RE: [squid-users] SSL and Reverse Proxy

Tue, 24 Aug 2004 15:24:48 -0700 

-----Original Message-----
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 24, 2004 5:52 PM
To: Brad Taylor
Cc: Henrik Nordstrom; Chris Perreault; [EMAIL PROTECTED]
Subject: RE: [squid-users] SSL and Reverse Proxy

On Tue, 24 Aug 2004, Brad Taylor wrote:

> I updated my Squid install with the SSL update.
> I'm still having trouble getting this to work.  Here is what I have.
>
> http_port 80
> httpd_accel_host 192.168.60.100 (SSL web server)

 This should be the public domain name.

-- I'm using it for testing.  Will it work OK for testing?


> httpd_accel_port 80  the web site at the page will redirect the SSL to
> port 443

This should most likely be 443, or virtual.


-- If it is changed to 0 (virtual)  I get:

While trying to retrieve the URL: http://192.168.60.100:0/ 
The following error was encountered: 
Invalid URL

> httpd_accel_single host on
> httpd_accel_with_proxy on

a bit dangerous, but ok.

-- will "httpd_accel_with_proxy off" still use reverse cache? I only
want squid to cache the accelerated web site.

> httpd_accel_uses_host_header off

ok.

> https_port 433 cert=/path/cert.pem

ok.

> sslproxy_client_certifacate /path/cert.pem

why this? Does your web server require a the use of a client certificate

to access the server?

-- Yes, client has to use https.

> http_access allow all

very dangerous.

-- Only doing this for testing, I'll tighten it up when everything is
working.

> Even though I use the IP address of squid I'm sent to the origin
server
> (192.168.60.100)

Most likely you web server redirects the user back to 192.168.60.100.

--  Why?  Everything looks to be setup correctly, right? I've seen
cach_peer talked about with SSL.  Is that only for multiple Squid boxes?
 

"log_mime_hdrs on", and study access logs of both Squid and you web 
servers.

1093381355.430     21 192.168.60.154 TCP_MISS/302 492 GET
http://192.168.60.100/ - DIRECT/192.168.60.100 text/html
1093381374.291    263 192.168.60.154 TCP_MISS/302 425 GET
http://192.168.60.100/ - DIRECT/192.168.60.100 text/html
1093381384.850      7 192.168.60.154 TCP_MISS/302 492 GET
http://192.168.60.100/ - DIRECT/192.168.60.100 text/html
1093381406.227     11 192.168.60.154 TCP_MISS/302 425 GET
http://192.168.60.100/ - DIRECT/192.168.60.100 text/html
1093381423.622    444 192.168.60.154 TCP_MISS/302 425 GET
http://192.168.60.100/ - DIRECT/192.168.60.100 text/html


Regards
Henrik

Reply via email to