Hi Simon, I am just sharing my config which i have done it for my SSL Reverse Proxy for one of the site which is hosted on port 80 , One more thing is i am runni ng squid with -D option whcih tells squid not use DNS for name resolution , at the same time i am making the entries in /ets/hosts file for the site .
https_port 443 cert=/Path to Certificate/testcert.cert key=/Path to Key/testkey.pem defaultsite=mywebsite.mydomain.com vhost cache_peer 10.112.62.20 parent 80 0 no-query originserver login=PASS name=websiteA.mydomain.com acl sites_server_1 dstdomain websiteA.mydomain.com cache_peer_access websiteA.mydomain.com allow sites_server_1 cache_peer 10.112.143.112 parent 80 0 no-query originserver login=PASS name=mywebsite.mydomain.com acl sites_server_2 dstdomain mywebsite.mydomain.com cache_peer_access mywebsite.mydomain.com allow sites_server_2 acl webserver dst 10.112.62.20 10.112.143.112 http_access allow webserver http_access allow all miss_access allow webserver miss_access deny all http_access allow manager localhost http_access deny manager http_access deny all In the above config i am hosting 2 website which is running in my LAN to publish outside using SSL proxy . Also in /etc/hosts i am making 2 entries for this 10.112.62.20 websiteA.mydomain.com websiteA 10.112.143.112 wywebsite.mydomain.com mywebsite Let me know if you need any other help . Regards, Sudhir Gupta On 10/11/07, Dwyer, Simon <[EMAIL PROTECTED]> wrote: > Ok I have worked out the first issue which was a firewall rule issue. > > The http version is working fine now but the https one is still having > issues. This is what I am getting when browsing to it. > > ERROR > The requested URL could not be retrieved > > While trying to retrieve the URL: https://<website> / > > The following error was encountered: > > * Unable to forward this request at this time. > > This request could not be forwarded to the origin server or to any parent > caches. The most likely cause for this error is that: > > * The cache administrator does not allow this cache to make direct > connections to origin servers, and > * All configured parent caches are currently unreachable. > > Your cache administrator is [EMAIL PROTECTED] > Generated Thu, 11 Oct 2007 05:21:58 GMT by <proxy>.federalit.net > (squid/2.6.STABLE10) > > > > -----Original Message----- > From: Dwyer, Simon > Sent: Thursday, 11 October 2007 4:13 PM > To: '[email protected]' > Subject: [squid-users] SSL Reverse Proxy > > Hi everyone, > > First time doing this so if I mess it up don't flame too much ☺ > > I have an internal web server that needs to be reached from the outside > world. > > | Internal web server | <--> | Firewall | <--> | Squid Proxy | <--> | > Firewall | <--> Internet > > Between the web server and the proxy it will be standard http but from the > proxy to the internet it will be https. I have purchased a cert for the > domain used and generated all the stuff needed on the squid server for that > using openssl. > > I think these are the two relevant lines in my config. > > https_port 443 accel cert=/<path to cert>/cert.crt key=/<path to > key>/key.key defaultsite=<website> vhost > > cache_peer reports2.federalit.net parent 2002 0 no-query originserver > name=reports.federalit.net > > I know 2002 is a funny port but that's what the windows people have this > site running on. > > I also added the line > > http_port 80 accel defaultsite=reports.federalit.net vhost > > to see if I could get it working over just HTTP but that does the same > thing. > > It just sits there and times out very slowly... > > Any ideas would be great, > > Cheers, > > Simon Dwyer > Technology Services Group >
