Re: [squid-users] Help needed

From: Chris Robertson <crobertson@dont-contact.us>
Date: Thu, 20 Mar 2008 15:00:37 -0800

Siju John wrote:
> Hi,
> I am planning to configure Squid in a pass through ssl mode where the SSL negotiations should be handled by the end servers.

Squid, as an accelerator, can't tunnel SSL traffic. You are going to
have to terminate the SSL connection at squid, and then have it open a
new connection to the back end server (using SSL or not), or use DNAT,
or a TCP tunneling program.

> We have two servers acting as end servers on two different URLs (qaint12.raddns.net and qaint13.raddns.net:5431). The squid proxy acts as a front end to both the sites. Was trying to configure this on squid 3.0 as per the configuration :
>
> http_port 80 accel vhost
> cache_peer 192.168.16.12 parent 80 3130 no-query originserver name=server_1
> acl sites_server_1 dstdomain qaint12.raddns.net
> cache_peer_access server_1 allow sites_server_1
> https_port 443 vhost
>

This route implies you wish to terminate the SSL connection at Squid and
make requests to the back end server, but it needs a few more
arguments. See
http://www.squid-cache.org/Versions/v2/2.6/cfgman/https_port.html

> cache_peer 192.168.16.12 parent 80 3130 no-query originserver name=server_3
> acl sites_server_3 dstdomain qaint12.raddns.net
> cache_peer_access server_3 allow sites_server_3
> http_port 5431 accel vhost
>

This should be a https_port directive, and also needs some more arguments.

> cache_peer 192.168.16.13 parent 5431 3130 no-query originserver name=server_2
>

Assuming port 5431 on the back end server is HTTPS, you need to add
"ssl" to that argument list.

> acl sites_server_2 dstdomain qaint13.raddns.net
> cache_peer_access server_2 allow sites_server_2
>
> However, when the browser hits the squid proxy, It shows the error unsupported-request-method in the squid logs.
> Most of the times, it does not even hit the squid and the client browser shows "page cannot be displayed"
>
> Would greatly appreciate any help
>
> Thanks
> Siju
>

Chris
Received on Thu Mar 20 2008 - 17:00:43 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT