RE: [squid-users] Reverse proxy, SSL cert for each cache peer

From: Nick Duda <nduda_at_VistaPrint.com>
Date: Wed, 11 Nov 2009 09:35:16 -0500

I fixed it, and its working, but I have one issue. It's always using the cert associated with the https_port directive, even when I get a match on the correct cache peer using another cert.

- Nick




-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Tuesday, November 10, 2009 5:14 PM
To: squid-users_at_squid-cache.org
Subject: RE: [squid-users] Reverse proxy, SSL cert for each cache peer

On Tue, 10 Nov 2009 09:43:42 -0500, Nick Duda <nduda_at_VistaPrint.com>
wrote:
> Ok, let me rephrase my question, can someone help me out with my config
> then? Is this correct?
>
> http_port 80 accel vhost
> https_port 443 accel vhost cert=/path/to/cert1.pem
> key=/path/to//server1.key
>
> cache_peer www1.server.com parent 80 0 no-query originserver
name=www1_http
> cache_peer www2.server.com parent 443 0 no-query originserver ssl
> name=www2_ssl sslflags=DONT_VERIFY_PEER cert=/path/to/cert2.pem
> key=/path/to/server2.key
> cache_peer www3.server.com parent 443 0 no-query originserver ssl
> name=ww3_ssl sslflags=DONT_VERIFY_PEER cert=/path/to/cert3.pem
> key=/path/to/server3.key
>
> acl acl_www1http dstdomain www1.server.com
> acl acl_www2ssl dstdomain www2.server.com
> acl acl_www3ssl dstdomain www3.server.com
>
> cache_peer_access defaultwww allow acl_www1http
> cache_peer_access ssl2 allow acl_www2ssl
> cache_peer_access ssl3 allow acl_www3ssl

The cache_peer names above don't match the ones used in cache_peer
name=XX.

Other than that is looks right to me.

Amos

>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Monday, November 09, 2009 5:45 PM
> To: Nick Duda
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Reverse proxy, SSL cert for each cache peer
>
> On Mon, 9 Nov 2009 13:41:42 -0500, Nick Duda <nduda_at_VistaPrint.com>
wrote:
>> Can someone point me to how I can setup squid, to listen on port 443
and
>> depending on the URL being asked, to use a certain cache peer with a
>> certain SSL cert? I've been doing this for just one cache peer, using
by
>> just using the cert= key= options on the https_port directive. Can they
> be
>> used on the cache_peer also?
>>
>> - Nick
>
> Yes.
> http://www.squid-cache.org/Doc/config/cache_peer
>
> ... and the config examples in the wiki.
>
> Amos
Received on Wed Nov 11 2009 - 14:35:31 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 12 2009 - 12:00:03 MST