Hi Simon, I am just sharing my config which i have done it for my SSL ReverseProxy for one of the site which is hosted on port 80 , One more thingis i am runni ng squid with-D option whcih tells squid not use DNS for name resolution , at thesame time i am making the entries in /ets/hosts file for the site . https_port 443 cert=/Path to Certificate/testcert.cert key=/Path toKey/testkey.pem defaultsite=mywebsite.mydomain.com vhost cache_peer 10.112.62.20 parent 80 0 no-query originserver login=PASSname=websiteA.mydomain.comacl sites_server_1 dstdomain websiteA.mydomain.comcache_peer_access websiteA.mydomain.com allow sites_server_1cache_peer 10.112.143.112 parent 80 0 no-query originserver login=PASSname=mywebsite.mydomain.comacl sites_server_2 dstdomain mywebsite.mydomain.comcache_peer_access mywebsite.mydomain.com allow sites_server_2acl webserver dst 10.112.62.20 10.112.143.112http_access allow webserverhttp_access allow allmiss_access allow webservermiss_access deny allhttp_access allow manager localhosthttp_access deny managerhttp_access deny all In the above config i am hosting 2 website which is running in my LANto publish outside using SSL proxy . Also in /etc/hosts i am making 2entries for this 10.112.62.20 websiteA.mydomain.com websiteA10.112.143.112 wywebsite.mydomain.com mywebsite Let me know if you need any other help . Regards,Sudhir GuptaOn 10/11/07, Dwyer, Simon <sdwyer@xxxxxxxxxxxxx> wrote:> Ok I have worked out the first issue which was a firewall rule issue.>> The http version is working fine now but the https one is still having> issues. This is what I am getting when browsing to it.>> ERROR> The requested URL could not be retrieved>> While trying to retrieve the URL: https://<website> />> The following error was encountered:>> * Unable to forward this request at this time.>> This request could not be forwarded to the origin server or to any parent> caches. The most likely cause for this error is that:>> * The cache administrator does not allow this cache to make direct> connections to origin servers, and> * All configured parent caches are currently unreachable.>> Your cache administrator is sdwyer@xxxxxxxxxxxxxx> Generated Thu, 11 Oct 2007 05:21:58 GMT by <proxy>.federalit.net> (squid/2.6.STABLE10)>>>> -----Original Message-----> From: Dwyer, Simon> Sent: Thursday, 11 October 2007 4:13 PM> To: 'squid-users@xxxxxxxxxxxxxxx'> Subject: SSL Reverse Proxy>> Hi everyone,>> First time doing this so if I mess it up don't flame too much ☺>> I have an internal web server that needs to be reached from the outside> world.>> | Internal web server | <--> | Firewall | <--> | Squid Proxy | <--> |> Firewall | <--> Internet>> Between the web server and the proxy it will be standard http but from the> proxy to the internet it will be https. I have purchased a cert for the> domain used and generated all the stuff needed on the squid server for that> using openssl.>> I think these are the two relevant lines in my config.>> https_port 443 accel cert=/<path to cert>/cert.crt key=/<path to> key>/key.key defaultsite=<website> vhost>> cache_peer reports2.federalit.net parent 2002 0 no-query originserver> name=reports.federalit.net>> I know 2002 is a funny port but that's what the windows people have this> site running on.>> I also added the line>> http_port 80 accel defaultsite=reports.federalit.net vhost>> to see if I could get it working over just HTTP but that does the same> thing.>> It just sits there and times out very slowly...>> Any ideas would be great,>> Cheers,>> Simon Dwyer> Technology Services Group>
