Harry Griff wrote:
Thanks very much for your reply Chris!
First off, I'm stuck using 2.5. It was a lot of work getting squid installed in the first place since the linux machine is located in another country and the administrator there is really unhelpful...
That's going to make things tough.
The HTTP part looks fine, but you won't be able to make a secure connection on port 443. It's set up as a http_port, not a https_port, for start. You can proxy secure connections over a http_port (it uses a tunneling method called "CONNECT").
Do you mean that I should remove the line -
http_port 10.20.1.1:443
and have my clients connect to 10.20.1.1:80 for both http and https? If not, what should I be doing for https?
It depends on which route you take... If you go for the accelerator
setup, you are going to want both a http_port and a https_port line. If
you have your clients specify a proxy server in their browser, then all
you need is the http_port.
Set it up as a reverse proxy
Should this work for both http and https? -
httpd_accel_host 10.251.60.180
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy on
where 10.251.60.180 is the "network b" server I wish the machines in "network a" to connect to?
Hmmm... For an acceleration setup on Squid 2.5 (with an https_port), I
think you need something like the following...
http_port 80
https_port 443 cert=/etc/squid/cert/xyz.com.crt
key=/etc/squid/cert/xyz.com.key
httpd_accel_host 10.251.60.180
httpd_accel_port 80
httpd_accel_with_proxy off
httpd_accel_single_host on
httpd_accel_uses_host_header on
...but my memory is quite fuzzy regarding the details.
Thanks again, I really appreciate your help,
Barry.
Chris
