Matus UHLAR - fantomas wrote:
On 26.11.08 17:58, Tom Williams wrote:
Ok, I'm adding SSL support to my Squid 3 reverse proxy configuration.
Here are the configuration directives:
http_port 8085 accel defaultsite=www.mydomain.com vhost
https_port 4433 accel cert=/etc/ssl/cert/www_mydomain_com.crt
key=/etc/ssl/private/private.key defaultsite=www.mydomain.com vhost
cache_peer 192.168.1.7 parent 80 0 no-query originserver login=PASS
name=web2Accel
cache_peer 192.168.1.7 parent 443 0 no-query originserver ssl login=PASS
name=web2SSLAccel
Here is the error I get when I try to connect:
clientNegotiateSSL: Error negotiating SSL connection on FD 13:
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
What does this error mean?
someone apparently used HTTP on port you have configured to be HTTPS
Btw, why are you using ports 8085 and 4433 for reverze proxy?
Reverse proxy should listen on 80/443 and forward requests to real server on
different IP/port?
Ah. Now that you mention that, I believe I made that mistake myself. I
probably used http://blah:4433/ instead of httpS://blah:4433/. I really
need to get some sleep. :(
As for the strange ports, it's because I'm currently doing testing.
Once everything has been worked out, we will switch Squid over to using
ports 80/443 for HTTP and HTTPS traffic. :)
Thanks!
Peace...
Tom
