Re: [squid-users] Is it possible to have squid as do Proxy and OWA/RPCoHTTPS accelerator?

From: Odhiambo Washington <odhiambo_at_gmail.com>
Date: Mon, 2 Jun 2008 19:40:39 +0300

On Mon, Jun 2, 2008 at 7:27 PM, Henrik Nordstrom
<henrik_at_henriknordstrom.net> wrote:
> On mån, 2008-06-02 at 13:41 +0300, Odhiambo Washington wrote:
>> (actually, this is supposed to be the only entry for cache_peer I am
>> goingto have?)
>
> If you only have one server, and that server is only talking http then
> yes there is only a single cache_peer..

Understood.

>> That has worked. It also requied a PEM passphrase. I hope this is not
>> supposed to be another problem. These ssl stuff!
>
> You can configure the password in squid.conf if the PEM key is
> encrypted, or easily decrypt it with the openssl rsa command.

Understood as well.

>> In my case, I don't have a certificate for the external hostname,
>> which brings me back to the confusing issue regarding the certificate:
>> I can make a self-signed certificate for the external hostname. Not a
>> problem. However, does this mean I really don't need the internal
>> certifcate Exchange is using?
>
> Correct.

Pooh! That was so confusing:-)

>> Suppose:
>>
>> My Squid host is publicly known as mail.odhiambo.COM (IP of 1.2.3.4)
>> My Exchange server is named msexch.msexch.odhiambo.BIZ (IP of 192.168.0.26)
>>
>> Given that both OWA and RPCoHTTPS are directed at these...
>>
>> What values should I use for the following variables (from the wiki):
>>
>> (a) owa_hostname?
>
> In https_port defaultsite you should use mail.odhiambo.COM as this is
> what the clients are expected to connect to.
>
>> (b) ip_of_owa_server?
>
> The ip of your exchange/owa server.
>
>> (c) rpcohttp.url.com?
>
> Ignore. That example uses a setup with more Exchange servers, where OWA
> is running on a separarate server from Exchange.
>
>> (d) the_exchange_server?
>
> Ignore as above.
>
>> >From there, I believe I will only get stuck at the ssl certificates
>> step, which is where I am still a bit confused.
>
> Since you are not going to use a real certificate then issue yourself a
> self-signed one using OpenSSL.
>
> openssl req -new -x509 -days 10000 -nodes -out mail.odhiambo.COM_selfsigned.pem -keyout mail.odhiambo.COM_key.pem

Everything is all clear now.

Will find good time to test this out and see how well it goes.

Thank you very much, Amos and Henrik! That was quite some
hand-holding. I really appreciate.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Oh My God! They killed init! You Bastards!"
 --from a /. post
Received on Mon Jun 02 2008 - 16:40:43 MDT

This archive was generated by hypermail 2.2.0 : Mon Jun 16 2008 - 12:00:03 MDT