On Tue, Sep 17, 2019 at 4:07 PM Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > On 9/17/19 2:07 PM, Sam Holden wrote: > > > https_port 4277 accel ... protocol=http > > > sees port 4227 act as an http port (no ssl) > > Assuming you meant "4277" when you said "4227" (or vice versa), your > statement sounds like an indication of a Squid bug to me: The "protocol" > option is documented to affect Squid-to-origin URL reconstruction. It > should have no effect on client-to-Squid communication (and https_port, > of course, expects TLS connections). In other words, the above > configuration should do what you want in principle AFAICT. > > How does Squid report the above https_port at startup? Look for the > "Accepting ... at ..." line early in your cache.log. Yes I made typo on the port number in my text. When I have protocol=http is reports: 2019/09/17 20:08:55| Accepting reverse-proxy HTTP Socket connections at local=0.0.0.0:4277 remote=[::] FD 13 flags=9 When I don't set the protocol is reports: 2019/09/17 20:17:38| Accepting reverse-proxy HTTPS Socket connections at local=0.0.0.0:4277 remote=[::] FD 13 flags=9 So it seems to be following the protocol= for the incoming protocol rather than just the outgoing. I've tried compiling the 4.6 source tarball and building the debian source package (to add openssl) which is a few minor versions older but with the normal debian back porting. I'm going to try the old stock debian one again - I think it was working with gnutls though I couldn't see a way to make the screen long options list work with gnutls. > > What happens when you connect to the above https_port using a TLS > connection? When I have the protocol=http I get (443 is being mapped to 4277 elsewhere): $ wget https://127.0.0.1:4277/ --no-check-certificate --2019-09-17 20:53:04-- https://127.0.0.1:4277/ Connecting to 127.0.0.1:443... connected. GnuTLS: An unexpected TLS packet was received. Unable to establish SSL connection. $ wget http://127.0.0.1:4277/ --2019-09-17 20:54:17-- http://127.0.0.1:4277/ Connecting to 127.0.0.1:443... connected. HTTP request sent, awaiting response... 200 OK Length: 61979 (61K) [text/html] > > Alex. > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
