On 11/02/11 09:00, Sri Rao wrote:
Hi,
I am trying to setup squid as a ssl proxy to load balance btwn
reverse-proxies. I believe the config is right but what is happening
What you have setup is a forward proxy load balancer which only permits
management and binary-over-HTTP tunneled traffic from its localhost
machine IP.
is that squid gets the CONNECT request and connects to the reverse
servers on the right port but forwards the CONNECT request instead of
connecting to them as the originserver. I am pasting the config as it
is right now. I am using localhost as test reverse proxies just for
testing. It Also doesn't seem to be failing to the next peer when the
first one it selects either returns an error(http error code or
connection failure) and I have retry_on_error.
This would be an artifact of the special handling CONNECT requests have.
Your goal of having an SSL proxy directly opposes the use of CONNECT.
Since CONNECT is a binary-over-HTTP tunnel.
I suggest going back to your first stated criteria "setup squid as a ssl
proxy" and getting that going.
This means using the https_port directive (NOT the http_port!!). With a
server SSL certificate. Squid will then be an SSL proxy.
* Problem 2 is then how to get browsers etc to send traffic to it.
Since your third criteria is to pass traffic to reverse proxies it
implies that this is to be a front-end reverse-proxy itself.
If that is correct, then setup the https_port with the reverse-proxy
accel options. And do a standard reverse-proxy to two backends
configuration.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.11
Beta testers wanted for 3.2.0.4
