Search squid archive

Re: reverse proxy https -> http and redirect request from server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On tis, 2008-05-06 at 11:37 +0200, Wojciech Durczyński wrote:

> I try to set squid as a reverse proxy. Clients should connect via https, 
> and originserver is via http.

Tricky, unless your web server supports having an ssl frontend.. See the
front-end-https cache_peer option.


> https_port 3129 accel vport protocol=http cert=/root/private/cacert.pem 
> key=/root/private/privkey.pem

The above should be 

https_port 3129 accel defaultsite=your.website.name
cert=/root/private/cacert.pem key=/root/private/privkey.pem

> Client shouldn't know anything about address of webserver.
> It works well unless webserver generate
> HTTP/1.0 302 Moved Temporarily
> Location: http://neons_ip:3129/sth

neons_ip:3129 is due to your use of vport. vport makes Squid forward the
url as http://ip.of.http.port:portnumber/path and many web servers pick
this up from the Host header.

If you instead set defaultsite=your.website.name the Host header will be
the public website name and your webserver will think the proper URL for
the request is http://your.website.name/path

With front-end-https the webserver additinally has a chance (if it
supports the feature) to understand that there is an frontend SSL server
taking care of the SSL part and that the requested protocol really is
https even if the web server received the request over plain http.

If your web server do not support frontend SSL servers then it's often
better to set up a dummy ssl port on the web server, using a self-signed
certificate and have the https content there.

Regards
Henrik


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux