Thanks for the reply. Here's my situation - Web/SSL Mail server on ports 80 and 443 in Sweden<--network cloud--><--firewall--><--My Squid Server in Finland / Gateway-><--firewall--><--network cloud-->Client networks in Sweden and Finland. The gateway machine hosting squid is the only connection point between the Web server and my clients. The client, the squid server, and the http/https servers are all in different networks. There are no private network addresses involved. So I need SSL between the clients and squid and between the web/mail server and squid. Is this possible with squid or must I use port forwarding on port 443 on the squid gateway? Thanks again, Magnus On Sun, May 24, 2009 at 5:43 AM, Jeff Pang <pangj@xxxxxxxx> wrote: > Magnus Moraberg: > >> >> Now I wish for my clients to be also able able to use ssl/https, but >> I'm not sure how squid should be configured to do this. >> > > Do you mean in a reverse-proxy environment? If so,try something like: > > https_port 443 accel vhost cert=/usr/local/squid/etc/ssl/server.crt > key=/usr/local/squid/etc/ssl/server.key > > cache_peer 1.2.3.4 parent 80 0 no-query front-end-https=auto originserver > name=PEER1 > acl service1 dstdomain www.ab.com > cache_peer_access PEER1 allow service1 > > acl Safe_ports port 80 443 > http_access allow service1 > http_reply_access allow all > > see also: > http://wiki.squid-cache.org/SquidFaq/ReverseProxy > > > If you're not in a reverse-proxy, squid most probably is in the network as > the clients themselves. Then the SSL transmission from clients to Squid is > unmeaning, just bypass them. > > -- > Jeff Pang > DingTong Technology > www.dtonenetworks.com >