Search squid archive

RE: Reverse proxy, SSL cert for each cache peer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I fixed it, and its working, but I have one issue. It's always using the cert associated with the https_port directive, even when I get a match on the correct cache peer using another cert.

- Nick




-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
Sent: Tuesday, November 10, 2009 5:14 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: RE:  Reverse proxy, SSL cert for each cache peer

On Tue, 10 Nov 2009 09:43:42 -0500, Nick Duda <nduda@xxxxxxxxxxxxxx>
wrote:
> Ok, let me rephrase my question, can someone help me out with my config
> then? Is this correct?
> 
> http_port 80 accel vhost
> https_port 443 accel vhost cert=/path/to/cert1.pem
> key=/path/to//server1.key
> 
> cache_peer www1.server.com parent 80 0 no-query originserver
name=www1_http
> cache_peer www2.server.com parent 443 0 no-query originserver ssl
> name=www2_ssl sslflags=DONT_VERIFY_PEER cert=/path/to/cert2.pem
> key=/path/to/server2.key
> cache_peer www3.server.com parent 443 0 no-query originserver ssl
> name=ww3_ssl sslflags=DONT_VERIFY_PEER cert=/path/to/cert3.pem
> key=/path/to/server3.key
> 
> acl acl_www1http dstdomain www1.server.com
> acl acl_www2ssl dstdomain www2.server.com
> acl acl_www3ssl dstdomain  www3.server.com
> 
> cache_peer_access defaultwww allow acl_www1http
> cache_peer_access ssl2 allow acl_www2ssl
> cache_peer_access ssl3 allow acl_www3ssl

The cache_peer names above don't match the ones used in cache_peer
name=XX.

Other than that is looks right to me.

Amos

> 
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
> Sent: Monday, November 09, 2009 5:45 PM
> To: Nick Duda
> Cc: squid-users@xxxxxxxxxxxxxxx
> Subject: Re:  Reverse proxy, SSL cert for each cache peer
> 
> On Mon, 9 Nov 2009 13:41:42 -0500, Nick Duda <nduda@xxxxxxxxxxxxxx>
wrote:
>> Can someone point me to how I can setup squid, to listen on port 443
and
>> depending on the URL being asked, to use a certain cache peer with a
>> certain SSL cert? I've been doing this for just one cache peer, using
by
>> just using the cert= key= options on the https_port directive. Can they
> be
>> used on the cache_peer also?
>> 
>> - Nick
> 
> Yes.
> http://www.squid-cache.org/Doc/config/cache_peer
> 
> ... and the config examples in the wiki.
> 
> Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux