Search squid archive

RE: SSL Reverse Proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Amos, Matus and Shekhar.

It seems I forgot to put in the login=PASS which may have caused the error.
I also fixed up my host file and started squid with -D.  

Thanks again,

Simon Dwyer

-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
Sent: Thursday, 11 October 2007 11:11 PM
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  SSL Reverse Proxy

Shekhar Gupta wrote:
> Hi Simon,
> 
> I am just sharing my config which i have done it for my SSL Reverse
> Proxy for one of the site which is hosted on port 80 , One more thing
> is i am runni ng squid with
> -D option whcih tells squid not use DNS for name resolution , at the
> same time i am making the entries in /ets/hosts  file for the site .
> 
> https_port 443 cert=/Path to Certificate/testcert.cert key=/Path to
> Key/testkey.pem  defaultsite=mywebsite.mydomain.com vhost
> 
> cache_peer 10.112.62.20 parent 80 0 no-query originserver login=PASS
> name=websiteA.mydomain.com
> acl sites_server_1 dstdomain websiteA.mydomain.com
> cache_peer_access websiteA.mydomain.com allow sites_server_1
> cache_peer 10.112.143.112 parent 80 0 no-query originserver login=PASS
> name=mywebsite.mydomain.com
> acl sites_server_2 dstdomain mywebsite.mydomain.com
> cache_peer_access mywebsite.mydomain.com allow sites_server_2
> acl webserver dst 10.112.62.20 10.112.143.112
> http_access allow webserver
> http_access allow all
> miss_access allow webserver
> miss_access deny all

Try without this miss_access.

Also, try with general http(s) access permitted to the accelerated sites.

Amos

> http_access allow manager localhost
> http_access deny manager
> http_access deny all
> 
> In the above config i am hosting 2 website which is running in my LAN
> to publish outside using SSL proxy . Also in /etc/hosts i am making 2
> entries for this
> 
> 10.112.62.20            websiteA.mydomain.com          websiteA
> 10.112.143.112         wywebsite.mydomain.com         mywebsite
> 
> Let me know if you need any other help .
> 
> Regards,
> Sudhir Gupta
> On 10/11/07, Dwyer, Simon <sdwyer@xxxxxxxxxxxxx> wrote:
>> Ok I have worked out the first issue which was a firewall rule issue.
>>
>> The http version is working fine now but the https one is still having
>> issues.  This is what I am getting when browsing to it.
>>
>> ERROR
>> The requested URL could not be retrieved
>>
>> While trying to retrieve the URL: https://<website> /
>>
>> The following error was encountered:
>>
>>    * Unable to forward this request at this time.
>>
>> This request could not be forwarded to the origin server or to any parent
>> caches. The most likely cause for this error is that:
>>
>>    * The cache administrator does not allow this cache to make direct
>> connections to origin servers, and
>>    * All configured parent caches are currently unreachable.
>>
>> Your cache administrator is sdwyer@xxxxxxxxxxxxxx
>> Generated Thu, 11 Oct 2007 05:21:58 GMT by <proxy>.federalit.net
>> (squid/2.6.STABLE10)
>>
>>
>>
>> -----Original Message-----
>> From: Dwyer, Simon
>> Sent: Thursday, 11 October 2007 4:13 PM
>> To: 'squid-users@xxxxxxxxxxxxxxx'
>> Subject:  SSL Reverse Proxy
>>
>> Hi everyone,
>>
>> First time doing this so if I mess it up don't flame too much ☺
>>
>> I have an internal web server that needs to be reached from the outside
>> world.
>>
>> | Internal web server | <--> | Firewall | <--> | Squid Proxy | <--> |
>> Firewall | <--> Internet
>>
>> Between the web server and the proxy it will be standard http but from
the
>> proxy to the internet it will be https.  I have purchased a cert for the
>> domain used and generated all the stuff needed on the squid server for
that
>> using openssl.
>>
>> I think these are the two relevant lines in my config.
>>
>> https_port 443 accel cert=/<path to cert>/cert.crt key=/<path to
>> key>/key.key defaultsite=<website> vhost
>>
>> cache_peer reports2.federalit.net parent 2002 0 no-query originserver
>> name=reports.federalit.net
>>
>> I know 2002 is a funny port but that's what the windows people have this
>> site running on.
>>
>> I also added the line
>>
>> http_port 80 accel defaultsite=reports.federalit.net vhost
>>
>> to see if I could get it working over just HTTP but that does the same
>> thing.
>>
>> It just sits there and times out very slowly...
>>
>> Any ideas would be great,
>>
>> Cheers,
>>
>> Simon Dwyer
>> Technology Services Group
>>


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux