Amos Jeffries <squid3@xxxxxxxxxxxxx> writes: > On Mon, 07 Dec 2009 17:59:22 +0100, Ludovit Koren > <Ludovit_Koren@xxxxxxxxxx> wrote: >> Hi, >> >> I have Debian Linux and Squid Version 2.7.STABLE3. As I understand >> from the documentation, there was some change in the version and I did >> not find relevant information on the net. > > NP: Please use the latest Squid version available, 2.7.STABLE7 is > available in backports if you need to. > >> >> I have the following scenario: >> >> client - https - squid - https - server1 >> client - https - squid - http - server2 >> > > Use this for reference: > http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting > >> >> This is what I added to the squid.conf >> >> http_port 80 accel defaultsite=dflt1.domain.sk vhost > > This configures: > > Client - HTTP -> Squid. > > Which I note is missing from your specs. If your specs were right then > drop this and only use the https_port directive below. > yes, it is right. I am using it as reverse proxy for both HTTP and HTTPS > >> https_port 443 cert=/etc/squid/ssl.crt key=/etc/squid/ssl.key >> defaultsite=dflt1.domain.sk vhost >> >> acl webmail dstdomain webmail.domain.sk >> >> cache_peer dflt1.domain.sk parent 80 0 no-query originserver > > Missing: name=dflt1 > > when I copied it, it has lost, I have the parameter there, sorry >> cache_peer dflt1.domain.sk parent 443 0 no-query ssl >> sslflags=DONT_VERIFY_PEER front-end-https >> name=dflt1 > >> cache_peer webmail.domain.sk parent 80 0 no-query originserver > name=dflt2 >> >> >> cache_peer_access dflt2 allow webmail > > Missing: > cache_peer_access dflt2 deny all > > cache_peer_access dflt1 allow !webmail > I have added your suggested lines > Also missing: > * list of domains to be passed to dflt1 > * http_access lines to permit valid domain traffic to enter Squid. > >> >> According to log the redirection is either all the time http or https >> (if i add protocol=http to the configuration above): >> >> 1260203474.257 116 Y.Y.Y.Y TCP_MISS/502 1439 GET >> https://webmail.domain.sk/ - DIRECT/ >> X.X.X.X text/html >> >> >> >> How can I configure squid as https reverse proxy and one page redirect > to >> the https backend server and the second page redirect to the http >> backend server? > > What you had configured above is a reverse proxy which accepts both HTTP > and HTTPS connections. Then passes all requests to dflt1.domain.sk:80. > > If dflt1.domain.sk:80 became available or overloaded the webmail.domain.sk > traffic would be pushed to dflt1.domain.sk:443 and the non-webmail.* > traffic would be dropped with an error. As I posted above, the traffic is pushed to correct host (webmail.domain.sk), but to the https and I need it to push to http. Everything else is working as I expect... Regards, lk