I got it working
http_port 80
http_port 8080
https_port 443 cert=/usr/local/squid/ssl_gw.pem
httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
The only issue is that with httpd_accel_host Virtual and httpd_accel_port 0,
with accel port 0, the server on the back end still needs to listen to port
443, even through it's not doing the SSL encryption/decryption. If all the
servers on the back end a just listening to port 80, then set the
httpd_accel_port 80. With this scenario, httpd_accel_port 80, the squid will
do the SSL encryption/decryption on port 443 (or what ever you set it to on
the https_port in the config file) and send clear text to the back-end web
servers over port 80.
When you set the httpd_accel_port 0, it will forward the clear text to the
back end server on whatever port the client came into the squid on.
-Sean
-----Original Message-----
From: Markus Gaugusch [mailto:markus.gaugusch@pdts.at]
Sent: Wednesday, September 24, 2003 11:36 PM
To: squid-users@squid-cache.org
Subject: [squid-users] HTTP/1.1 reverse Proxy over SSL?
I'm using squid 3.0-PRE3 and would like to implement a reverse proxy
that supports several back-end servers via HTTP/1.1. It works without
SSL, but this is not what I need :)
I know that the certificate will be wrong if I use this configuration,
but this is just for internal use and I can generate a
wildcard-certificate to reduce the number of warnings received by the user.
If this is not possible with squid, I thought about terminating the SSL
tunnel with stunnel and run squid on port 80 (or somewhere else,
shouldn't matter), but this isn't a really clean solution, right?
Markus
-- _____________________________________________________ Markus Gaugusch eMail: markus.gaugusch@pdts.at PDTS - Prozessdatentechnik und Systeme Gesellschaft fuer industrielle Datenverarbeitung GmbH A-1150 Wien, Moeringgasse 20 Tel.: +43-1-526 17 57/227 WWW: http://www.pdts.atReceived on Thu Sep 25 2003 - 18:28:53 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:02 MST