Re: [squid-users] reverse proxy https -> http and redirect request from server

From: Amos Jeffries <squid3@dont-contact.us>
Date: Thu, 08 May 2008 00:29:58 +1200

Wojciech Durczyński wrote:
> Hello
>
> I try to set squid as a reverse proxy. Clients should connect via https,
> and originserver is via http.
> Client ---(https://neon:3129/)--> squid ----(http://neon:8085/)---->
> webserver
>
> My configuration is something like that:
>
> https_port 3129 accel vport protocol=http cert=/root/private/cacert.pem
> key=/root/private/privkey.pem
> cache_peer neon 8085 0 no-query originserver name=neon
> cache_peer_access neon allow all
> http_access allow all
>
> Client shouldn't know anything about address of webserver.
> It works well unless webserver generate
> HTTP/1.0 302 Moved Temporarily
> Location: http://neons_ip:3129/sth
>
> Then web browser tries to connect with squid's https port via standard
> http, and I get information "connection reset".
> How to configure right behaviour? Is it a bug in squid?

Config error.

Webserver still needs to knwo its public domain and think in terms of
its public FQDN. So that it generates absolute-URI properly.

I'd advise squid contain either:
   cache_peer <ip-of-neon> ...
or:
   cache_peer <rDNS-name-of-neon> ...

ip-of-neon / rDNS-name-of-neon need not be publicly visible (better if
they are not).

Amos

-- 
Please use Squid 2.6.STABLE20 or 3.0.STABLE5
Received on Wed May 07 2008 - 12:30:02 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:03 MDT