Wojciech Durczyński wrote:
Hello
I try to set squid as a reverse proxy. Clients should connect via https,
and originserver is via http.
Client ---(https://neon:3129/)--> squid ----(http://neon:8085/)---->
webserver
My configuration is something like that:
https_port 3129 accel vport protocol=http cert=/root/private/cacert.pem
key=/root/private/privkey.pem
cache_peer neon 8085 0 no-query originserver name=neon
cache_peer_access neon allow all
http_access allow all
Client shouldn't know anything about address of webserver.
It works well unless webserver generate
HTTP/1.0 302 Moved Temporarily
Location: http://neons_ip:3129/sth
Then web browser tries to connect with squid's https port via standard
http, and I get information "connection reset".
How to configure right behaviour? Is it a bug in squid?
Config error.
Webserver still needs to knwo its public domain and think in terms of
its public FQDN. So that it generates absolute-URI properly.
I'd advise squid contain either:
cache_peer <ip-of-neon> ...
or:
cache_peer <rDNS-name-of-neon> ...
ip-of-neon / rDNS-name-of-neon need not be publicly visible (better if
they are not).
Amos
--
Please use Squid 2.6.STABLE20 or 3.0.STABLE5
