Re: [squid-users] Reverse Proxy and SSL... from Henrik Nordstrom on 2008-06-23 (squid-users)

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Mon, 23 Jun 2008 21:30:47 +0200

On mån, 2008-06-23 at 10:44 -0400, Gary Tai wrote:
> Is there any requirement to configure Squid to forward SSL requests
> apart from configuring the appropriate port (typically 443)?

You also need a matching ssl enabled cache_peer if forwarding to port
443 on the web server.

TYpically a setup looks like the following:

acl http protocol http
acl https protocol https

http_port public.ip:80 accel defaultsite=your.main.sitename vhost

acl servergroup_domains dstdomain your.main.sitename other.sitename ...

cache_peer ip.of.web.server parent 80 0 no-query originserver name=servername_http
cache_peer_access servername_http http servergroup_domains

https_port public.ip:443 accel defaultsite=your.main.sitename sslcert=/path/to/main.sitename.pem

cache_peer ip.of.web.server parent 443 0 no-query originserver ssl name=servername_https
cache_peer_access servername_https https servergroup_domains

If you have multiple servers with the same content then the same acl is
used for them all.. (hence the severgroup_ notation above..)

Regards
Henrik

application/pgp-signature attachment: This is a digitally signed message part

Received on Mon Jun 23 2008 - 19:30:53 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 24 2008 - 12:00:08 MDT