Search squid archive

Re: [squid-users] https, redirector

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 25 May 2005, Bill Mills-Curran wrote:

I want to add another "backend" web site that uses https.  I've tried
many (too many) different configs, but I can't find the right
combination to make it work.

Squid-2.5 as reverse proxy does not support making HTTPS connections, only accepting https requests via https_port and then forwarding them as plain http requests to the backend.

To make HTTPS connections you need Squid-3.0 (under development) or the SSL update patch to Squid-2.5.

To make https requests with the SSL update you can either

a) forward the requests via a cache_peer defined with the ssl option, with some limitations on connection management..

 b) use a redirector to rewrite the accelerated URL to https://.


In Squid-3.0 you can select that the requests accepted by https_port should be reconstructed as https:// URLs from start, simplifying the matters somewhat. There is also much better support for cache_peer based forwarding in reverse proxies (in fact the default mode in Squid-3 accelerators).


The CONNECT method is not relevant in reverse-proxies. This method is only for clients explicitly configured to use the proxy to open SSL tunnels via the proxy to the requested server (i.e. internal clients trying to go to the Internet).

1.  With just an entry like:

   http_port 10.14.21.32:443

This can not work. This tells Squid that it should accept http request on port 443. I.e. http://10.14.21.32:443/ not https.

To accept https requests from the clients as a reverse proxy you must use https_port.

Regards
Henrik

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux