Hi, I've tried to setup SSL accel AKA reverse proxy. The HTTP accel part works but no joy for the SSL side. Maybe I've misunderstood or misconfigured something? Thank you for the help. [root@node03 tmp]# export https_proxy="https://192.168.122.130:443"; [root@node03 tmp]# curl -v --insecure https://data.ephemeric.local/test.tgz * About to connect() to proxy 192.168.122.130 port 443 (#0) * Trying 192.168.122.130... * Connected to 192.168.122.130 (192.168.122.130) port 443 (#0) * Establish HTTP proxy tunnel to data.ephemeric.local:443 > CONNECT data.ephemeric.local:443 HTTP/1.1 > Host: data.ephemeric.local:443 > User-Agent: curl/7.29.0 > Proxy-Connection: Keep-Alive > * Recv failure: Connection reset by peer * Received HTTP code 0 from proxy after CONNECT * Connection #0 to host 192.168.122.130 left intact curl: (56) Recv failure: Connection reset by peer I have run "squid -NX" and nothing in stdout. I have enabled debug log too. I have tailed access and cache logs, nothing. This is so frustrating as the connection is reset and no logs to help. I followed this example and generated the certs etc: https://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate debug_options rotate=1 ALL,9 prefer_direct on forwarded_for on acl localnet src 192.168.122.0/24 acl localnet src fc00::/7 acl localnet src fe80::/10 acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl our_sites dstdomain download.fedoraproject.org centos mirror.centos.org artifacts.elastic.co data.ephemeric.local dl.google.com dl-ssl.google.com http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access allow our_sites http_access deny all cache_peer 127.0.0.1 parent 80 0 no-query originserver name=myAccel cache_peer_access myAccel allow our_sites cache_peer_access myAccel deny all http_port 8000 http_port 3128 accel defaultsite=data.ephemeric.local http_port 8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/squid.crt key=/etc/squid/squid.key https_port 443 accel defaultsite=data.ephemeric.local cert=/etc/squid/myCA.pem maximum_object_size 4096 MB cache_dir ufs /media/data/var/spool/squid 10000 16 256 coredump_dir /media/data/var/spool/squid cache_replacement_policy heap LFUDA [root@data squid]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) [root@data squid]# uname -r 3.10.0-693.5.2.el7.x86_64 [root@data squid]# squid -v Squid Cache: Version 3.5.20 Service Name: squid configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-strict-error-checking' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-eui' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,SMB_LM,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos' '--enable-external-acl-helpers=file_userip,LDAP_group,time_quota,session,unix_group,wbinfo_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl-crtd' '--enable-storeio=aufs,diskd,rock,ufs' '--enable-wccpv2' '--enable-esi' '--enable-ecap' '--with-aio' '--with-default-user=squid' '--with-dl' '--with-openssl' '--with-pthreads' '--disable-arch-native' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fpie' 'LDFLAGS=-Wl,-z,relro -pie -Wl,-z,relro -Wl,-z,now' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fpie' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
