[squid-users] Need Help adding SSL support in squid.conf for 2 of the 4 domains I am caching

From: Raymond Leonard <rclchamp_at_gmail.com>
Date: Tue, 14 Dec 2010 14:28:06 -0500

Hello all,

I have a working squid.conf that allows me to access im01.cppt.com,
and img02.cppt.com. I have been tasked
to add ssl support so that the content can be accessed via http and https.

Here is my working squid.conf--

------------------------------------------------------------------------------------------------------
http_port 80 accel defaultsite=img01.cppt.com vhost
cache_peer 172.19.23.91 parent 80 0 no-query originserver name=myAccel
cache_peer 172.19.23.92 parent 80 0 no-query originserver name=server_2
cache_peer 172.19.23.95 parent 80 0 no-query originserver name=myAccel_bu
cache_peer 172.19.23.12 parent 80 0 no-query originserver name=server_2_bu

acl all src 0.0.0.0/0.0.0.0
acl our_sites dstdomain img01.cppt.com
acl sites_server_2 dstdomain img02.cppt.com
acl our_sites3 dstdomain image1.emktg.com
acl our_sites4 dstdomain image2.emktg.com

http_access allow our_sites
http_access allow sites_server_2
http_access allow our_sites3
http_access allow our_sites4

cache_peer_access myAccel allow our_sites
cache_peer_access myAccel_bu allow our_sites
cache_peer_access server_2 allow sites_server_2
cache_peer_access server_2 allow our_sites3
cache_peer_access server_2 allow our_sites4
cache_peer_access server_2_bu allow sites_server_2
cache_peer_access server_2_bu allow our_sites3
cache_peer_access server_2_bu allow our_sites4
-----------------------------------------------------------------------------

I have created the wild card certificate on the squid server. Just was wondering
if someone could help with my new squid.conf file to accomplish this.
Here is what I have done thus far--

---------------------------

https_port 443 cert=/usr/newrprgate/CertAuth/testcert.cert
key=/usr/newrprgate/CertAuth/testkey.pem default
defaultsite=img01.cppt.com vhost

cache_peer 172.19.23.91 parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=myAccelsecure
cache_peer 172.19.23.92 parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=server_2secure

cache_peer 172.19.23.91 parent 80 0 no-query originserver name=myAccel
cache_peer 172.19.23.92 parent 80 0 no-query originserver name=server_2
cache_peer 172.19.23.95 parent 80 0 no-query originserver name=myAccel_bu
cache_peer 172.19.23.12 parent 80 0 no-query originserver name=server_2_bu

acl all src 0.0.0.0/0.0.0.0
acl our_sitessecure dstdomain img01.cppt.com
acl sites_server_2secure dstdomain img02.cppt.com
acl our_sites dstdomain img01.cppt.com
acl sites_server_2 dstdomain img02.cppt.com
acl our_sites3 dstdomain image.emktg.com
acl our_sites4 dstdomain image4.emktg.com

http_access allow our_sitessecure
http_access allow sites_server_2secure

http_access allow our_sites
http_access allow sites_server_2
http_access allow our_sites3
http_access allow our_sites4

cache_peer_access myAccelsecure allow our_sitesecure
cache_peer_access server_2secure allow sites_server_2secure

cache_peer_access myAccel allow our_sites
cache_peer_access myAccel_bu allow our_sites
cache_peer_access server_2 allow sites_server_2
cache_peer_access server_2 allow our_sites3
cache_peer_access server_2 allow our_sites4
cache_peer_access server_2_bu allow sites_server_2
cache_peer_access server_2_bu allow our_sites3
cache_peer_access server_2_bu allow our_sites4
-----------------------------------------------------

Any help is much appreciated. Thanks for looking!
Received on Tue Dec 14 2010 - 19:28:13 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 15 2010 - 12:00:03 MST