RE: [squid-users] Reverse proxy, SSL cert for each cache peer

From: Nick Duda <nduda_at_VistaPrint.com>
Date: Tue, 10 Nov 2009 09:43:42 -0500

Ok, let me rephrase my question, can someone help me out with my config then? Is this correct?

http_port 80 accel vhost
https_port 443 accel vhost cert=/path/to/cert1.pem key=/path/to//server1.key

cache_peer www1.server.com parent 80 0 no-query originserver name=www1_http
cache_peer www2.server.com parent 443 0 no-query originserver ssl name=www2_ssl sslflags=DONT_VERIFY_PEER cert=/path/to/cert2.pem key=/path/to/server2.key
cache_peer www3.server.com parent 443 0 no-query originserver ssl name=ww3_ssl sslflags=DONT_VERIFY_PEER cert=/path/to/cert3.pem key=/path/to/server3.key

acl acl_www1http dstdomain www1.server.com
acl acl_www2ssl dstdomain www2.server.com
acl acl_www3ssl dstdomain www3.server.com

cache_peer_access defaultwww allow acl_www1http
cache_peer_access ssl2 allow acl_www2ssl
cache_peer_access ssl3 allow acl_www3ssl

http_access allow acl_www1http
http_access allow acl_www2ssl
http_access allow acl_www3ssl
http_access deny all




-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Monday, November 09, 2009 5:45 PM
To: Nick Duda
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Reverse proxy, SSL cert for each cache peer

On Mon, 9 Nov 2009 13:41:42 -0500, Nick Duda <nduda_at_VistaPrint.com> wrote:
> Can someone point me to how I can setup squid, to listen on port 443 and
> depending on the URL being asked, to use a certain cache peer with a
> certain SSL cert? I've been doing this for just one cache peer, using by
> just using the cert= key= options on the https_port directive. Can they
be
> used on the cache_peer also?
>
> - Nick

Yes.
http://www.squid-cache.org/Doc/config/cache_peer

... and the config examples in the wiki.

Amos
Received on Tue Nov 10 2009 - 14:43:54 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 11 2009 - 12:00:03 MST