On Friday 05 September 2003 20.45, Jim Flowers wrote:
> I am trying to set up a Squid3 accelerator to accept https://
> requests and to rewrite them to a virtual domain as http://
> requests. In order to do this I use:
>
> https_port 443 cert=/usr/local/etc/apache/ssl.crt/server.crt
> key=/usr/local/etc/apache/ssl.key/server.key accel
> defaultsite=my.virtualhost.com protocol=http.
Looks fine.
> This appears to rewrite everything to http://my.virtualhost.com on
> its own and does not ever get to the redirect_program instead
> showing up as an http:// request at my.virtualhost.com on port 443.
Why are you using a redirect program?
The requests should not get forwarded at all unless you for some
reason forces these direct, and if they are they should end up as
http://my.virtualhost.com/ (port 80).
There was some minor issues in how Squid-3 handled this some weeks ago
(sometimes getting the port number incorrect on accelerated requests)
but it should work fine now.
> Can Apache3 be configured as an accelerator rewriting https://
> requests to http:// name-based virtual domains? How do I get the
> request to the redirect_program?
This is a Squid list, not an Apache list.
If I understand you correctly you want Squid to accept https request
and forward them to a http server of your choice? If this is the case
then use something like this:
https_port 443 cert=... key=... accel defaultside=...
(don't use protocol=)
cache_peer your.http.server parent 80 0 no-query originserver
acl my dstdomain my.virtualhost.com
cache_peer_access your.http.server allow my
If the domain name requested by the browser is different compared to
the domain name expected by the http server then you have three
options:
a) Set the defaultsite= to the domain name expected by the web server
(not recommended.. this should be set to the externally visible
domain name)
b) Use a redirector to rewrite the URL while forwarded by Squid (this
will modify the cache_peer_access requirements accordingly).
c) Use the forcedomain= cache_peer option.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [email protected]Received on Fri Sep 05 2003 - 17:06:21 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:33 MST