Re: [squid-users] Second ssl website on squid3

Hello all,

Any help on here? kinda have same problem...

Have squid 3.1.9 (same version as vitor matos) serving as a reverse
proxy for all our company web servers. Some of those web servers only
accept secure connections (https) and some only accept http.

All is working as intended, but now i need to add a new https site to
it and i cant put it accessible via rproxy.

Does anyone with a similar setup wanna share his conf file? Or does
anyone know a good site/toturial/"whatever" that can help me with
this....

Regards,

Arestas

On Wed, Jan 22, 2014 at 3:03 PM, Vítor Matos <vhmatos_at_emfa.pt> wrote:
> Hello!
>
> I'm having trouble figuring out how to do solve this.
>
> Right now i'm using squid 3.1.9 as reverse proxy with these configurations left by the old administrator:
>
> This is working for what we want but now i need to do this for a second website (webmail.server1.pt) and can't seem to get it working.
> I can get the target server working with https only(not allowing http traffic) but when i add the reverse proxy (squid3) in the middle, it stops working.
>
> thanks in advance!
>
> squid.conf
>
> visible_hostname www.server1.pt
>
> acl purge method PURGE
> acl CONNECT method CONNECT
> acl SSL method CONNECT
>
> acl CP_HTTP proto HTTP
> acl CP_HTTPS proto HTTPS
>
> cache_peer_access dc2_64 deny !CP_HTTP
> cache_peer_access dc2_64_ssl deny !CP_HTTPS
>
> acl all src all
> acl manager proto cache_object
>
> acl localhost src 127.0.0.1/32 ::1
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
>
> acl server1 dstdomain www.server1.pt
>
> http_access allow all
> acl https port 443
> http_access allow https
>
> acl SSL_ports port 443
> acl Safe_ports port 80
> acl Safe_ports port 21
> acl Safe_ports port 443
>
> http_access allow manager localhost
> http_access deny manager
>
> http_access deny !Safe_ports
>
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access deny all
>
> http_port 80 protocol=http defaultsite=www.server1.pt vhost
> acl regular_acl port 80
> acl http proto http
>
> https_port 443 sslBump protocol=https accel defaultsite=server1.pt cert=/etc/squid3/ssl/server1.crt key=/etc/squid3/ssl/server1.key cafile=/etc/squid3/ssl/CACHAIN.crt
> acl secure_acl port 443
> http_access allow secure_acl
>
> cache_peer 1.1.1.1 parent 80 0 no-query originserver forceddomain= name=www round-robin
> cache_peer_domain www www.server1.pt server1.pt
> cache_peer_access www allow regular_acl
>
> cache_peer 1.1.1.1 parent 443 0 no-query originserver name=wwws originserver ssl sslflags=DONT_VERIFY_PEER
> cache_peer_domain wwws www.server1.pt server1.pt
> cache_peer_access wwws allow secure_acl
>
>
> cache_dir ufs /var/spool/squid3 100 16 256
>
> logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
>
> access_log /var/log/squid3/access_server1.log combined server1
>
>
> logfile_rotate 15
>
> emulate_httpd_log on
>
> coredump_dir /var/spool/squid3
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
>
> refresh_pattern . 0 20% 4320
>
> cache_effective_user proxy
> httpd_suppress_version_string on
>
> cache_effective_group proxy
>
>
>
>
Received on Fri Jan 24 2014 - 10:23:53 MST