Re: [squid-users] SSL<->SSL<->unencrypted, (was: provide external access)

From: mlister <mailme@dont-contact.us>
Date: Thu, 20 Mar 2003 16:27:10 -0500

Its looking as if squid is only intended to use tunnel connections, ie. SSL
and that I couldn't do this kind of accelleration/conversion with squid
alone.......

----- Original Message -----
From: "mlister" <mailme@triad.rr.com>
To: <squid-users@squid-cache.org>
Sent: Thursday, March 20, 2003 2:44 PM
Subject: [squid-users] SSL<->SSL<->unencrypted, (was: provide external
access)

> This is great. I set up an accelerator box and its working. What I
would
> like to do next is talk SSL between two squid boxes (firewall will be in
> between them).
> The communication to the web server from SQUID2 should be
> unencrypted.
>
> [ accellerator ] <--> [ FIREWALL ] <--> [ accellerator ]
> <--> [ webserver ]
> <-SSL-> <-SSL-> <-SSL::UNENCRPTED->
> <-UNENCRYPTED->
> SQUID1
> SQUID2
>
> For now, I have two squid boxes running. The FIREWALL is currently not
> part of the setup
> for the sake of troubleshooting. The SQUID1 is accelerating SQUID2 which
> in turn is accellerating the webserver. This is working as far as
> unencrypted communication.
> when I try https from the first squid box , I believe its trying to do ssl
> with the webserver,
> which of course breaks. I added the following line in the configuration:
> https_port 443 cert=/etc/httpd/ssl.crt/server.crt
> key=/etc/httpd/ssl.key/server.key
> on SQUID1
>
> Is this configuration possible? Thanks for any insight from anyone.
>
>
>
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@squid-cache.org>
> To: "mlister" <mailme@triad.rr.com>
> Cc: <squid-users@squid-cache.org>
> Sent: Thursday, March 20, 2003 2:25 AM
> Subject: Re: [squid-users] provide external access
>
>
> > Yes. This can be done via the accelerator mode of Squid. See the Squid
> > FAQ for some basic setup instructions.
> >
> > Regards
> > Henrik
> >
> > mlister wrote:
> > >
> > > I'm new to squid and looking to see if it would be the app which could
> > > provide external access (outside of firewall) to an internal web
server.
> > > Basically, on the DMZ, we need a server to play "Middle-Man" with an
> > > internal web server, providing access to outside internet users.
> > > Would squid be feesible for this sort of task? If so, I'm curious if
we
> > > would need two squid boxes, as well, ONE on the outside, ONE on the
> > > inside of the firewall and these TWO talk SSL between each other and
> then
> > > the internal squid server forwards the html data from internal web
> > > server to the external squid server. Thanks much for any information
> > > relating to this concept.
>
Received on Thu Mar 20 2003 - 14:27:17 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:11 MST