Search squid archive

Is "https_port" required for transparent (reverse) proxying?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Squid Cache: Version 2.5.STABLE11
configure options: --host=i386-redhat-linux --build=i386-redhat-linux --target=i386-redhat-linux-gnu --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --exec_prefix=/usr --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid--enable-poll --enable-snmp --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,ufs --enable-ssl --with-openssl=/usr/kerberos --enable-delay-pools
                           --enable-linux-netfilter --with-pthreads
--enable-basic-auth-helpers=LDAP,NCSA,PAM,SMB,SASL,MSNT
                           --enable-ntlm-auth-helpers=SMB,winbind
--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group,winbind_group

https_port config file line definition:

  https_port 209.202.99.178:443 cert=/etc/squid/webmail.pem

When I enable the above line in my configuration file squid fails to start. In the /var/log/messages I get:

Nov 30 17:28:14 proxy1 squid[3818]: Squid Parent: child process 3820 exited with status 0
Nov 30 17:28:24 proxy1 squid[5338]: Squid Parent: child process 5340 started
Nov 30 17:28:24 proxy1 (squid): Failed to acquire SSL private key: error:0906D06C:PEM routines:PEM_read_bio:no start line Nov 30 17:28:24 proxy1 squid[5338]: Squid Parent: child process 5340 exited due to signal 6
Nov 30 17:28:27 proxy1 squid[5338]: Squid Parent: child process 5389 started
Nov 30 17:28:28 proxy1 (squid): Failed to acquire SSL private key: error:0906D06C:PEM routines:PEM_read_bio:no start line Nov 30 17:28:28 proxy1 squid[5338]: Squid Parent: child process 5389 exited due to signal 6
Nov 30 17:28:31 proxy1 squid[5338]: Squid Parent: child process 5437 started
Nov 30 17:28:32 proxy1 (squid): Failed to acquire SSL private key: error:0906D06C:PEM routines:PEM_read_bio:no start line Nov 30 17:28:32 proxy1 squid[5338]: Squid Parent: child process 5437 exited due to signal 6
Nov 30 17:28:35 proxy1 squid[5338]: Squid Parent: child process 5483 started
Nov 30 17:28:35 proxy1 (squid): Failed to acquire SSL private key: error:0906D06C:PEM routines:PEM_read_bio:no start line Nov 30 17:28:35 proxy1 squid[5338]: Squid Parent: child process 5483 exited due to signal 6
Nov 30 17:28:38 proxy1 squid[5338]: Squid Parent: child process 5530 started
Nov 30 17:28:39 proxy1 (squid): Failed to acquire SSL private key: error:0906D06C:PEM routines:PEM_read_bio:no start line Nov 30 17:28:39 proxy1 squid[5338]: Squid Parent: child process 5530 exited due to signal 6 Nov 30 17:28:39 proxy1 squid[5338]: Exiting due to repeated, frequent failures

From the default squid.conf file (the one with the documentation comments), I noticed this:

#  TAG: https_port
#Usage:  [ip:]port cert=certificate.pem [key=key.pem] [options...]
#
#The socket address where Squid will listen for HTTPS client
#        requests.
#
#        This is really only useful for situations where you are running
#        squid in accelerator mode and you want to do the SSL work at the
#        accelerator level.
#
#       You may specify multiple socket addresses on multiple lines,
#       each with their own SSL certificate and/or options.

The remark about "This is really only useful for situations where you are running squid in accelerator mode and you want to do the SSL work at the accelerator level." makes me question whether I need an "https_port" directive.

So do I need "https_port" for transparent (reverse) proxying in 2.5 STABLE 11?

If yes, then how do I approach resolving the errors I am getting?

Thanks.

Tim

--
-----------------------------------------------------------
Timothy E. Neto
Computer Systems Engineer         Komatsu Canada Limited
Ph#: 905-625-6292 x265            1725B Sismet Road
Fax: 905-625-6348                 Mississauga, Canada
E-Mail: tneto@xxxxxxxxxx          L4W 1P9
-----------------------------------------------------------



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux