Search squid archive

Accessing cache_peer siblings with ssl for reverse proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi everyone,

I have successfully set up reverse proxy and ICP communication between siblings. I'd like to encrypt cache sharing between siblings, but cannot figure out the optimal solution for this. I have not found from documentation, how to do ssl encryption between cache_peer hosts so that cache objects are transferred securely over the Internet.

It works like this: local http client connects to squid with plain http, squid acts as https client for remote server, fetches objects and stores them into cache. The question is, how to fetch objects from sibling caches with ssl and minimal overhead?

My current test system configuration (replaced hostnames with foobar, the second test sibling just has y.y.y.y ip address in configuration):

cache_effective_user squid
cache_effective_group squid

http_port 3128 accel vhost

cache_peer foo.bar.tld parent 443 0 no-query no-digest originserver ssl sslversion=6 name=foo-1

cache_peer_domain foo-1 .foo.bar.tld

icp_port 3130

cache_peer x.x.x.x sibling 3128 3130 proxy-only

maximum_object_size 64 MB

cache_mem 4 GB

forwarded_for transparent

refresh_pattern -i cgi-bin      0       0%      0
refresh_pattern -i ^http:\/\/AUTH_.*squid.internal.* 2880 100% 10080 override-expire
refresh_pattern .               0       20%     4320

acl foobar_storage dstdomain .bar.tld
acl sibling_list src x.x.x.x/32

http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access allow sibling_list
http_access deny all

cache_peer_access foo-1 allow foobar_storage
cache_peer_access foo-1 deny all

icp_access allow sibling_list

cache_replacement_policy heap LFUDA
cache_dir aufs /var/spool/squid/ssd 65536 16 256 min-size=0 max-size=1MB

cache_dir aufs /var/cache/squid 1000000 64 256 min-size=1MB

coredump_dir /var/spool/squid

store_id_program /usr/lib64/squid/storeid_file_rewrite /var/spool/squid/store_id_db
store_id_children 20 startup=2
store_id_access allow foobar_storage
store_id_access deny all

####
foo.bar.tld is remote storage service.

Thanks in advance,
Veiko
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux