thanks for the reply.. ok, I changed: 1) I configurated my iptables in this way: # Generated by iptables-save v1.4.7 on Wed Nov 9 13:37:50 2011 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [10363:2864591] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth+ -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -p icmp -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -i eth+ -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Wed Nov 9 13:37:50 2011 # Generated by iptables-save v1.4.7 on Wed Nov 9 13:37:50 2011 *nat :PREROUTING ACCEPT [4:650] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3125 -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 COMMIT 2) I configurated in squid.conf http_port http_port 3128 accel and I added the line: cache_peer 192.168.2.37 parent 80 0 Now, If I call : - mysite.com -----> It's ok - mysite.com/test ---> It's ok but I see in browser url bar : mysite.com:3128/test Why?? 3) I configurated in squid.con https_port https_port 3125 accel cert=/etc/squid/ssl/certificate.pem key=/etc/squid/ssl/private.pem I use Squid 2.6 stable 21 (on CentOS 5) and to enable SLL I have to use this command: squid –enable-ssl (Is correct??) Otherwise I not see the port 3125 in the result of the command: sudo netstat -anp | grep squid Is necessary to add also cache_peer line about 443 port? How can I add an other cache_peer with the same ipAddress? Please help me!! ;( Thanks 2013/12/5 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > On 4/12/2013 9:19 p.m., Gianluigi Ruggeri wrote: >> Hi, >> >> thanks for your reply. >> I'm confused...I use squid as a web cache in front of my Apache web >> server and I want that the user does not notice the presence of this >> (the user connects to myHost.com and will not know if there will be >> Squid). I understood that this configuration is transparent-proxy. >> > > No. That network design is reverse-proxy. > > Whether the users can notice it or not does not matter. It is the > official public portal to your website. > > >> It is correct for my purpose? What is it exactly forward proxy or >> reverse-proxy? Are these typologies simil to my necessary >> configuration? > > Forward-proxy is a proxy run by ISP. Caching the users access to lots of > different websites to speed up their. > > Reverse-proxy is a proxy run as CDN sitting in front of a web server. > For caching and reducing the load on the web server such that it can > service many more visitors at once. > > Does that help carify? > > > > To change your config to reverse-proxy: > > 1) use the "accel" option on yoru https_port and https_port lines > instead of "transparent". > > 2) configure cache_peer lines in squid.conf pointing at the Apache. > > 3) point your website DNS records at the proxy IP instead of the Apache IP. > > NP: you can either use the same cert on apache and Squid, or a > self-signed certificate on Apache. So long as Squid trusts the CA used > to sign the Apache cert it does not matter. > Your sites official public cert should be used on the Squid https_port > either way. > > There are some example configurations at > http://wiki.squid-cache.org/ConfigExamples/#Reverse_Proxy_.28Acceleration.29 > > > Amos
