On Sun, 1 May 2011 23:22:26 +0800, Gary K wrote:
Hi Amos,
Thank you for your response.
The following is is my configuration:
http_port 80 accel defaultsite=www.abc.com
cache_peer 202.x.x.x parent 80 0 no-query originserver name=myAccel
acl our_sites dstdomain www.abc.com
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all
So all traffic arriving on port 80 will be sent to 202.x.x.x.
acl HTTPS proto HTTPS
deny_info http://www.efg.com/ HTTPS
http_access deny HTTPS
cache_peer 75.x.x.x parent 80 0 no-query originserver name=myserver1
acl sites_myserver1 dstdomain www.efg.com
None of these will be used with the mentioned http_port settings.
Reverse-proxy will only get traffic on its port 80 (HTTP).
The main 202.* peer is likely up, so the backup 75.* will not be used
(no access rules to say when 75.* applies therefore its available as a
backup).
I change my host file in window and connect to http://www.efg.com is
no problem and can see the log in /var/log/squid3/access.log.
But when i click one of the icon in this site is involved https, no
response and I can see any a hit in the log.
port 443 on whichever IP you configured in hosts file is not working.
The config you just showed indicates Squid is not involved. The lack of
log traces in squid confirms that.
I know i can use https_port 443 to add the cert in squid. But I want
to config this squid server to serve different customers as a cache
server and their dns porint to this server. What I want to do is:
1. Cache the http service for different site ( now is OK)
2. if this site involve https service, let the traffice redirect to
the original web server ( no solution now).
3. if https_port can support multiple cert for different sites.
cache
the https sites. (no solution now).
Hope you can help.
Regards,
Gary
2011/5/1 Amos Jeffries:
On 01/05/11 15:41, Gary K wrote:
Hi Amos,
Thank you for your reply!
Any method when received http go to squid cache, when received
https
redirect to web server directly?
Multiple concepts clash in your statement...
Â"squid cache" -> storage component of Squid
Â"redirect" -> HTTP 301, 302, 303 or 307 message
Â"web server direct" -> use global DNS to locate web service
The config I gave you earlier prevents Squid proxy using Squid cache
component to service the HTTPS requests.
Reverse proxy HTTPS can redirect to web server HTTP with:
Âacl HTTPS proto HTTPS
Âdeny_info http://example.com/ HTTPS
Âhttp_access deny HTTPS
Making Squid reverse proxy go direct to web servers instead of using
cache_peer is unsafe. Normal reverse proxy configuration has
cache_peer
entires to pass the requests to web servers without using global
DNS.
Reading between the lines I suspect you mean passing HTTP traffic to
Squid
and HTTPS not to Squid?
ÂReverse proxy has gobal DNS pointing a whole domain at Squid IP.
You can:
Â(at DNS level) configure with a different domain
 (ie http://www.example.com/ and https://ssl.example.com/)
OR
Â(at packet level) forward/route port 443 from Squid box to the web
server
box instead of configuring squid https_port.
OR
Â(at service level) have Squid listening on port 80 and web server
on port
443 on the Squid box.
Any of this helpful?
