Thanks Amos, Matus and Shekhar. It seems I forgot to put in the login=PASS which may have caused the error. I also fixed up my host file and started squid with -D. Thanks again, Simon Dwyer -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Thursday, 11 October 2007 11:11 PM Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: SSL Reverse Proxy Shekhar Gupta wrote: > Hi Simon, > > I am just sharing my config which i have done it for my SSL Reverse > Proxy for one of the site which is hosted on port 80 , One more thing > is i am runni ng squid with > -D option whcih tells squid not use DNS for name resolution , at the > same time i am making the entries in /ets/hosts file for the site . > > https_port 443 cert=/Path to Certificate/testcert.cert key=/Path to > Key/testkey.pem defaultsite=mywebsite.mydomain.com vhost > > cache_peer 10.112.62.20 parent 80 0 no-query originserver login=PASS > name=websiteA.mydomain.com > acl sites_server_1 dstdomain websiteA.mydomain.com > cache_peer_access websiteA.mydomain.com allow sites_server_1 > cache_peer 10.112.143.112 parent 80 0 no-query originserver login=PASS > name=mywebsite.mydomain.com > acl sites_server_2 dstdomain mywebsite.mydomain.com > cache_peer_access mywebsite.mydomain.com allow sites_server_2 > acl webserver dst 10.112.62.20 10.112.143.112 > http_access allow webserver > http_access allow all > miss_access allow webserver > miss_access deny all Try without this miss_access. Also, try with general http(s) access permitted to the accelerated sites. Amos > http_access allow manager localhost > http_access deny manager > http_access deny all > > In the above config i am hosting 2 website which is running in my LAN > to publish outside using SSL proxy . Also in /etc/hosts i am making 2 > entries for this > > 10.112.62.20 websiteA.mydomain.com websiteA > 10.112.143.112 wywebsite.mydomain.com mywebsite > > Let me know if you need any other help . > > Regards, > Sudhir Gupta > On 10/11/07, Dwyer, Simon <sdwyer@xxxxxxxxxxxxx> wrote: >> Ok I have worked out the first issue which was a firewall rule issue. >> >> The http version is working fine now but the https one is still having >> issues. This is what I am getting when browsing to it. >> >> ERROR >> The requested URL could not be retrieved >> >> While trying to retrieve the URL: https://<website> / >> >> The following error was encountered: >> >> * Unable to forward this request at this time. >> >> This request could not be forwarded to the origin server or to any parent >> caches. The most likely cause for this error is that: >> >> * The cache administrator does not allow this cache to make direct >> connections to origin servers, and >> * All configured parent caches are currently unreachable. >> >> Your cache administrator is sdwyer@xxxxxxxxxxxxxx >> Generated Thu, 11 Oct 2007 05:21:58 GMT by <proxy>.federalit.net >> (squid/2.6.STABLE10) >> >> >> >> -----Original Message----- >> From: Dwyer, Simon >> Sent: Thursday, 11 October 2007 4:13 PM >> To: 'squid-users@xxxxxxxxxxxxxxx' >> Subject: SSL Reverse Proxy >> >> Hi everyone, >> >> First time doing this so if I mess it up don't flame too much ☺ >> >> I have an internal web server that needs to be reached from the outside >> world. >> >> | Internal web server | <--> | Firewall | <--> | Squid Proxy | <--> | >> Firewall | <--> Internet >> >> Between the web server and the proxy it will be standard http but from the >> proxy to the internet it will be https. I have purchased a cert for the >> domain used and generated all the stuff needed on the squid server for that >> using openssl. >> >> I think these are the two relevant lines in my config. >> >> https_port 443 accel cert=/<path to cert>/cert.crt key=/<path to >> key>/key.key defaultsite=<website> vhost >> >> cache_peer reports2.federalit.net parent 2002 0 no-query originserver >> name=reports.federalit.net >> >> I know 2002 is a funny port but that's what the windows people have this >> site running on. >> >> I also added the line >> >> http_port 80 accel defaultsite=reports.federalit.net vhost >> >> to see if I could get it working over just HTTP but that does the same >> thing. >> >> It just sits there and times out very slowly... >> >> Any ideas would be great, >> >> Cheers, >> >> Simon Dwyer >> Technology Services Group >>