Heres my cache_peer line.. cache_peer www.servername.com.au parent 443 443 ssl originserver Currently the world DNS points at 1.1.1.1 and the cache proxy is on 2.2.2.2 Ive manually changed a workstation hosts file to point at 2.2.2.2 for that domain name. I can https access the server so I think the https_port is right. Here it is... https_port 443 cert=/usr/local/squid/etc/server.cert.pem key=/usr/local/squid/etc/server.key.pem vhost So, what I think will happen is the squid 3.0PRE3 will look at the headers and decide to use the cache_peer line based on the server name. is that correct ? What im after is a way to transparently put this accelerated server inside my network (possibly by port redirection, or by DNSing the cache and giving it overriding hosts entries on the cache box to know about the real server) As per your request, heres the access log... 192.168.1.177 - - [16/Jun/2006 11:36:51] "GET https://www.servername.com.au/ HTTP/1.1" 503 2776 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4" TCP_MISS:TIMEOUT_NONE I also have 2006/06/16 11:36:51| fwdNegotiateSSL: Error negotiating SSL connection on FD 14: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1) 2006/06/16 11:36:51| TCP connection to www.servername.com.au/443 failed In the stdout for squid (running in non daemon mode) Thanks. -- Kevin Withnall ILB Computing PH: 02 4227 0001 Mobile: 0412 453 846 FAX: 02 4227 0081 http://kevin.withnall.com/ > -----Original Message----- > From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] > Sent: Sunday, 11 June 2006 10:00 PM > To: Kevin Withnall > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Squid 3.0 PRE3 in accellerator mode > > sön 2006-06-11 klockan 11:50 +1000 skrev Kevin Withnall: > > > Ive setup squid 3.0 PRE3 to accelerate them and can connect > to the squid > > proxy on https and I have it looking at the vhost headers > to talk to the > > back end servers. > > > > What doesn't seem to be working is the https connection to > the back end > > and, unless I set always_direct, it won't connect to the 'origin' > > server. Are there any docs or similar I should be looking > at or should I > > post some config file extracts here ? > > SSL to the backend should be supported.. what does access.log say? > > Regarding always_direct: In Squid-2.6 and 3.0 accelerators is > configured > using the cache_peer directive. This is mentioned in the > release notes. > > Regards > Henrik >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
