Re: [squid-users] Configuring reverse proxy for both 80/443

From: Justin Lintz <jlintz@dont-contact.us>
Date: Wed, 5 Mar 2008 12:19:01 -0500

Nick,

Try creating a seperate dstdomain acl for the ssl.insiderserver.com
and allow that for your cache_peer_access for the ssl connection

- Justin

On Wed, Mar 5, 2008 at 11:35 AM, Nick Duda <nduda@vistaprint.com> wrote:
> Still not working properly. Here is what my configuration looks like,
> followed by what it is doing:
>
> http_port 80 defaultsite=www.insideserver.com vhost
> https_port 443 cert=/path/to/cert/example.crt
> key=/path/to/key/example.key defaultsite=ssl.insideserver.com vhost
> #
> acl example_sites dstdomain www.insideserver.com ssl.insiderserver.com
> acl example_ssl proto HTTPS
> #
> cache_peer 192.168.0.10 parent 443 0 no-query originserver ssl
> name=example_ssl
> cache_peer_access example_ssl allow example_sites example_ssl
> #
> cache_peer 192.168.0.10 parent 1080 0 no-query originserver
> name=example_http
> cache_peer_access example_http allow example_sites
>
>
> I setup an entry in my host file:
> 68.x.x.x. www.insiderserver.com
>
> I open IE and browse to www.insiderserver.com and it works, no problem
> I browse to ssl.inisdeserver.com which is the same server as
> www.insideserver.com but requires SSL to connect and IE just
> spins....thinking over and over. I look at the access.log on the proxy
> and over and over it keeps trying to make a connection, but its saying
> example_http even though im trying for the SSL version
>
> TCP_MISS/302 574 GET https://ssl.insideserver.com -
> FIRST_UP_PARENT/example_http text/html
> TCP_MISS/302 574 GET https://ssl.insideserver.com -
> ANY_PARENT/example_http text/html
> TCP_MISS/302 574 GET https://ssl.insideserver.com -
> FIRST_UP_PARENT/example_http text/html
> TCP_MISS/302 574 GET https://ssl.insideserver.com -
> ANY_PARENT/example_http text/html
> TCP_MISS/302 574 GET https://ssl.insideserver.com -
> FIRST_UP_PARENT/example_http text/html
> TCP_MISS/302 574 GET https://ssl.insideserver.com -
> ANY_PARENT/example_http text/html
> TCP_MISS/302 574 GET https://ssl.insideserver.com -
> FIRST_UP_PARENT/example_http text/html
> TCP_MISS/302 574 GET https://ssl.insideserver.com -
> ANY_PARENT/example_http text/html
>
>
>
>
> -----Original Message-----
> From: Anthony Tonns [mailto:atonns@promotions.com]
> Sent: Wednesday, March 05, 2008 10:44 AM
> To: squid-users@squid-cache.org
> Subject: RE: [squid-users] Configuring reverse proxy for both 80/443
>
> You want something like this:
>
> http_port 80 defaultsite=www.example.com vhost
> https_port 443 cert=example.crt key=example.key
> defaultsite=www.example.com vhost
> #
> acl example_sites dstdomain www.example.com example.com
> acl example_ssl proto HTTPS
> #
> cache_peer 127.0.0.1 parent 1443 0 no-query originserver ssl
> name=example_ssl
> cache_peer_access example_ssl allow example_sites example_ssl
> #
> cache_peer 127.0.0.1 parent 1080 0 no-query originserver
> name=example_http
> cache_peer_access example_http allow example_sites
>
> > -----Original Message-----
> > From: Nick Duda [mailto:nduda@VistaPrint.com]
> > Sent: Tuesday, March 04, 2008 5:11 PM
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] Configuring reverse proxy for both 80/443
> >
> > I seem to be stumped. I need to reverse proxy for one internal server
> > that listens on both 80 and 443. How can I configure squid to proxy
> for
> > the same cache-peer on both 80 and 443? As far as I can see you can
> only
> > specify one protocol per cache-peer line. I think I am missing
> > something.
> >
> > - Nick
>

-- 
- Justin Lintz
Received on Wed Mar 05 2008 - 10:19:07 MST

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:04 MDT