On Thu, 19 Aug 2004, Brad Taylor wrote:
I'm trying to setup Squid as a reverse proxy with SSL. I remember seeing a post here that showed the 3 options for SSL reverse proxy but I can't find it now. I would like to test without terminating the SSL at the Squid box.
You can't. To proxy the SSL needs to be terminated.
What you can do if you do not want to terminate the SSL and have it running all the way back to the web server to tunnel the SSL using a simple TCP plug or NAT/Port-forwarded.
Can I have the cert on both the Squid and IIS web server but when I hit the Squid box with https://IP_address_of_squid I get sent to https://IP_address_of_IIS_web_server therefore it is not getting anything from cache.
This is possible with Squid-3 (or Squid-2.5 with SSL update and a bit of tinkering).
But please note that in such configuration the SSL is terminated at the proxy and then a new SSL is opened between the proxy and the web server. In most configurations this second SSL is not really needed but you have the choice.
Squid-2.5 (without SSL update) can only terminate SSL connections, acting as an SSL server. It can not initiate SSL connections.
Regards Henrik
