I have tried httpd_accel directives. The configiration is :
http_port 8080
https_port 443 cert=/usr/local/ssl/cacert.pem key=/usr/local/ssl/privkey.pem
acl it_net src e.f.g.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
httpd_accel_host i.j.k.l
httpd_accel_port 443
httpd_accel_single_host on
httpd_accel_with_proxy on
#acl acceleratedHost dst i.j.k.l
acl accel_servers dst i.j.k.l
#acl acceleratedPort 443
acl port443 port 443
acl http protocol http
http_access allow accel_servers http port443
http_access allow it_net
http_access deny all
When I enter https://mail.xyz.com I get alert messages telling that "The
document contains no data" and cache.log registers following error:
2004/03/08 10:27:41| clientNegotiateSSL: Error negotiating SSL connection on
FD
10: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Regards,
Rakesh Kumar Jha
*************************************************************
> Now we want to encrypt the mail.xyz.com. For this I have installed
> RH-9, Squid V2.5-STABLE4, OpenSSL-0.9.7. The squid.conf has following
> config -
> http_port 8080
> https_port 443 cert=/usr/local/ssl/cacert.pem
key=/usr/local/ssl/privkey.pem
> acl it_net src e.f.g.0/255.255.255.0
> http_access allow it_net
You also need to enable acceleration/reverse proxying. See the
httpd_accel_* directivves.
Regards
Henrik
********************************************************
Let me explain our environment...we were running as http://mail.xyz.com. Our
DNS would resolve to IP a.b.c.d and the external firewall will translate
this legal IP to private IP - e.f.g.h which was Squid Reverse Proxy (Squid
V2.4). The squid revserse proxy was accerlerating exchange server OWA IP -
i.j.k.l. There is another firewall between Squid reverse proxy and exchange
server/OWA. This firewall allows traffice between these two on port 80. It
worked perfectly.
http://mail.xyz.com -->>Firewall-1 NAT -->>Squid Reverse
proxy -->>Firewall-2 ---->>>> OWA
IP a.b.c.d -------->>> NAT --->>>>>>> IP e.f.g.h ------------->>> Port 80
----->> IP i.j.k.l
Now we want to encrypt the mail.xyz.com. For this I have installed RH-9,
Squid V2.5-STABLE4, OpenSSL-0.9.7. The squid.conf has following config -
http_port 8080
https_port 443 cert=/usr/local/ssl/cacert.pem key=/usr/local/ssl/privkey.pem
acl it_net src e.f.g.0/255.255.255.0
http_access allow it_net
1. From Squid proxy when I say https://i.j.k.l I can acces the mails. 2. But
from anywher else including proxy server if I say https://mail.xyz.com or
https://a.b.c.d I get error URL: / cannot be retrieved. Why the IP is
getting stripped?
Regards,
Rakesh Kumar Jha
#####################################################################################
DISCLAIMER
Any non-official business related views, opinions and other information presented
in this electronic mail are solely those of the sender/author. Burgan Bank does not
endorse or accept responsibility for these opinions, views or conclusions.
If you are not the addressee indicated in this electronic mail or responsible for
delivering this electronic message to the inteded recipient, you should delete this
message and notify the sender immediately.
Burgan Bank
#####################################################################################
Received on Mon Mar 08 2004 - 01:14:34 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST