Re: [squid-users] Reverse Proxy SSL

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Sat, 13 Jan 2007 02:58:49 +0100

fre 2007-01-12 klockan 12:33 -0500 skrev Chatham Will Ctr AFCCC/SCO:
> Hi, I'm getting in over my head a little and am hoping someone can help
> straighten me out.
>
> Scenario:
>
> WWW<--SSL-->[Squid 2.26 Reverse Proxy]<--SSL-->[Apache web server]
>
> I have read in the Wiki that I may need to do some sort of SSL tunneling
> to achieve the above scenario. True?

Not for a reverse proxy.

The reference to SSL tunneling probably is from discussions on how to
encrypt browser proxy connections with SSL for getting to the Internet.
Here the SSL tunnel is needed as the browsers do not support SSL
encrypted proxy connections, only SSL encrypted web server connections..

> Or is it possible for Squid to listen for traffic from the www on
> 80/443, then connect to the internal web server using SSL on another
> port, such as 8443?

Fully possible. The internal port is set in cache_peer. But be warned
there is some technical issues with running servers on different ports
than they are published on. It's best is the web server is always
certain about what the real URL published on the Internet really is.

Regards
Henrik

Received on Fri Jan 12 2007 - 18:59:01 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST