Search squid archive

Re: Configuring reverse proxy for both 80/443

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

l3d wrote:

I've gotten part of it to work with two cache_peer lines such as:

acl incoming_ssl dstdomain ssl.domain.com
acl incoming_default dstdomain domain.com www.domain.com

http_port 80 accel vhost
https_port 443 cert=/usr/YOURCERT.cer key=/usr/YOURKEY.key vhost

cache_peer xxx.xxx.xxx.xxx parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=ssl.domain.com
cache_peer_access ssl.domain.com allow incoming_ssl

cache_peer xxx.xxx.xxx.xxx(same server) parent 80 0 no-query
originserver name=*hostname of webserver*
cache_peer_access *hostname of website* allow incoming_default

But I have a problem with this config......

Because my "domain.com" is in the acl even without the *.domain.com it
still allows an 80 connection for my 443 website "ssl.domain.com"
.... And because it still communicates with the originserver over 443,
the originserver does not have an issue..... HOW can I force squid to
accept only 443 connections for a website on a originserver that squid
already uses for 80 connections?


ACL type myport .

  acl sslPort myport 443

  cache_peer_access allow sslPort incoming_ssl
  cache_peer_access domain.com allow !sslPort incoming_default


Amos




Please help

-l3d
On Tue, Mar 4, 2008 at 7:16 PM, Nick Duda <nduda@xxxxxxxxxxxxxx> wrote:

Nope, it throws an error, I tried that.



-----Original Message-----
From: Chris Woodfield [mailto:rekoil@xxxxxxxxxxxxx]
Sent: Tuesday, March 04, 2008 8:02 PM
To: Nick Duda
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  Configuring reverse proxy for both 80/443

I haven't tried this myself, but can't you just have two cache-peer
lines with the same host but different port numbers?

-C

On Mar 4, 2008, at 5:11 PM, Nick Duda wrote:


I seem to be stumped. I need to reverse proxy for one internal server
that listens on both 80 and 443. How can I configure squid to proxy
for
the same cache-peer on both 80 and 443? As far as I can see you can
only
specify one protocol per cache-peer line. I think I am missing
something.

- Nick






--
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux