I'm sure I'm missing something stupid, but https traffic just isn't caching. I really want to cache https alongside http as this project is for a customer who lives in the sticks and pays dearly for every byte.
1471660884.894 11402 172.22.19.48 TCP_MISS/200 746898 GET https://www.jrssite.com/newfi/fullsizes/081916214031.jpg - ORIGINAL_DST/23.30.254.3 image/jpeg
1471660967.389 14392 172.22.22.68 TCP_MISS/200 746898 GET https://www.jrssite.com/newfi/fullsizes/081916214031.jpg - ORIGINAL_DST/23.30.254.3 image/jpeg
1471661329.884 33506 172.22.22.68 TCP_MISS/200 746898 GET http://www.jrssite.com/newfi/fullsizes/081916214031.jpg - ORIGINAL_DST/23.30.254.3 image/jpeg
1471661385.282 402 172.22.19.48 TCP_HIT/200 746906 GET http://www.jrssite.com/newfi/fullsizes/081916214031.jpg - HIER_NONE/- image/jpeg
# grep -i ssl /usr/local/squid/etc/squid.conf
acl SSL_ports port 443
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
ssl_bump stare all
ssl_bump bump all
https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/ssl/CACert.pem
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 10
Happy to provide any other information someone else might find useful. I'm sure that there is just some point of ignorance on my part. This is indeed all very new to me.
Thank you.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users