Re: [squid-users] SSL Reverse Proxy

From: Michael Alger <squid_at_mm.quex.org>
Date: Thu, 7 Aug 2008 16:14:44 +0800

On Fri, Aug 01, 2008 at 12:15:53AM -0700, elsergio wrote:
> I am trying to see all the reverse proxy features that Squid
> offers and I have a question about SSL. I am sure you can help me.
>
> I have seen in the forum that it seems to be something like this:
>
> acl http protocol http
> acl https protocol https
> http_port public.ip:80 accel defaultsite=your.main.sitename vhost
> acl servergroup_domains dstdomain your.main.sitename other.sitename ...
> cache_peer ip.of.web.server parent 80 0 no-query originserver name=servername_http
> cache_peer_access servername_http http servergroup_domains
> https_port public.ip:443 accel defaultsite=your.main.sitename sslcert=/path/to/main.sitename.pem
> cache_peer ip.of.web.server parent 443 0 no-query originserver ssl name=servername_https
> cache_peer_access servername_https https servergroup_domains
>
> The problem is that I cannot figure out de differences between
> creating an SSL connection (the case above I think) and Squid
> being the end of an SSL connection.

The configuration example you have there does both.

http_port configures a port for squid itself to accept connections
on. If you use https_port, it will be an SSL endpoint; which is why
you need to specify the certificate file to use.

cache_peer configures either an upstream proxy or defines an origin
server (conceptually these are the same thing, the only difference
is how you make requests to them). I suppose specifying the "ssl"
option to it tells squid to make SSL connections when requesting
content from it.

Does that help at all?
Received on Thu Aug 07 2008 - 08:14:49 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 07 2008 - 12:00:02 MDT