Re: [squid-users] Squid 2.6 and https_port

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 05 Dec 2013 21:12:27 +1300

On 4/12/2013 9:19 p.m., Gianluigi Ruggeri wrote:
> Hi,
>
> thanks for your reply.
> I'm confused...I use squid as a web cache in front of my Apache web
> server and I want that the user does not notice the presence of this
> (the user connects to myHost.com and will not know if there will be
> Squid). I understood that this configuration is transparent-proxy.
>

No. That network design is reverse-proxy.

Whether the users can notice it or not does not matter. It is the
official public portal to your website.

> It is correct for my purpose? What is it exactly forward proxy or
> reverse-proxy? Are these typologies simil to my necessary
> configuration?

Forward-proxy is a proxy run by ISP. Caching the users access to lots of
different websites to speed up their.

Reverse-proxy is a proxy run as CDN sitting in front of a web server.
For caching and reducing the load on the web server such that it can
service many more visitors at once.

Does that help carify?

To change your config to reverse-proxy:

1) use the "accel" option on yoru https_port and https_port lines
instead of "transparent".

2) configure cache_peer lines in squid.conf pointing at the Apache.

3) point your website DNS records at the proxy IP instead of the Apache IP.

NP: you can either use the same cert on apache and Squid, or a
self-signed certificate on Apache. So long as Squid trusts the CA used
to sign the Apache cert it does not matter.
 Your sites official public cert should be used on the Squid https_port
either way.

There are some example configurations at
http://wiki.squid-cache.org/ConfigExamples/#Reverse_Proxy_.28Acceleration.29

Amos
Received on Thu Dec 05 2013 - 08:12:33 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 05 2013 - 12:00:04 MST