Hello All, I’m running Squid-2.6.5 as a reverse proxy compiled with SSL support, but having trouble getting SSL working. I have Squid setup to distribute requests to several backend apache and IIS servers. My config has been working fine on port 80 plain http. However I am now trying to secure one of the servers with SSL on 443. I have read the wiki and the following example config: http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate and have also trawled the web, without luck. One difference is don’t have a wildcard cert, just cert for a single address, I have installed it in both the Squid machine and the Apache machine. The apache machine serves SSL when I use a host entry, so I’m sure that’s it’s working. When I use the following squid.conf (below) Squid starts without any problems and asks me for the certs pass phrase, then when I make a SSL browser request I get connection refused? port 80 works fine? Nothing of note in the access or cache logs? I have tried all sorts of permutations and I'm lost! :( Any help appreciated. Kind regards, Stonie. https_port 443 cert=/root/mysslsite.crt key=/root/mysslsite.key defaultsite=www.mysslsite.com.au vhost vport http_port 80 vhost vport forwarded_for on acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache # Setup for server number one and its sites cache_peer 192.168.1.202 parent 80 0 no-query originserver name=tracServer login=PASS acl tracSites dstdomain src.xxxx.net cache_peer_access tracServer allow tracSites http_access allow tracSites # Setup for server number two and its sites cache_peer 192.168.1.201 parent 80 0 no-query originserver name=MS08-Web login=PASS acl MS08-WebSites dstdomain www.xxxx.com cache_peer_access MS08-Web allow MS08-WebSites http_access allow MS08-WebSites # Setup for server number three and its sites cache_peer 192.168.1.206 parent 80 0 no-query originserver name=JoomlaServer login=PASS cache_peer 192.168.1.206 parent 443 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=JoomlaServerSSL acl JoomlaSites dstdomain www.mysslsite.com.au cache_peer_access JoomlaServer allow JoomlaSites cache_peer_access JoomlaServerSSL allow JoomlaSites http_access allow JoomlaSites # standard security stuff squid acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all icp_access allow all # HTTP Extensions for Subversion extension_methods REPORT MERGE MKACTIVITY CHECKOUT
