Hi Amos,
Thank you for your response.
The following is is my configuration:
http_port 80 accel defaultsite=www.abc.com
cache_peer 202.x.x.x parent 80 0 no-query originserver name=myAccel
acl our_sites dstdomain www.abc.com
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all
acl HTTPS proto HTTPS
deny_info http://www.efg.com/ HTTPS
http_access deny HTTPS
cache_peer 75.x.x.x parent 80 0 no-query originserver name=myserver1
acl sites_myserver1 dstdomain www.efg.com
I change my host file in window and connect to http://www.efg.com is
no problem and can see the log in /var/log/squid3/access.log.
But when i click one of the icon in this site is involved https, no
response and I can see any a hit in the log.
I know i can use https_port 443 to add the cert in squid. But I want
to config this squid server to serve different customers as a cache
server and their dns porint to this server. What I want to do is:
1. Cache the http service for different site ( now is OK)
2. if this site involve https service, let the traffice redirect to
the original web server ( no solution now).
3. if https_port can support multiple cert for different sites. cache
the https sites. (no solution now).
Hope you can help.
Regards,
Gary
2011/5/1 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 01/05/11 15:41, Gary K wrote:
>>
>> Hi Amos,
>>
>> Thank you for your reply!
>> Any method when received http go to squid cache, when received https
>> redirect to web server directly?
>>
>
> Multiple concepts clash in your statement...
> "squid cache" -> storage component of Squid
> "redirect" -> HTTP 301, 302, 303 or 307 message
> "web server direct" -> use global DNS to locate web service
>
>
> The config I gave you earlier prevents Squid proxy using Squid cache
> component to service the HTTPS requests.
>
>
> Reverse proxy HTTPS can redirect to web server HTTP with:
> acl HTTPS proto HTTPS
> deny_info http://example.com/ HTTPS
> http_access deny HTTPS
>
>
> Making Squid reverse proxy go direct to web servers instead of using
> cache_peer is unsafe. Normal reverse proxy configuration has cache_peer
> entires to pass the requests to web servers without using global DNS.
>
>
>
> Reading between the lines I suspect you mean passing HTTP traffic to Squid
> and HTTPS not to Squid?
>
> Reverse proxy has gobal DNS pointing a whole domain at Squid IP. You can:
> (at DNS level) configure with a different domain
> (ie http://www.example.com/ and https://ssl.example.com/)
> OR
> (at packet level) forward/route port 443 from Squid box to the web server
> box instead of configuring squid https_port.
> OR
> (at service level) have Squid listening on port 80 and web server on port
> 443 on the Squid box.
>
>
> Any of this helpful?
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.12
> Beta testers wanted for 3.2.0.7 and 3.1.12.1
>
Received on Sun May 01 2011 - 15:22:35 MDT
This archive was generated by hypermail 2.2.0 : Mon May 02 2011 - 12:00:02 MDT