[squid-users] Reverse proxy HTTPS to HTTP, with 2.6

From: Joel CARNAT <[email protected]>
Date: Fri, 10 Nov 2006 11:57:21 +0100

Hi,

I have internal websites that I want to publically publish using http
and https.

(Internet) -> [ squid:80] -> (Internal server:80)
(Internet) -> [ squid:443] -> (Internal server:80)

When using Squid 2.5, I had configured:
########################################################################
httpd_accel_host 127.0.0.1
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
https_port 443 cert=/usr/pkg/etc/squid/server.crt key=/usr/pkg/etc/squid/server.key
########################################################################

Now that I upgraded to 2.6, I read those options don't exist anymore and
are replaced by options in http_port/https_port. Publishing HTTP to HTTP
is OK but publishing HTTPS to HTTP doesn't work.
I have configured 2.6 as follow:
########################################################################
http_port 80 transparent
https_port 443 cert=/etc/openssl/certs/server.pem key=/etc/openssl/private/server.key
########################################################################

When I browse https://www.myhome.net/, the log error is
########################################################################
Nov 10 11:51:49 10.0.0.9 squid[26940]: clientReadRequest: FD 12 (217.69.16.66:48633) Invalid Request
Nov 10 11:51:49 10.0.0.9 squid[26940]: 1163155909.357 35 217.69.16.66 TCP_DENIED/400 1697 GET error:invalid-request - NONE/-
text/html
########################################################################

I have tried several options (vhost, ...) in https_port but the less
worse I can achieve is (Internet)->(squid:443)->(internal server:443).
But I would like not to run http AND https on my internal servers.

Is it (still) possible, with Squid 2.6, to achieve
(Internet)->(squid:https)->(internal server:80) ?

What did I miss ?

TIA,
        Jo
Received on Fri Nov 10 2006 - 03:58:40 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST