Re: Reverse proxy HTTPS port on 8443

[Mohamed Navas <abusam@xxxxxxxxx>]

OK, here the problem is SSL certificate is keeping in the destination 
backend server and this is initializing the SSL transaction. The 
proxy server itself has some SSL cert/key for other servers for any 
HTTPS request from the clients ...

I had tried redirection from http://example.com:8080/abc to 
https://example.com:8443/abc in apache just for testing, but getting 
some dots only in the browser ..!!

thanks,

Br-
Navas

 At 04:41 PM 9/19/2006, fulan Peng wrote:
> I show you a workable configuration file for 2.6 S3. You can replace
> those things.
>
> http_port 127.0.0.1:80  defaultsite=ddint.org
> https_port 443 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
> defaultsite=zyzg.org.ru
> https_port 9001 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
> defaultsite=192.168.0.1
> https_port 9003 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
> defaultsite=www.peacehall.com
> cache_peer www.peacehall.com parent 80  0 originserver name=peacehall
>
> cache_peer 192.168.0.1 parent 5225  0 originserver name=futurechinaforum
> cache_peer zyzg.org.ru parent 80  0 originserver name=zyzg
> cache_peer ddint.org parent 80  0 originserver name=ddint
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> access_log c:/squid/var/logs/access.log squid
> debug_options ALL,9
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern .               0       20%     4320
> acl www.peacehall.com dstdomain www.peacehall.com
> acl 192.168.0.1 dstdomain 192.168.0.1
> acl zyzg.org.ru dstdomain zyzg.org.ru
> acl ddint.org dstdomain ddint.org
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80
> acl Safe_ports port 21
> acl Safe_ports port 443 563
> acl Safe_ports port 70
> acl Safe_ports port 210
> acl Safe_ports port 1025-65535
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> acl CONNECT method CONNECT
> http_access allow zyzg.org.ru
> http_access allow www.peacehall.com
> http_access allow ddint.org
> #http_access allow www.dajiyuan.com
> http_access allow 192.168.0.1
> http_access allow localhost
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow all
> http_reply_access allow all
> icp_access allow all
> cache_peer_access zyzg  allow zyzg.org.ru
> cache_peer_access peacehall     allow www.peacehall.com
> cache_peer_access futurechinaforum      allow 192.168.0.1
> #cache_peer_access dajiyuan     allow www.dajiyuan.com
> cache_peer_access ddint allow ddint.org
> visible_hostname ddint.org
> coredump_dir c:/squid/var/cache
>
>
> On 9/19/06, Mohamed Navas V <abusam@xxxxxxxxx> wrote:
> > hi,
> >
> > We have one setup with a reverse proxy for multiple backend back
> > servers. All these servers are for HTTPtraffic only with accel port
> > 80.
> >
> > But it's propsed one additional with the existing setup as follows:-
> >
> >
> >          request on port 8080                             request 
> > on port 8080
> > user 
> > -------------------------------->R.Proxy------------------------------->Web
> > Server
> >
> >               Replay on 8443                            replay on port 8443
> > user 
> > <--------------------------------R.Proxy<--------------------------------Web
> > Server
> >
> > ie User will request http://example.com:8080/abc but he want to get
> > HTTPS replay as https://example.com:8443/abc ....
> >
> > We are using squid 2.5, all other servers except this one are
> > listening on 80,443 ports only.
> >
> > What changes to be done config file for the same ?
> >
> > Br--
> > Navas