Search squid archive

Re: Reverse proxy with HTTPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Fri, Mar 3, 2017 at 4:55 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 4/03/2017 3:53 a.m., sothy shan wrote:
> On Fri, Mar 3, 2017 at 2:56 PM, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx>
> wrote:
>
>> On 03.03.17 10:02, sothy shan wrote:
>>>>
>>>>> I am trying to test reverse proxy with HTTPS. For example, client makes
>>>>> HTTPS request to squid server which make another HTTPS request to web
>>>>> server.
>>>>>
>>>>
>> On Fri, Mar 3, 2017 at 12:59 PM, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx
>>>>
>>> wrote:
>>>
>>>> what point does this have, except disabling client certificates?
>>>>
>>>
>> On 03.03.17 14:09, sothy shan wrote:
>>
>>> Will it work as expect (i.e. reverse HTTPS Proxy) when I disable client
>>> certificates?
>>>
>>
>> It should work even without disabling client certificates, it just makes
>> little sense.
>>
>> Talking to servers using HTTP and thus behaving like SSL accelerator makes
>> sense.
>>
>> Behaving like caching accelerator while using SSL on both sides makes
>> little
>> sense, of course depending on cacheability of the content.
>>
>
> In order to check first rever proxy with HTTP, I am using squid-4.0.18.
> The following changes are added into /etc/squid/squid.conf
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> http_port 192.168.1.69:80 accel defaultsite=www.xxxx.fr
> cache_peer X.Y.W.Z parent 80 0 no-query originserver name=myAccel
>
> acl our_sites dstdomain www.lemonde.fr
> http_access allow our_sites
> cache_peer_acces myAccel allow our_sites
> cache_peer_access myAccel deny all
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> After that I am manually running
> $sudo squid -d 2 -a 80 -N -X
>
> Squid is not running and stopped in the middle without any error msg.
>

I very much doubt there is *no* error message. Much more likely that it
is just being sent to a place you are not noticing.

> Do you see where is problem?

You have told Squid to open port 80 on *all* IPs of the machine for
generic proxy traffic (command line parameter "-a 80"), then you have
told Squid to *also* open port 80 on IP 192.168.1.69 for reverse-proxy
traffic.

You cannot open a IP:port twice. Not even with the same application.

I changed the configuration
++++++++++++++++++++++++++++++++++++
http_port 192.168.1.69:80 accel defaultsite=www.AAAAA.com
cache_peer 192.168.1.31 parent 80 0 no-query originserver


http_access allow all
 ++++++++++++++++++++++++++++++++++++++++++
It worked well now for HTTP reverse proxy.
Amos

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux