On Mon, 07 Dec 2009 17:59:22 +0100, Ludovit Koren <Ludovit_Koren@xxxxxxxxxx> wrote: > Hi, > > I have Debian Linux and Squid Version 2.7.STABLE3. As I understand > from the documentation, there was some change in the version and I did > not find relevant information on the net. NP: Please use the latest Squid version available, 2.7.STABLE7 is available in backports if you need to. > > I have the following scenario: > > client - https - squid - https - server1 > client - https - squid - http - server2 > Use this for reference: http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting > > This is what I added to the squid.conf > > http_port 80 accel defaultsite=dflt1.domain.sk vhost This configures: Client - HTTP -> Squid. Which I note is missing from your specs. If your specs were right then drop this and only use the https_port directive below. > https_port 443 cert=/etc/squid/ssl.crt key=/etc/squid/ssl.key > defaultsite=dflt1.domain.sk vhost > > acl webmail dstdomain webmail.domain.sk > > cache_peer dflt1.domain.sk parent 80 0 no-query originserver Missing: name=dflt1 > cache_peer dflt1.domain.sk parent 443 0 no-query ssl > sslflags=DONT_VERIFY_PEER front-end-https > name=dflt1 > cache_peer webmail.domain.sk parent 80 0 no-query originserver name=dflt2 > > > cache_peer_access dflt2 allow webmail Missing: cache_peer_access dflt2 deny all cache_peer_access dflt1 allow !webmail Also missing: * list of domains to be passed to dflt1 * http_access lines to permit valid domain traffic to enter Squid. > > According to log the redirection is either all the time http or https > (if i add protocol=http to the configuration above): > > 1260203474.257 116 Y.Y.Y.Y TCP_MISS/502 1439 GET > https://webmail.domain.sk/ - DIRECT/ > X.X.X.X text/html > > > > How can I configure squid as https reverse proxy and one page redirect to > the https backend server and the second page redirect to the http > backend server? What you had configured above is a reverse proxy which accepts both HTTP and HTTPS connections. Then passes all requests to dflt1.domain.sk:80. If dflt1.domain.sk:80 became available or overloaded the webmail.domain.sk traffic would be pushed to dflt1.domain.sk:443 and the non-webmail.* traffic would be dropped with an error. Amos
