Re: [squid-users] SQUID + SSL REVERSE�PROXY

From: Henrik Nordstrom <[email protected]>
Date: Tue, 28 Dec 2004 21:42:02 +0100 (CET)

> https_port 443 cert=/etc/squid/key.crt key=/etc/squid/key.key

Ok,

> redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

Why are you using squidGuard?

> httpd_accel_host virtual

Are you sure about this? In most setups this should be your official
domain name, identical to what you type in the browser, and also the same
as the server name in your certificate above.

> httpd_accel_port 0
> httpd_accel_uses_host_header off

For OWA it works better with this on.

> cache_peer owamail.cim-italia.it 80 443 no-query front-end-https=on

Not correct format. See the cache_peer description.

> never_direct allow all

ok.

> acl owa dstdomain 89.0.4.128/255.255.255.255

Not ok. dstdomain wants a domain name.

> cache_peer_access owamail.cim-italia.it allow owa
> cache_peer_access owamail.cim-italia.it deny all
> visible_hostname owamail.cim-italia.it

You also need http_access rules.

> 2004/12/28 16:47:44| WARNING: Unknown neighbor type: 80
> FATAL: Bungled squid.conf line 140: cache_peer owamail.cim-italia.it 80 443 no-query front-end-https=on

Yes. Exacly what it says.

Regards
Henrik
Received on Tue Dec 28 2004 - 13:42:05 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:03 MST