On 14/02/11 22:28, Javier wrote:
>
> Hello,
>
> i need to put site1 and site2 in ssl mode. (the sites work fine internaly
> whith https://) through Reverse proxy.
>
> here, the actual .conf:
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32 ::1
> acl to_localhost dst ip_of_DMZ/24
> acl valid_dst dstdomain .domain1.com
> acl valid_dst2 dstdomain .domain2.com
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager
>
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow to_localhost
>
> http_access allow localhost
> http_access allow valid_dst
> http_access allow valid_dst2
>
> http_access deny all
>
> http_port 80 vhost
>
> .....
>
> cache_peer ip_of_site1 parent 80 0 no-query originserver name=site1
> cache_peer_domain site1 site1.domain1.com
>
> cache_peer ip_of_site2 parent 80 0 no-query originserver name=site2
> cache_peer_domain site2 site2.domain2.com
>
> cache_peer ip_of_site_3 parent 80 0 no-query originserver name=site2
> cache_peer_domain site3 site3.domain2.com
>
> ....
>
> that change has to do to squid3 for site1 and site2 work on https?
To accept https:// you need to add an https_port on 443 with the public
SSL certificates for the domain.
To make the squid3 -> origin links use SSL update their cache_peer port
number and "ssl" flag.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.5Received on Mon Feb 14 2011 - 10:32:12 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 14 2011 - 12:00:01 MST