Found another reference in cache.log FYI.. ==> ../var/logs/cache.log <== 2006/06/16 12:09:11| Failed to select source for 'https://www.servername.com.au/' 2006/06/16 12:09:11| always_direct = 0 2006/06/16 12:09:11| never_direct = 0 2006/06/16 12:09:11| timedout = 0 -- Kevin Withnall ILB Computing PH: 02 4227 0001 Mobile: 0412 453 846 FAX: 02 4227 0081 http://kevin.withnall.com/ > -----Original Message----- > From: Kevin Withnall [mailto:kevin@xxxxxxxxxx] > Sent: Friday, 16 June 2006 11:42 AM > To: Henrik Nordstrom > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: RE: Squid 3.0 PRE3 in accellerator mode > > Heres my cache_peer line.. > > cache_peer www.servername.com.au parent 443 443 ssl originserver > > Currently the world DNS points at 1.1.1.1 and the cache proxy > is on 2.2.2.2 > > Ive manually changed a workstation hosts file to point at > 2.2.2.2 for that > domain name. > > I can https access the server so I think the https_port is > right. Here it > is... > > https_port 443 cert=/usr/local/squid/etc/server.cert.pem > key=/usr/local/squid/etc/server.key.pem vhost > > So, what I think will happen is the squid 3.0PRE3 will look > at the headers > and decide to use the cache_peer line based on the server > name. is that > correct ? > > What im after is a way to transparently put this accelerated > server inside > my network (possibly by port redirection, or by DNSing the > cache and giving > it overriding hosts entries on the cache box to know about > the real server) > > As per your request, heres the access log... > 192.168.1.177 - - [16/Jun/2006 11:36:51] "GET > https://www.servername.com.au/ > HTTP/1.1" 503 2776 "-" "Mozilla/5.0 (Windows; U; Windows NT > 5.1; en-US; > rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4" TCP_MISS:TIMEOUT_NONE > > I also have > > 2006/06/16 11:36:51| fwdNegotiateSSL: Error negotiating SSL > connection on FD > 14: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate > verify failed (1/-1) > 2006/06/16 11:36:51| TCP connection to > www.servername.com.au/443 failed > > In the stdout for squid (running in non daemon mode) > > Thanks. > > > > -- > Kevin Withnall > ILB Computing > PH: 02 4227 0001 Mobile: 0412 453 846 > FAX: 02 4227 0081 > http://kevin.withnall.com/ > > > > > -----Original Message----- > > From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] > > Sent: Sunday, 11 June 2006 10:00 PM > > To: Kevin Withnall > > Cc: squid-users@xxxxxxxxxxxxxxx > > Subject: Re: Squid 3.0 PRE3 in accellerator mode > > > > sön 2006-06-11 klockan 11:50 +1000 skrev Kevin Withnall: > > > > > Ive setup squid 3.0 PRE3 to accelerate them and can connect > > to the squid > > > proxy on https and I have it looking at the vhost headers > > to talk to the > > > back end servers. > > > > > > What doesn't seem to be working is the https connection to > > the back end > > > and, unless I set always_direct, it won't connect to the 'origin' > > > server. Are there any docs or similar I should be looking > > at or should I > > > post some config file extracts here ? > > > > SSL to the backend should be supported.. what does access.log say? > > > > Regarding always_direct: In Squid-2.6 and 3.0 accelerators is > > configured > > using the cache_peer directive. This is mentioned in the > > release notes. > > > > Regards > > Henrik > > >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature