On ons, 2008-10-15 at 16:42 -0400, Todd Lainhart wrote:
> I've looked in the archives, site, and Squid book, but I can't find
> the answer to what I'm looking to do. I suspect that it's not
> supported.
It is.
> My origin server accepts Basic auth over SSL (non-negotiable). I'd
> like to stick a reverse proxy/surrogate in front of it for
> caching/acceleration, and have it accept non-SSL connections w/ Basic
> auth, directing those requests as https to the origin. The origin's
> responses will be cached, to be used in subsequent GETs to the proxy.
> Both machines are in a closed IP environment. Both use the same
> authentication mechanism.
The basic setup is a plain reverse proxy.
http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-7fa129a6528d9a5c914f8dd5671668173e39e341
As the backend runs https you need to adjust the cache_peer line a bit
to enable ssl (port 443, and the ssl option).
When authentication is used you also need to tell Squid to trust the web
server with auth credentials
http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-c59962b21bb8e2a437beb149bcce3190ee1c03fd
> I see that Squid 3.0 has an "ssl-bump" option, but I don't think that
> does what I described. If it does, that's cool - I can change the
> requirement of the proxy to accept Basic/SSL.
sslbump is a different thing. Not needed for what you describe.
But you may need to use https:// to the reverse proxy as well. This is
done by using https_port instead of http_port (and requires a suitable
certificate).
Regards
Henrik
This archive was generated by hypermail 2.2.0 : Thu Oct 16 2008 - 12:00:04 MDT