Search squid archive

Re: SSL Reverse Proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 01, 2008 at 12:15:53AM -0700, elsergio wrote:
> I am trying to see all the reverse proxy features that Squid
> offers and I have a question about SSL. I am sure you can help me.
> 
> I have seen in the forum that it seems to be something like this:
> 
> acl http protocol http
> acl https protocol https
> http_port public.ip:80 accel defaultsite=your.main.sitename vhost
> acl servergroup_domains dstdomain your.main.sitename other.sitename ...
> cache_peer ip.of.web.server parent 80 0 no-query originserver name=servername_http
> cache_peer_access servername_http http servergroup_domains
> https_port public.ip:443 accel defaultsite=your.main.sitename sslcert=/path/to/main.sitename.pem
> cache_peer ip.of.web.server parent 443 0 no-query originserver ssl name=servername_https
> cache_peer_access servername_https https servergroup_domains
> 
> The problem is that I cannot figure out de differences between
> creating an SSL connection (the case above I think) and Squid
> being the end of an SSL connection.

The configuration example you have there does both.

http_port configures a port for squid itself to accept connections
on. If you use https_port, it will be an SSL endpoint; which is why
you need to specify the certificate file to use.

cache_peer configures either an upstream proxy or defines an origin
server (conceptually these are the same thing, the only difference
is how you make requests to them). I suppose specifying the "ssl"
option to it tells squid to make SSL connections when requesting
content from it.

Does that help at all?

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux