[squid-users] reverse proxy redirect from http to https from Osmany Goderich on 2012-08-17 (squid-users)

From: Osmany Goderich <osmany_at_es.quimefa.cu>
Date: Fri, 17 Aug 2012 08:04:39 -0400

Greetings,

I am trying to configure my reverse proxy so that serves specific
sites through https. the web server behind this proxy is configured to
listen on both por 80 and 443, the later with its corresponding self
signed certificate and works perfectly as I've already tested it from
a client in the network. but when I test from a client outsited the
network I have to go through my reverse proxy. When I make a request
of the site from http protocol it kicks in an endless loop and finally
the browser just tells me that the site isn't directing properly. In
my access.log I get this

TCP_DENIED/302 324 GET http://webmail.xxx.xx/ - NONE/- text/html
1345131977.839 104 89.248.172.226 TCP_MISS/302 491 GET
https://webmail.xxx.xx/ - FIRST_UP_PARENT/webmail-ssl text/html
1345131981.497 1 89.248.172.226 TCP_DENIED/302 324 GET
http://webmail.xxx.xx/login.php - NONE/- text/html
1345131984.170 97 89.248.172.226 TCP_MISS/302 491 GET
https://webmail.xxx.xx/ - FIRST_UP_PARENT/webmail-ssl text/html
1345131988.055 1 89.248.172.226 TCP_DENIED/302 324 GET
http://webmail.xxx.xx/login.php - NONE/- text/html
1345131990.507 55 89.248.172.226 TCP_MISS/302 491 GET
https://webmail.xxx.xx/ - FIRST_UP_PARENT/webmail-ssl text/html
1345131993.606 1 89.248.172.226 TCP_DENIED/302 324 GET
http://webmail.xxx.xx/login.php - NONE/- text/html
1345131998.211 136 89.248.172.226 TCP_MISS/302 491 GET
https://webmail.xxx.xx/ - FIRST_UP_PARENT/webmail-ssl text/html

I really don't know what I'm missing and I would like some help on
this. This is what I have in my squid.conf right now. I just posted
the relevant parameters the rest is pretty much with default values:

#TAG: http_port
http_port 80 accel vhost
https_port 443 cert=/usr/local/newrprgate/CertAuth/testcert.cert
key=/usr/local/newrprgate/CertAuth/testkey.pem version=3 vhost
protocol=https

# TAG: cache_peer
cache_peer 10.25.x.x parent 80 0 no-query originserver name=webmail-http
acl sitio5 dstdomain webmail.xxx.xx
acl https port 443
cache_peer_access webmail-http allow sitio5
http_access allow sitio5 https

cache_peer 10.25.x.x parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER front-end-https=on name=webmail-ssl
acl sitio7 dstdomain webmail.xxx.xx
acl https port 443
cache_peer_access webmail-ssl allow sitio7
http_access allow sitio7 https

acl site1 dstdomain webmail.xxx.xx
deny_info https://webmail.xxx.xx/ site1

acl port80 proto http
http_access deny port80 site1

http_access deny all

Please help. thanks in advance,

Osmany
Received on Fri Aug 17 2012 - 12:03:26 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 17 2012 - 12:00:09 MDT