On Thu, 17 Mar 2005, Martin Burke wrote:
Is the connection now ssl on both sides (from the client to the reverse proxy and then from the reverse proxy to the webserver)?
This is supported by Squid-3, or by Squid-2.5 + ssl update patch. But unless you want to for security reasons there really is no reason to.
For OWA Squid-3 is needed for the originserver cache_peer option. I see from your configuratoin that you use squid-3 so this shuld not be any problem.
My config file is as follows:
visible_hostname testmail.ncmec.org https_port 443 defaultsite=testmail.ncmec.org cert=/etc/squid/webmail.crt key=/etc/squid/webmail.key
cache_peer 172.25.4.51 parent 80 0 no-query originserver front-end-https=auto
The other suggestions I've seen for a config file for this arrangement are:
proxy-only login=PASS
You need the login thing. If not users won't be able to log in..
never_direct allow all
Not strictly needed, but good anyway.
header_access Accept-Encoding deny all
Works around many broken servers..
I've added them one by one, and since putting in login=PASS, I get past the login prompt but am back to the old situation of seeing two frames with no data.
What URLs do the frameset HTML source use for the frames? http:// or https://?
Regards Henrik
