Re: [squid-users] Squid Cache (Version 3.0.STABLE20) Windows SBS 2008 Reverse Proxy over Https from Amos Jeffries on 2011-01-19 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 20 Jan 2011 00:59:20 +1300

On 19/01/11 21:41, Hakan Cosar wrote:
> Hello,
>
> we are trying to get reverse proxy work for Windows SBS 2008. Active-Sync and OWA works fine on SBS.
> I've exported the certificate from SBS as .pfx and converted it to .pem format. The Domain name remote.sci.de is not public; instead we use the public IP-Address.
> Any idea?
>
>
> Cosar
>
>
>
> --squid.conf----------------------------------------------------------------
> visible_hostname revproxy

Visible hostname is supposed to be the public hostname by which the
public see your proxy machine identified. I would expect it to be
"remote.sci.de" in this case.

> debug_options ALL,1
> extension_methods RPC_IN_DATA RPC_OUT_DATA
>
> https_port 192.168.50.199:443 accel cert=/etc/squid/cert/sbs2008.pem key=/etc/squid/cert/sbs2008.key defaultsite=remote.sci.de
>
> cache_peer 192.168.5.34 parent 443 0 no-query originserver login=PASS front-end-https=on name=exchangeServer
>

You need at minimum to flag "ssl" on the cache_peer line to turn on SSL
encryption on that link.

> acl owa dstdomain remote.sci.de
> cache_peer_access exchangeServer allow owa
> cache_peer_access exchangeServer allow all
> never_direct allow owa
> http_access allow owa
> http_access allow all
> miss_access allow owa
> miss_access allow all
> --squid.conf----------------------------------------------------------------
>
> Cache.log says:
>
> 2011/01/18 16:24:57| Squid Cache (Version 3.0.STABLE20): Exiting normally.
> 2011/01/18 16:24:58| Starting Squid Cache version 3.0.STABLE20 for i386-redhat-linux-gnu...
<snip>
> 2011/01/18 16:24:59| storeLateRelease: released 0 objects
>
> -----BEGIN SSL SESSION PARAMETERS-----
> MFECAQECAgMBBAIAhAQABDAgagjWSe3u/7aXYFMw117Ty+i+g2VyHR1hRYLV/PND
> yxtyiDO7NYN7MVbNoZ+TOw6hBgIETTWxLqIEAgIBLKQCBAA=
> -----END SSL SESSION PARAMETERS-----
> 2011/01/18 16:26:54| TCP connection to 192.168.5.34/443 failed
>

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.10
   Beta testers wanted for 3.2.0.4

Received on Wed Jan 19 2011 - 11:59:27 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 19 2011 - 12:00:03 MST