Hi Dean at 16.09.2011 15:12, Dean Weimer wrote: >> -----Original Message----- >> From: Erich Titl [mailto:erich.titl@xxxxxxxx] >> Sent: Friday, September 16, 2011 3:35 AM >> To: squid-users@xxxxxxxxxxxxxxx >> Subject: forward and reverse proxy with squid 3.2 >> >> Hi Folks >> >> I need to replace my squid proxy running on a Debian Lenny, because > the >> version provided does not handle ssl. >> >> I managed with some tweaks to the makefile (especially for the link >> phase) to compile 3.2.0.11, the configuration changes though apear to >> make it impossible to run a normal and reverse proxy in the same > instance. >> >> I copied most of the configuration files from the old installation, >> hoping they would not to be too different. >> >> My new installation runs fine as a normal proxy, as soon as I include >> the reverse proxy configuration, everything is sent to the peer >> mentioned there. >> >> ########################################################## >> ########################## >> # squid reverse proxy settings >> # content shamelessly adapted from >> # >> http://wiki.squid- >> cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate >> # Copyleft 2009 erich.titl@xxxxxxxx >> ########################################################## >> ########################## >> >> http_port 80 accel >> >> # peer servicedesk >> cache_peer servicedesk.ruf.ch parent 80 0 no-query originserver >> name=servicedesk >> >> acl sites_server_1 dstdomain servicedesk.ruf.ch >> cache_peer_access servicedesk allow sites_server_1 >> http_access allow sites_server_1 >> ########################################################## >> ############################### >> >> It appears that the cache_peer directive now takes precedence. >> >> cheers >> >> Erich > > Erich, > I ran into this when switching to the 3.x branch from 2.x, you > need to answer on a second port for the forward proxy requests, this > setup works in 3.1.x, I haven't tried it in 3.2.x versions, but I > believe this should work in it as well. > > http_port 80 accel > http_port 3128 > # If using https on reverse proxy as well > https_port 443 accel cert=/usr/local/squid/etc/certs/chain.crt > key=/usr/local/squid/etc/certs/cert.key options=NO_SSLv2 > cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2 I have a forward proxy defined on 8080 and it works well until I include the reverse proxy configuration. Then everything goes to the cache peer defined for that vhost. What does your cache peer look like? Thanks Erich
<<attachment: smime.p7s>>
