On ons, 2008-10-15 at 16:42 -0400, Todd Lainhart wrote: > I've looked in the archives, site, and Squid book, but I can't find > the answer to what I'm looking to do. I suspect that it's not > supported. It is. > My origin server accepts Basic auth over SSL (non-negotiable). I'd > like to stick a reverse proxy/surrogate in front of it for > caching/acceleration, and have it accept non-SSL connections w/ Basic > auth, directing those requests as https to the origin. The origin's > responses will be cached, to be used in subsequent GETs to the proxy. > Both machines are in a closed IP environment. Both use the same > authentication mechanism. The basic setup is a plain reverse proxy. http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-7fa129a6528d9a5c914f8dd5671668173e39e341 As the backend runs https you need to adjust the cache_peer line a bit to enable ssl (port 443, and the ssl option). When authentication is used you also need to tell Squid to trust the web server with auth credentials http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-c59962b21bb8e2a437beb149bcce3190ee1c03fd > I see that Squid 3.0 has an "ssl-bump" option, but I don't think that > does what I described. If it does, that's cool - I can change the > requirement of the proxy to accept Basic/SSL. sslbump is a different thing. Not needed for what you describe. But you may need to use https:// to the reverse proxy as well. This is done by using https_port instead of http_port (and requires a suitable certificate). Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
