On 11/02/11 09:00, Sri Rao wrote:
> Hi,
>
> I am trying to setup squid as a ssl proxy to load balance btwn
> reverse-proxies. I believe the config is right but what is happening
What you have setup is a forward proxy load balancer which only permits
management and binary-over-HTTP tunneled traffic from its localhost
machine IP.
> is that squid gets the CONNECT request and connects to the reverse
> servers on the right port but forwards the CONNECT request instead of
> connecting to them as the originserver. I am pasting the config as it
> is right now. I am using localhost as test reverse proxies just for
> testing. It Also doesn't seem to be failing to the next peer when the
> first one it selects either returns an error(http error code or
> connection failure) and I have retry_on_error.
This would be an artifact of the special handling CONNECT requests have.
Your goal of having an SSL proxy directly opposes the use of CONNECT.
Since CONNECT is a binary-over-HTTP tunnel.
I suggest going back to your first stated criteria "setup squid as a ssl
proxy" and getting that going.
This means using the https_port directive (NOT the http_port!!). With a
server SSL certificate. Squid will then be an SSL proxy.
* Problem 2 is then how to get browsers etc to send traffic to it.
Since your third criteria is to pass traffic to reverse proxies it
implies that this is to be a front-end reverse-proxy itself.
If that is correct, then setup the https_port with the reverse-proxy
accel options. And do a standard reverse-proxy to two backends
configuration.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.4Received on Fri Feb 11 2011 - 03:44:00 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 11 2011 - 12:00:03 MST