Re: [squid-users] ssl between squid accellerators

From: Henrik Nordstrom <[email protected]>
Date: Thu, 27 Mar 2003 01:19:38 +0100

mlister wrote:

> Anyways I will compile Squid-3 and start working with it, but I am curious
> if you (Henrik, or any of the listers) have any sample configuration files
> or could give me cache_peer directive examples to where I have something to
> mold.
>
> client <---SSL-->SQUID1<---SSL--->SQUID2<---HTTP-->webserver

Squid-3:

SQUID1:

https_port 443 cert=... accel defaultsite=www.your.domain
cache_peer squid2 parent 443 0 ssl no-query originserver

SQUID2:

https_port 443 cert=... accel defaultsite=www.your.domain
cache_peer webserver parent 80 0 no-query originserver

Squid-2.5+ssl update:

SQUID1:

https_port 443 cert=...
httpd_accel_host www.your.domain
httpd_accel_port 80
cache_peer squid2 parent 443 0 ssl no-query
never_direct allow all

alternatively instead of using cache_peer+never_direct, use a redirector
which rewrites the requests as https://www.your.domain/ and register
www.your.domain into /etc/hosts with the address of SQUID2.

SQUID2:

https_port 443 cert=..
httpd_accel_host www.your.domain

and put www.your.domain into /etc/hosts with the address of the real web
server.

In all cases you should also configure http_access to only allow access
to www.your.domain..

Regards
Henrik
Received on Wed Mar 26 2003 - 17:20:54 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:21 MST