> -----Original Message----- > From: Erich Titl [mailto:erich.titl@xxxxxxxx] > Sent: Friday, September 16, 2011 3:35 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: forward and reverse proxy with squid 3.2 > > Hi Folks > > I need to replace my squid proxy running on a Debian Lenny, because the > version provided does not handle ssl. > > I managed with some tweaks to the makefile (especially for the link > phase) to compile 3.2.0.11, the configuration changes though apear to > make it impossible to run a normal and reverse proxy in the same instance. > > I copied most of the configuration files from the old installation, > hoping they would not to be too different. > > My new installation runs fine as a normal proxy, as soon as I include > the reverse proxy configuration, everything is sent to the peer > mentioned there. > > ########################################################## > ########################## > # squid reverse proxy settings > # content shamelessly adapted from > # > http://wiki.squid- > cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate > # Copyleft 2009 erich.titl@xxxxxxxx > ########################################################## > ########################## > > http_port 80 accel > > # peer servicedesk > cache_peer servicedesk.ruf.ch parent 80 0 no-query originserver > name=servicedesk > > acl sites_server_1 dstdomain servicedesk.ruf.ch > cache_peer_access servicedesk allow sites_server_1 > http_access allow sites_server_1 > ########################################################## > ############################### > > It appears that the cache_peer directive now takes precedence. > > cheers > > Erich Erich, I ran into this when switching to the 3.x branch from 2.x, you need to answer on a second port for the forward proxy requests, this setup works in 3.1.x, I haven't tried it in 3.2.x versions, but I believe this should work in it as well. http_port 80 accel http_port 3128 # If using https on reverse proxy as well https_port 443 accel cert=/usr/local/squid/etc/certs/chain.crt key=/usr/local/squid/etc/certs/cert.key options=NO_SSLv2 cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2 Make sure to include the proper access list entries so that you don't open the forward proxy to the world when allowing access to the reverse proxy port. The server will answer on http and https on ports 80 and 443 and direct those to the parent server, when connected to on port 3128 it will function as a standard forward proxy service for your internal users. Dean
