Dear Squid Gurus! I am running squid 2.6 on an IPCOP firewall as caching proxy for my internal network. I got 2 more servers now running an HTTPS service. Our webhoster forwards traffic by URL-HIDING to our dynDNS. a) internal clients being able to browse the web via squid b) HTTP website on server APP-001 available at port 80 and URL xxx.mine.nu, cached to the outside c) HTTPS website on server NAS-003 available at port 443 and URL xxx.mine.nu, cached to the outside d) HTTPS website on server APP-004 available at port 443 and URL xxx.mine.nu/extranet/, cached to the outside In the end it should work like this: Web proxy: internet <---- squid transparent:800 <---- internal clients browsing the web Reverse proxy: internet (xxx.mine.nu) ----> squid accel:80 ----> APP-001:80 internet (xxx.mine.nu) ----> squid accel:443 ----> NAS-003:443 internet (xxx.mine.nu/extranet/) ----> squid accel:443 ----> APP-004:443 (or :80) Based on my squid.conf I am able now to grab the standard webpage (APP-001:80), the /extranet/ page for APP-004 at port 80 and 443 (which should be only 443) but the webpage at 443 is not opening. Furthermore every traffic from internal network is ending now on the webserver at APP-001:80. Here is my squid.conf: [CODE] shutdown_lifetime 1 seconds icp_port 0 # Reverse Proxy for HTTP http_port 80 accel defaultsite=www.REALDNS.net # Forward ORIGIN IP to server - to be checked #forwarded_for on cache_peer 192.168.103.25 parent 80 0 no-query originserver name=app-001 acl ndjsite dstdomain www.REAL.net cache_peer_access app-001 allow ndjsite # Deny - check later #cache_peer_access app-001 deny all # w/ cert for HTTPS https_port 443 accel cert=/var/ipcop/proxy/server.crt key=/var/ipcop/proxy/server.key defaultsite=xxx.mine.nu vhost protocol=https # Forward ORIGIN IP to server - to be checked #forwarded_for on # and multi host acl ndjext urlpath_regex ^/extranet cache_peer 192.168.103.20 parent 443 0 no-query originserver ssl name=nas-003 login=PASS cache_peer_access nas-003 deny ndjext cache_peer 192.168.103.26 parent 443 0 no-query originserver ssl name=app-004 login=PASS cache_peer_access app-004 allow ndjext cache_peer_access app-004 deny ndjsite http_port 192.168.103.1:800 transparent http_port 192.168.105.1:800 transparent acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_effective_user squid cache_effective_group squid pid_filename /var/run/squid.pid cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none log_mime_hdrs off forwarded_for off # Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes # you make will be overwritten whenever you resave proxy settings using the # web interface! Instead, modify the file '/var/ipcop/proxy/acl' and then # restart squid using the web interface. Changes made to the 'acl' file # will propagate to the 'squid.conf' file at that time. # [Scott Tregear, 22 Feb 2005] # Uncomment the following line to enable logging of User-Agent header: #useragent_log /var/log/squid/user_agent.log # Uncomment the following line to enable logging of Referer header: #referer_log /var/log/squid/referer.log acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 800 # Squid port (for icons) acl IPCop_http port 81 acl IPCop_https port 445 acl IPCop_ips dst 192.168.103.1 192.168.105.1 acl IPCop_networks src 192.168.103.0/255.255.255.0 192.168.105.0/255.255.255.0 acl no_proxy_dst dst 0/32 acl CONNECT method CONNECT ##Access to squid: #local machine, no restriction http_access allow localhost #GUI admin if local machine connects http_access allow IPCop_ips IPCop_networks IPCop_http http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https #Deny not web services http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #Finally allow IPCop_networks clients http_access allow IPCop_networks !no_proxy_dst http_access deny all maximum_object_size 64768 KB minimum_object_size 4 KB cache_mem 10240 KB cache_dir aufs /var/log/cache 256 16 256 request_body_max_size 0 KB reply_body_max_size 0 allow all visible_hostname loki.xxxxxxx.local [/CODE] My config base was the squid manpages, squidcache.org's config examples and these page: http://www.sweetnam.eu/index.php/Reverse_Proxy_with_Squid and http://www.techienuggets.com/Comments?tx=94569 Perhaps you can point me to some examples were a setup like mine is running or where I can look for a solution. Google, wiki.squid-cache.org and these pages are my friends already: http://blog.spench.net/2010/02/24/tips-for-setting-up-squid-in-reverse-proxy -web-accelerator-accel-mode/ http://www.linux-club.de/viewtopic.php?t=24381 etc. Thanx for your help! Alex
