On 4/12/2013 9:19 p.m., Gianluigi Ruggeri wrote: > Hi, > > thanks for your reply. > I'm confused...I use squid as a web cache in front of my Apache web > server and I want that the user does not notice the presence of this > (the user connects to myHost.com and will not know if there will be > Squid). I understood that this configuration is transparent-proxy. > No. That network design is reverse-proxy. Whether the users can notice it or not does not matter. It is the official public portal to your website. > It is correct for my purpose? What is it exactly forward proxy or > reverse-proxy? Are these typologies simil to my necessary > configuration? Forward-proxy is a proxy run by ISP. Caching the users access to lots of different websites to speed up their. Reverse-proxy is a proxy run as CDN sitting in front of a web server. For caching and reducing the load on the web server such that it can service many more visitors at once. Does that help carify? To change your config to reverse-proxy: 1) use the "accel" option on yoru https_port and https_port lines instead of "transparent". 2) configure cache_peer lines in squid.conf pointing at the Apache. 3) point your website DNS records at the proxy IP instead of the Apache IP. NP: you can either use the same cert on apache and Squid, or a self-signed certificate on Apache. So long as Squid trusts the CA used to sign the Apache cert it does not matter. Your sites official public cert should be used on the Squid https_port either way. There are some example configurations at http://wiki.squid-cache.org/ConfigExamples/#Reverse_Proxy_.28Acceleration.29 Amos