Re: [squid-users] SSL Reverse Proxy

From: Shekhar Gupta <[email protected]>
Date: Thu, 11 Oct 2007 12:53:03 +0530

Hi Simon,

I am just sharing my config which i have done it for my SSL Reverse
Proxy for one of the site which is hosted on port 80 , One more thing
is i am runni ng squid with
-D option whcih tells squid not use DNS for name resolution , at the
same time i am making the entries in /ets/hosts file for the site .

https_port 443 cert=/Path to Certificate/testcert.cert key=/Path to
Key/testkey.pem defaultsite=mywebsite.mydomain.com vhost

cache_peer 10.112.62.20 parent 80 0 no-query originserver login=PASS
name=websiteA.mydomain.com
acl sites_server_1 dstdomain websiteA.mydomain.com
cache_peer_access websiteA.mydomain.com allow sites_server_1
cache_peer 10.112.143.112 parent 80 0 no-query originserver login=PASS
name=mywebsite.mydomain.com
acl sites_server_2 dstdomain mywebsite.mydomain.com
cache_peer_access mywebsite.mydomain.com allow sites_server_2
acl webserver dst 10.112.62.20 10.112.143.112
http_access allow webserver
http_access allow all
miss_access allow webserver
miss_access deny all
http_access allow manager localhost
http_access deny manager
http_access deny all

In the above config i am hosting 2 website which is running in my LAN
to publish outside using SSL proxy . Also in /etc/hosts i am making 2
entries for this

10.112.62.20 websiteA.mydomain.com websiteA
10.112.143.112 wywebsite.mydomain.com mywebsite

Let me know if you need any other help .

Regards,
Sudhir Gupta
On 10/11/07, Dwyer, Simon <sdwyer@federalit.net> wrote:
> Ok I have worked out the first issue which was a firewall rule issue.
>
> The http version is working fine now but the https one is still having
> issues. This is what I am getting when browsing to it.
>
> ERROR
> The requested URL could not be retrieved
>
> While trying to retrieve the URL: https://<website> /
>
> The following error was encountered:
>
> * Unable to forward this request at this time.
>
> This request could not be forwarded to the origin server or to any parent
> caches. The most likely cause for this error is that:
>
> * The cache administrator does not allow this cache to make direct
> connections to origin servers, and
> * All configured parent caches are currently unreachable.
>
> Your cache administrator is sdwyer@federalit.net.
> Generated Thu, 11 Oct 2007 05:21:58 GMT by <proxy>.federalit.net
> (squid/2.6.STABLE10)
>
>
>
> -----Original Message-----
> From: Dwyer, Simon
> Sent: Thursday, 11 October 2007 4:13 PM
> To: 'squid-users@squid-cache.org'
> Subject: [squid-users] SSL Reverse Proxy
>
> Hi everyone,
>
> First time doing this so if I mess it up don't flame too much ☺
>
> I have an internal web server that needs to be reached from the outside
> world.
>
> | Internal web server | <--> | Firewall | <--> | Squid Proxy | <--> |
> Firewall | <--> Internet
>
> Between the web server and the proxy it will be standard http but from the
> proxy to the internet it will be https. I have purchased a cert for the
> domain used and generated all the stuff needed on the squid server for that
> using openssl.
>
> I think these are the two relevant lines in my config.
>
> https_port 443 accel cert=/<path to cert>/cert.crt key=/<path to
> key>/key.key defaultsite=<website> vhost
>
> cache_peer reports2.federalit.net parent 2002 0 no-query originserver
> name=reports.federalit.net
>
> I know 2002 is a funny port but that's what the windows people have this
> site running on.
>
> I also added the line
>
> http_port 80 accel defaultsite=reports.federalit.net vhost
>
> to see if I could get it working over just HTTP but that does the same
> thing.
>
> It just sits there and times out very slowly...
>
> Any ideas would be great,
>
> Cheers,
>
> Simon Dwyer
> Technology Services Group
>
Received on Thu Oct 11 2007 - 01:23:34 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT