Search squid archive

Re: Speaking SSL+HTTP/1.1 to backend

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> I have a backend (application) server that rejects requests that are not
> HTTP/1.1 (rejected with a "HTTP/1.1 505 HTTP Version Not Supported").  It
> also requires that connections come in over SSL.
>
> I would like to place a Squid instance in accelerator mode in front of
> this application, but haven't found a way to convince Squid to talk
> HTTP/1.1 to the backend over SSL.  All the requests I see are coming into
> the backend as HTTP/1.0.
>
> Is there a magic recipe to force Squid to use the HTTP/1.1 protocol to the
> backend?
>
> I've tried Squid-3.0-STABLE8 and Squid-3.HEAD-20080909 with no difference.
>  Here's the squid.conf:
>
> #--------------------------------------------------
> # Squid.conf
> visible_hostname frontend.mydomain.com
> httpd_suppress_version_string on
>
> http_port 80 accel defaultsite=10.2.3.4
> https_port 443 accel defaultsite=10.2.3.4 key=/apps/squid/etc/squid.key
> cert=/apps/squid/etc/squid.crt
> cache_peer 10.2.3.4 parent 443 0 no-query originserver name=backendssl ssl
> sslflags=DONT_VERIFY_PEER proxy-only
> cache_peer 10.2.3.4 parent 80 0 no-query originserver name=backendhttp
> proxy-only
>
> acl VDI dst 10.2.3.4
> http_access allow all
> cache_peer_access backendssl allow all
> cache_peer_access backendhttp allow all
>
> request_body_max_size 0
>
> # Debugging:
> debug_options ALL,9
> error_directory /apps/squid-3.HEAD-20080909/share/errors/en
>
> Thanks,
> --Joe
>

3.0 releases don't support HTTP/1.1 in that form yet. You will need to use
a 2.7 release for the time being.

PS. I also find it strange that your website public domain name is 10.2.3.4.

Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux