduda@vistaprint.com> wrote:
> Nope, it throws an error, I tried that.
>
>
>
> -----Original Message-----
> From: Chris Woodfield [mailto:rekoil@semihuman.com]
> Sent: Tuesday, March 04, 2008 8:02 PM
> To: Nick Duda
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Configuring reverse proxy for both 80/443
>
> I haven't tried this myself, but can't you just have two cache-peer
> lines with the same host but different port numbers?
>
> -C
>
> On Mar 4, 2008, at 5:11 PM, Nick Duda wrote:
>
> > I seem to be stumped. I need to reverse proxy for one internal server
> > that listens on both 80 and 443. How can I configure squid to proxy
> > for
> > the same cache-peer on both 80 and 443? As far as I can see you can
> > only
> > specify one protocol per cache-peer line. I think I am missing
> > something.
> >
> > - Nick
> >
>
>
Received on Fri Mar 07 2008 - 16:05:33 MST