Parents and SSL - Squid 1 vs Squid 2

From: <[email protected]>
Date: Wed, 30 Jun 1999 14:54:44 +1000

Hi all,

I'm looking at upgrading our Squid servers from version 1 to version 2 and
am having some difficulty with the SSL proxy configuration in version 2.

The existing version 1 hierarchy simplified is

client --> proxy2 --> proxy1 --> Internet

there are no siblings, only parents. Proxy1 actually has 2 proxy servers
running on seperate ports but same IP address, one is for SSL, the other is
for everything else (don't ask why, just trust me) and this is causing the
problem.

With Squid version 1, proxy2 had the following important bits in squid.conf
(10.10.10.1 is proxy1)

> cache_host 10.10.10.1 parent 3128 3130 no-query
> ssl_proxy 10.10.10.1:8000

Now that the 'ssl_proxy' tag is no longer in Squid version 2, I'm not sure
how to rewrite this. I've read the FAQ (
http://squid.nlanr.net/Squid/FAQ/FAQ-19.html) and it's confusing because it
contradicts itself.

I don't have a problem with changing the first line to 'cache_peer', but
will I need another cache_peer line like

> cache_peer 10.10.10.1 parent 8000 7 no-query

to define the SSL proxy port on proxy1? What other rules and ACL's will I
need?

The 'cache_peer_access' tag looks like it might be what I need, but the
documentation in the squid.conf file is also wrong (the syntax is *NOT*
identical to 'http_access' because 'http_access' does not take 'cache-host'
as an argument). As far as I can tell, 'cache-host' can only be a hostname
or IP address, not IP address + port.

How can I configure proxy2 to have the same functionality as Squid version
1 had?

Any help or suggestions appreciated.

Robert.
Received on Tue Jun 29 1999 - 22:39:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:03 MST