Good morning, My name is Javi and I live in Spain.First of all, thank you for reading my questions. I have tried to found the answer here and in google but I don't have found anything.
I have a question about reverse proxy with one public ip and more back-end servers with SSL, I have attached an illustrative picture with my web server structure.
I have 2 Apache servers, one of these with virtual hosts. I don't have a problem with http conections. Now in https connections I can work with only ssl certificate installed in squid and the other 2 servers but this is the same certificate . But in https connections I would like to have one certificate in one server. (In the picture Certificate1 and Certificate2) Is it possible?
I attach my configuration file too.My configuration file (I have the certificate files currently installed in /etc/squid/certificados)
******************************************************************************************************************************************************************************************* http_port 80 accel defaultsite=www.burriana.es vhosthttps_port 443 accel cert=/etc/squid/certificados/server.crt key=/etc/squid/certificados/server.key defaultsite=www.burriana.es vhost protocol=https
forwarded_for on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320cache_peer 192.168.20.13 parent 80 0 no-query no-digest originserver name=etcote login=PASS acl sites_etcote dstdomain www.adi.burriana.es adi.burriana.es www.sme.burriana.es sme.burriana.es acl our_sites dstdomain www.adi.burriana.es adi.burriana.es www.sme.burriana.es sme.burriana.es
cache_peer_access etcote allow sites_etcotecache_peer 192.168.20.13 parent 443 0 no-query originserver ssl sslversion=3 sslflags=DONT_VERIFY_PEER front-end-https=on name=etcote_ssl acl site_etcote_ssl dstdomain www.adi.burriana.es adi.burriana.es www.sme.burriana.es sme.burriana.es
cache_peer_access etcote_ssl allow site_etcote_ssl acl https proto httpscache_peer 192.168.20.6 parent 80 0 no-query no-digest originserver name=burriana login=PASS
acl sites_burriana dstdomain www.burriana.es burriana.es acl our_sites2 dstdomain www.burriana.es burriana.es cache_peer_access burriana allow sites_burriana acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow our_sites2 http_access allow our_sites #http_access allow our_sites_ssl http_access allow https http_access allow manager all http_access allow manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all access_log /var/log/squid/access.log cache_mgr someone@xxxxxxxxxxxxx ****************************************************************************************************************************************************************************************** Thank you for your attention, Regards, -- *Javier Sansaloni Talens*
Attachment:
squid.png
Description: PNG image
