RE: [squid-users] SSL and Reverse Proxy

From: Chris Perreault <[email protected]>
Date: Mon, 23 Aug 2004 07:31:42 -0400

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Friday, August 20, 2004 7:08 PM
To: Chris Perreault
Cc: Brad Taylor; squid-users@squid-cache.org
Subject: RE: [squid-users] SSL and Reverse Proxy

On Fri, 20 Aug 2004, Chris Perreault wrote:

> https_port 443 vhost cert=/path_to_squid/squid/etc/squid_cert.pem
> key=/path_to_squid/squid/etc/squid_key.pem vhost

vhost on an https_port? and twice?

Most people run a single domain on each https_port.

You probably should specify a defaultsite=... there instead. But if your SSL
certificate is a wildcard certificate then vhost makes sense (in addition to
defaultsite)

Regards
Henrik

~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~

This was recommended to us by an outside source. Our setup is multiple
back-end origin servers, but those accessing them will do so in a virtual
host type manner. Ie:
Mywebsite.com/extranet points to the extranet site
Mywebsite.com/intranet points to the intranet site
Mywebsite.com defaults to a portal type server which collects the username
from the ldap auth'd session's header.

We are getting close to rolling it out, are just awaiting completion of some
customizing that will allow form based auth to ldap so inside apps can still
do basic auth if need be. As well as obtain the ability to write various
headers into the session as well.

Until you mentioned it I did not notice the second "vhost" in that config
line. It works but now I wonder why its there too. (If I understand your
question about "twice" correctly)

Chris
Received on Mon Aug 23 2004 - 05:33:49 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT