Search squid archive

Re: squid reverse proxy with ssl: access denied

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



here's some of what was in the cache.log:
-------------
Initialising SSL.
Using certificate in /usr/local/squid/etc/key.crt
Using private key in /usr/local/squid/etc/key.key
Initialising SSL.
NOTICE: Peer certificates are not verified for validity!
DNS Socket created at 0.0.0.0, port 32786, FD 7
Adding domain lan from /etc/resolv.conf
Adding nameserver 192.168.0.1 from /etc/resolv.conf
Accepting HTTPS connections at 0.0.0.0, port 8080, FD 8.
Accepting ICP messages at 0.0.0.0, port 3130, FD 10.
WCCP Disabled.
Loaded Icons.
Ready to serve requests.
Failed to select source for 'https://192.168.0.150:8080/'
 always_direct = 0
  never_direct = 0
      timedout = 0
...
clientNegotiateSSL: Error negotiating SSL connection on FD 12:
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
------------------

i'm not sure about that last line, it came in at 6 am so it is
probably a bot or something (this is a public site)...

so i'm guessing always_direct should be 1 or is that irrelevant? (how
would i set that?)

2006/11/2, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx>:
ons 2006-11-01 klockan 16:24 +0100 skrev nick humphrey:
> het (our local network)
>
> i have a weblogic server 8.1 (wl81machine) in our intranet running a
> ssl/https site (we're testing out verisign ssl).
>
> i also have installed squid 2.6 STABLE4 (with --enable-ssl) on debian
> 3 (deb3machine)
>
> squid is acting as a reverse proxy to wl81machine, basically just
> sending requests back and forth, no caching or anything, on port 8080.

Ok.

> when i try to access wl81machine from the internet i get an access
> denied error and it shows the ip address to wl81machine without the
> port:
> "
> while trying to retrieve the url: https://192.168.0.150
> the following error was encountered:
> access denied
> ...
> "

Anything in cache.log?


> i know this is got to be something wrong with my squid.conf:
> #-----START---------
> https_port 8080 cert=/usr/local/squid/etc/key.crt
> key=/usr/local/squid/etc/key.key defaultsite=192.168.0.150

defaultsite should be the official site name, i.e. the same as you have
in the cert.

The server Squid should connect to is defined by cache_peer. Which I
couldn't find any in your config btw...

Regards
Henrik




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux