RE: [squid-users] Reverse SSL proxy on squid v3 - solved.

From: DUBOST Gaetan (DSIT-XA) <[email protected]>
Date: Mon, 26 May 2003 16:47:49 +0200

Oups, sorry, my squid init script was wrong, nice shot.
So now it is OK for http.

For https, squid -k parse does say nothing and the return code is 0 but now
the problem is solved to :

Here was the output for squid -D -d :

2003/05/26 13:51:42| Failed to acquire SSL private key '/PROXY/etc/key.pem':
error
:0906406D:PEM routines:DEF_CALLBACK:problems getting password
FATAL: Bungled squid.conf line 135: https_port 443 cert=/PROXY/etc/cert.pem
key=/P
ROXY/etc/key.pem
Squid Cache (Version 3.0.DEVEL-20030522): Terminated abnormally.
CPU Usage: 0.008 seconds = 0.004 user + 0.004 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 452

It was due to a problem during the certificate generation and a
missconfiguration :

https_port 443 cert=(...) key=(...) protocol=http accel vhost

Everything is fine now.
I'll see what I can do with the howto when I will be OK with reverse
proxying.

Thx.

-----Message d'origine-----
De : Henrik Nordstrom [mailto:hno@squid-cache.org]
Envoy� : vendredi 23 mai 2003 16:31
� : DUBOST Gaetan (DSIT-XA); squid-users@squid-cache.org
Objet : Re: [squid-users] Reverse SSL proxy on squid v3

On Friday 23 May 2003 10.06, DUBOST Gaetan (DSIT-XA) wrote:

> I am trying to configure a reverse proxy on squid v3 :
>
> Client --HTTPS-> Reverse Proxy --HTTP--> Server
> Client --HTTP-> Reverse Proxy --HTTP--> Server
>
> I have two problems :
>
> I)http
>
> http_port 80 accel
>
> The reverse http proxy works but when I shutdown squid
> I get the following error message :
>
> Stopping squid: FATAL: Bungled squid.conf line 62: http_port 80
> accel Squid Cache (Version 2.5.STABLE2): Terminated abnormally.

You are running the wrong Squid version here... make sure you always
run the version you intend to run. Older Squid versions will not be
happy if given a configuration file using directives only existing in
a newer version..

> I've created a self signed certificate and a key with the following
> command
>
> openssl req -x509 -newkey rsa -keyout key.pem -out cert.pem
>
> In my squid.conf I added the line :
> https_port 443 cert=/PATH/TO/cert.pem key=/PATH/TO/key.pem
>
> Squid cannot start and I have no logs neither in access.log nor in
> cache.log...

What does "squid -k parse" say?

> Is there an howto about that kind of configuration ?

Not yet.

You are welcome to write one when you have got all the pieces to work
together.

Note: The functionality you are looking for also exists in Squid-2.5.
There is no need to use the bleeding edge development version to
provide https acceleration. The syntax is slightly different however.

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [email protected]
Received on Mon May 26 2003 - 08:50:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:02 MST