Re: [squid-users] Can squid acted as a application SSL proxy from Amos Jeffries on 2008-11-27 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 28 Nov 2008 16:19:36 +1300

李春 wrote:
> Thanks for you help.
> But I am sorry you may mistook my meaning entirely.
> I do not need the http proxy and cache functionality of squid.
> I just wander that if the squid can receive the client SSL connetion( or packages)
> , decode it and tranfer the data with no SSL to the server as a transparent layer.
> squid using SSL may be like this:
> --------
> http data
> --------
> SSL
> --------
> TCP/IP
> --------
> But I wonder if the squid can act like this
> --------
> my application data
> --------
> SSL
> --------
> TCP/IP
> --------
> Thanks very much.
> yours,
> Pickup.Li
>

You seem to misunderstand the network layering concept.

You want something that connects to clients using HTTPS (HTTP/SSL) and
connects them to your application using plain HTTP?

The name for such configuration is "reverse proxy".
http://wiki.squid-cache.org/SquidFaq/ReverseProxy

Only the front listening port is configured with https_port instead of
http_port.

caching is optional.

The action of wrapping/unwrapping SSL requires proxy of some type,
sometimes called tunnel agents.

Amos

>
>
>
>> Date: Thu, 27 Nov 2008 15:54:08 +0100
>> From: uhlar_at_fantomas.sk
>> To: squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] Can squid acted as a application SSL proxy
>>
>> On 27.11.08 09:45, 李春 wrote:
>>
>> Please configure your mailer to wrap lines below 80 characters per line.
>>
>>> I have a client/server application program and want to add SSL module to
>>> it to secure the data transferring on the network. I wander that if I can
>>> use the squid as a SSL proxy between client and server. The squid will
>>> configurated as a reserve proxy and located in the application server's
>>> environment. The client and squid contact with SSL connection. Just like
>>> this:
>>> <-(no SSL)-- <-(SSL)--
>>> Server Squid client
>>> --(no SSL)-> --(SSL)->
>>>
>>> I know squid can act as web proxy like this using "https_port". But I am curious that if I can make use of squid like this.
>> Yes, that's what https_port is for. Just properly configure squid as reverse
>> proxy.
>>
>> --
>> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
>> Warning: I wish NOT to receive e-mail advertising to this address.
>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>> I wonder how much deeper the ocean would be without sponges.
> _________________________________________________________________
> 新版手机MSN，新功能，新体验！满足您的多彩需求！
> http://mobile.msn.com.cn

-- 
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
  Current Beta Squid 3.1.0.2

Received on Fri Nov 28 2008 - 03:19:41 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 28 2008 - 12:00:04 MST