Re: [squid-users] problem to configure reverse proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 15 Apr 2011 16:13:56 +1200

On 14/04/11 22:28, Pascal Bourdais wrote:
> Le Fri, 25 Mar 2011 22:44:54 +1300,
> Amos Jeffries<squid3_at_treenet.co.nz> a écrit :
>
> Hi,
>
> Thank you for your answer, and sorry for the very late answer, i've
> been out for a very long time.
>
>> On 25/03/11 22:09, Pascal Bourdais wrote:
>
>>
>>> I follow the doc at :
>>> http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
>>> but it give 1 certificate for 2 sites, and thus the certificat is not
>>> valid when i access the sites.
>>
>> The point of using a wildcard is that is *is* valid for more than one
>> domain. It says to the client that it is valid for all *.example.com
>> domains hosted by that server.
>>
>> If they are not sub-domains then you will need a chained certificate
>> (X.509 aliases), or a separate port for each HTTPS receiving domain.
>
> They are all differents domain, i look for this later.
> I have the site I want working, the https for the others are still with
> apache.
>
> All the wrap are done by my mua. And I correct my config as you suggest.
>
> Is there a way to let them as this, and just let squid act as a switch
> between several https sites ?

Only if the certificate can match them all at once. Which I think is not
usually possible in one certificate for many domains. Squid does not
(yet) have dynamic certificates on its reverse-proxy https_port.
  In theory there is nothing preventing it. Just nobody has coded it.

For now the best way is to allocate each a unique IP and configure Squid
with several https_port $ip:443 entries.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.6
Received on Fri Apr 15 2011 - 04:14:01 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 15 2011 - 12:00:03 MDT