[squid-users] Reverse Proxy multiple sites with basic auth from P K on 2013-11-22 (squid-users)

From: P K <getpkme_at_gmail.com>
Date: Fri, 22 Nov 2013 10:16:35 +0000

Hi,

I can't get the reverse proxy to work properly. Basically I want squid
to serve as reverse proxy to two of my domains - x.example.com and
y.example.com. I also want squid to perform basic authentication
against my own radius server which should be common for both the
sites. I mean I want users to authenticate once and it should work for
both x.example.com and y.example.com. Here's my config:

auth_param basic program /path/to/basic_radius_auth -f
/path/to/squid_rad_auth.conf
auth_param basic children 5
auth_param basic realm PRIVATE
auth_param basic credentialsttl 4 hours
auth_param basic casesensitive on

https_port 443 cert=/path/to/x_domain_com.pem
key=/path/to/x_domain_com.pem accel

cache_peer 1.1.1.X parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=x_domain_com
cache_peer 1.1.1.Y parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=y_domain_com

acl sites_server_x_domain_com dstdomain x.domain.com
acl sites_server_y_domain_com dstdomain y.domain.com
acl radius-auth proxy_auth REQUIRED

cache_peer_access x_domain_com allow sites_server_x_domain_com
cache_peer_access y_domain_com allow sites_server_y_domain_com
cache_peer_access x_domain_com deny all
cache_peer_access y_domain_com deny all

http_access allow radius-auth
http_access allow sites_server_x_domain_com
http_access allow sites_server_y_domain_com

...<snip> ...

With this config:

1. I launch https://x.domain.com on a browser. It prompts for
user/pass. I enter it and then it prompts again. I enter it and then
it lets me in. Not sure why this is happening. Is it because the
target site has IPTables NAT from 443 to 6443? If so how can I get
around that?

2. I launch https://x.domain.com and authenticate. It lets me in. Now
I change the URL on the same browser to https://y.domain.com. It asks
for authentication again. Why? How can I get around this?

PS: I know it is not possible to virtual host SSL and I need a wild
card cert. But I don;t care if I get a certificate warning with
y.domain.com.

Please could someone have a look and tell me what I'm doing wrong?

Thanks.
Received on Fri Nov 22 2013 - 10:16:47 MST

This archive was generated by hypermail 2.2.0 : Sat Nov 23 2013 - 12:00:04 MST