Search squid archive

Re: Squid as Reverse Proxy with Parent Proxy, http inbound and https outbound

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/11/22 16:00, Joel Howard wrote:

I'm trying to use Squid (3.5.27, in a docker container)

My response below should cover Squid v3 in principle, but there may be important caveats that I am forgetting about that apply to that unsupported and ancient version. You should not use that version.


as a non-caching reverse proxy with http inbound and https outbound, to support an application that requires a proxy for internet access but does not allow proxy configuration (and I do not have access to the application's host machine). Ideally the squid proxy itself would not have a tls cert, since inbound traffic would be http, and I would like to add headers.

Are you trying to configure Squid to convert a received "GET http://example.com/"; request into a "GET https://example.com"; request sent from Squid (to the parent proxy)?


What keeps stopping me is that I also need to support a parent forward proxy, which itself may support http or https inbound.

Does the parent forward proxy accept plain text TCP connections or TLS connections? What port does the parent proxy listens on? Can you telnet or otherwise probe it to figure out whether it expects TLS? Most proxies expect plain text TCP connections, but there are HTTPS proxies that expect TLS.


I've tried the various examples here <https://wiki.squid-cache.org/SquidFaq/ReverseProxy>, but I'm struggling to "flip" the proxy direction - receive the request as a reverse proxy, configure the outbound request appropriately, and then send it on *via* the parent proxy. I'm not sure if cache_peers can be "chained" like this, or if they can't, how I can configure the single cache_peer so that proxied https works correctly.

I have not tested this, but I would expect the reverse/forward "flip" itself to work more-or-less automatically -- Squid should do what is necessary on its own IIRC. I suspect your problem is elsewhere.

Perhaps you should try to make everything work for plain text HTTP traffic first? Outside of a docker?

Please share your http_port and cache_peer configuration and the errors/problems they currently cause.


Cheers,

Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux