Search squid archive

Re: SSL Reverse Proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Shekhar Gupta wrote:
Hi Simon,

I am just sharing my config which i have done it for my SSL Reverse
Proxy for one of the site which is hosted on port 80 , One more thing
is i am runni ng squid with
-D option whcih tells squid not use DNS for name resolution , at the
same time i am making the entries in /ets/hosts  file for the site .

https_port 443 cert=/Path to Certificate/testcert.cert key=/Path to
Key/testkey.pem  defaultsite=mywebsite.mydomain.com vhost

cache_peer 10.112.62.20 parent 80 0 no-query originserver login=PASS
name=websiteA.mydomain.com
acl sites_server_1 dstdomain websiteA.mydomain.com
cache_peer_access websiteA.mydomain.com allow sites_server_1
cache_peer 10.112.143.112 parent 80 0 no-query originserver login=PASS
name=mywebsite.mydomain.com
acl sites_server_2 dstdomain mywebsite.mydomain.com
cache_peer_access mywebsite.mydomain.com allow sites_server_2
acl webserver dst 10.112.62.20 10.112.143.112
http_access allow webserver
http_access allow all
miss_access allow webserver
miss_access deny all

Try without this miss_access.

Also, try with general http(s) access permitted to the accelerated sites.

Amos

http_access allow manager localhost
http_access deny manager
http_access deny all

In the above config i am hosting 2 website which is running in my LAN
to publish outside using SSL proxy . Also in /etc/hosts i am making 2
entries for this

10.112.62.20            websiteA.mydomain.com          websiteA
10.112.143.112         wywebsite.mydomain.com         mywebsite

Let me know if you need any other help .

Regards,
Sudhir Gupta
On 10/11/07, Dwyer, Simon <sdwyer@xxxxxxxxxxxxx> wrote:
Ok I have worked out the first issue which was a firewall rule issue.

The http version is working fine now but the https one is still having
issues.  This is what I am getting when browsing to it.

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: https://<website> /

The following error was encountered:

   * Unable to forward this request at this time.

This request could not be forwarded to the origin server or to any parent
caches. The most likely cause for this error is that:

   * The cache administrator does not allow this cache to make direct
connections to origin servers, and
   * All configured parent caches are currently unreachable.

Your cache administrator is sdwyer@xxxxxxxxxxxxxx
Generated Thu, 11 Oct 2007 05:21:58 GMT by <proxy>.federalit.net
(squid/2.6.STABLE10)



-----Original Message-----
From: Dwyer, Simon
Sent: Thursday, 11 October 2007 4:13 PM
To: 'squid-users@xxxxxxxxxxxxxxx'
Subject:  SSL Reverse Proxy

Hi everyone,

First time doing this so if I mess it up don't flame too much ☺

I have an internal web server that needs to be reached from the outside
world.

| Internal web server | <--> | Firewall | <--> | Squid Proxy | <--> |
Firewall | <--> Internet

Between the web server and the proxy it will be standard http but from the
proxy to the internet it will be https.  I have purchased a cert for the
domain used and generated all the stuff needed on the squid server for that
using openssl.

I think these are the two relevant lines in my config.

https_port 443 accel cert=/<path to cert>/cert.crt key=/<path to
key>/key.key defaultsite=<website> vhost

cache_peer reports2.federalit.net parent 2002 0 no-query originserver
name=reports.federalit.net

I know 2002 is a funny port but that's what the windows people have this
site running on.

I also added the line

http_port 80 accel defaultsite=reports.federalit.net vhost

to see if I could get it working over just HTTP but that does the same
thing.

It just sits there and times out very slowly...

Any ideas would be great,

Cheers,

Simon Dwyer
Technology Services Group



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux