RE: [squid-users] HTTP/1.1 reverse Proxy over SSL?

From: Sean Brennan <[email protected]>
Date: Thu, 25 Sep 2003 17:28:30 -0700

I got it working

http_port 80
http_port 8080

https_port 443 cert=/usr/local/squid/ssl_gw.pem
 
httpd_accel_host virtual
httpd_accel_port 0

httpd_accel_with_proxy on
httpd_accel_uses_host_header on
 
The only issue is that with httpd_accel_host Virtual and httpd_accel_port 0,
with accel port 0, the server on the back end still needs to listen to port
443, even through it's not doing the SSL encryption/decryption. If all the
servers on the back end a just listening to port 80, then set the
httpd_accel_port 80. With this scenario, httpd_accel_port 80, the squid will
do the SSL encryption/decryption on port 443 (or what ever you set it to on
the https_port in the config file) and send clear text to the back-end web
servers over port 80.

When you set the httpd_accel_port 0, it will forward the clear text to the
back end server on whatever port the client came into the squid on.

-Sean

-----Original Message-----
From: Markus Gaugusch [mailto:markus.gaugusch@pdts.at]
Sent: Wednesday, September 24, 2003 11:36 PM
To: squid-users@squid-cache.org
Subject: [squid-users] HTTP/1.1 reverse Proxy over SSL?

I'm using squid 3.0-PRE3 and would like to implement a reverse proxy
that supports several back-end servers via HTTP/1.1. It works without
SSL, but this is not what I need :)
I know that the certificate will be wrong if I use this configuration,
but this is just for internal use and I can generate a
wildcard-certificate to reduce the number of warnings received by the user.
If this is not possible with squid, I thought about terminating the SSL
tunnel with stunnel and run squid on port 80 (or somewhere else,
shouldn't matter), but this isn't a really clean solution, right?

Markus

-- 
_____________________________________________________
Markus Gaugusch        eMail: markus.gaugusch@pdts.at
PDTS - Prozessdatentechnik und Systeme
Gesellschaft fuer industrielle Datenverarbeitung GmbH
A-1150 Wien, Moeringgasse 20
Tel.: +43-1-526 17 57/227     WWW: http://www.pdts.at
Received on Thu Sep 25 2003 - 18:28:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:02 MST