Okay, I'll just start over. First of all, I should never have used the term "redirect" That is more of a firewall term, and it should have been left out. All I want to do is reverse-proxy SSL connections, hopefully several of them. Each time you set up one of these connections, you have to add in a line similar to below into squid.conf: "https_port 443 cert=/path/to/cert.cert key=/path/to/key.key accel your.site.name protocol http" This will reverse-proxy any request for "your.site.name" from what I understand. But that is just one site. Suppose I have another site that I want available for SSL? Could I just add another line similar to the above, but for the second, third or more sites? Okay here's the second question. The above line is an example of how to reverse-proxy from SSL to http, or port 443, to port 80 right? Now, suppose I want to reverse-proxy several SSL connections, similar to above, but instead of changing from SSL to http, (443 -> 80 as above) I am reverse-proxying straight SSL (443 -> 443). Is this possible for multiple sites? If it is, is there some way that I could make it so I would not need a certificate on the firewall for each connection and just have the backend server handle certificate requests? Lastly, I found information on the internet about how to create your own certificates, but nothing about how to import them from somewhere else. Anyone know of any tutorials that deal with this? Thanks, Mark > -----Original Message----- > From: Matus UHLAR - fantomas [mailto:uhlar@xxxxxxxxxxx] > Sent: Monday, May 23, 2005 2:55 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: [squid-users] SSL redirect questions > > > On 22.05 12:35, Discussion Lists wrote: > > I have some general questions about reverse-proxying SSL. > > > > 1. What is the best way to do it using Squid: > > a. Do a straight redirect from port 443 to port 443 > from server to > > server with no certificate presented from the firewall, but rather > > from the server that the connection is redirected to (is this even > > possible with Squid?). > > b. Redirect port 443 to port 80 on the destination > server(s), and use > > the firewall to present each of the certificates. > > Are you talking about reverse-proxying or redirecting? > when reverse proxying, you do not redirect anything. If > redirecting, you do not care about certificates. > > what I understand under "reverse ssl proxy" is that squid > listens for SSL requests on port 443 and forwards plain HTTP > requests to HTTP server. > > There is of course possibility to forward https requests with > different key/certificate, but It has meaning only in some > special cases. > > > 2. If the answer is B, I have several backend SSL servers, all of > > which I want to redirect connections to. > > why? Why do you want push one level of servers before backends? > > > This is an aspect of proxying/reverse-proxying where my > knowledge is > > weak, maybe some of you have some suggestions. > > I do not understand why do you need reverse proxying at all... > -- > Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu > postu. Your mouse has moved. Windows NT will now restart for > changes to take to take effect. [OK] >
