On 26/08/2015 1:48 a.m., Hicham Berni wrote: > Hi Eliezer, > > Thanks you for feedback, > > • Squid version installed is2.6.STABLE21 and may be this version not > handling these requests correctly ? This setup is very normal and these are teh simple its. So it should work with your Squid. BUT, 2.6 is the very first version of Squid that did virtual hosting in the modern way. Some parts have been improved in the years since the feature was first added. So YMMV a little. On the other hand 2.6 went EOL way, way, back in May 2008. It only speaks HTTP/1.0 and a little bit of HTTP/1.1. Most of what happens in The Internet these days will either break or bypass it. The TLS/SSL parts of HTTPS are entirely offloaded to your system OpenSSL library. So any failures there are outside Squid. It could simply be that the library is trying to speak SSLv2 or some other ancient thing that the browsers reject. > > setting for cache peer : > http_port 80 accel defaultsite=add.ptr.lu vhost > https_port 443 cert=/root/add.ptr.lu.pem key=/root/add.ptr.lu.key accel > defaultsite=add.ptr.lu vhost > cache_peer 15.40.40.47 parent 8000 0 no-query originserver > front-end-https=on name=ProdAccel > cache_peer 15.40.40.47 parent 8001 0 no-query originserver name=TestAccel There is some missing config: acl HTTPS proto HTTPS cache_peer_access ProdAccel allow HTTPS cache_peer_access ProdAccel deny all cache_peer_access TestAccel allow !HTTPS cache_peer_access TestAccel deny all That will make the requests go to the right backend server. :-) > > • From access logs, we do not see any TCP_DENIED log event for the ' > add.ptr.lu' request. > >> 2015/06/12 17:11:36| Starting Squid Cache version 2.6.STABLE21 for > i686-redhat-linux-gnu... > 2015/06/12 17:11:36| Process ID 3897 > ... > > 2015/06/12 17:11:36| Accepting accelerated HTTP connections at 0.0.0.0, > port 8000, FD 18. > 2015/06/12 17:11:36| Accepting proxy HTTP connections > at 0.0.0.0, port 3128, FD 19. > 2015/06/12 17:11:36| Accepting HTTPS > connections at 0.0.0.0, port 443, FD 20. > 2015/06/12 17:11:36| Accepting > ICP messages at 0.0.0.0, port 3130, FD 21. > 2015/06/12 17:11:36| WCCP > Disabled. > 2015/06/12 17:11:36| Configuring Parent 158.64.50.47/8000/0 > > 2015/06/12 17:11:36| Configuring Parent 158.64.50.47/8001/0 That is not the access.log transaction log. That is the cache.log debug log for critical/important service failures. All that says is that your Squid is running okay *as a program*. > > • Port 8000 is the port using for backend webserver > • So I try to access from external , I try https://add.ptr.lu , I > receive a issue with new url https://add.ptr.lu:8000/register > > So I supposed that it cannot return with this url > Your Squid is not listening on port 8000. You cannot make requests for that URL and expect them to go through Squid. The port 8000/8001 detail is just for the private TCP connection between Squid and the peers. It is not part of the HTTP(S) messages or URLs. You need the backend servers to accept and service http://add.ptr.lu/register. And generate relative-URLs. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users