Re: [squid-users] how to redirect https 80 requests to a cache listening to https on port 8080

From: Amos Jeffries <[email protected]>
Date: Sat, 10 Nov 2007 14:01:38 +1300

nick humphrey wrote:
> i thought the "defaultsite" was supposed to reflect what was entered
> into the browser on the outside of the internal network...maybe i had
> just misunderstood that part...

No you understood correctly.

> i'll give it a try...
> thanks chris
> have a nice night/day
>
> 2007/11/9, Chris Robertson <crobertson@gci.net>:
>> nick humphrey wrote:
>>> well, yeah i nat to the accelerator, but i don't know why it won't
>>> send 80 from the accelerator to the cache on 8080. do i only need to
>>> add a new https_port line, nothing else?
>>>
>>> like this:
>>> https_port 8080 cert=/usr/local/squid/etc/key.crt
>>> key=/usr/local/squid/etc/key.key defaultsite=mycompany.no-ip.info:8080
>>> https_port 80 cert=/usr/local/squid/etc/key.crt
>>> key=/usr/local/squid/etc/key.key defaultsite=mycompany.no-ip.info:80

Believe the second one should be http_port, no 's', to accept web
traffic. And that directive does not take ssl parameters in 2.6/3.0
since there is no encryption between clients and squid in those requests.

Leave the cache_peer as before to retain the squid->server secure channel.

  Also, the port on defaultsite only matters if the backend server needs
to know it. If it matters then both should probably be
"mycompany.no-ip.info:8080"

>>>
>> The second line should read:
>>
>> https_port 80 cert=/usr/local/squid/etc/key.crt
>> key=/usr/local/squid/etc/key.key defaultsite=mycompany.no-ip.info:8080
>>
>> So by default, squid points the requests at port 8080 on the accelerated
>> site.

Huh? No he wants to accept HTTP requests and convert them to HTTPS on
the internal side.

>>
>>> just doing that doesn't seem to be enough though, i don't get any response on 80
>>>
>>> keep in mind, there is only a server (cache) listening on 8080, so i
>>> want squid to convert the 80 requests and send them to the server as
>>> 8080...
>> Chris

Check the ACLs to make sure there are none restricting based on port
8080. They will need updating a little.

Amos
Received on Fri Nov 09 2007 - 18:01:40 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST