RE: [squid-users] reverse proxy / virtual hosting

From: Sunil S <sunils@dont-contact.us>
Date: Wed, 23 Jun 2004 03:18:02 +0530

I had run several backend servers (wth different hostnames under the
same domain) to do :
        (client)https -> RP(squid 2.5) -> http(servers)
some time back. And ofcourse ran into the technical non-possibility of
running all domain names on same IP/port with separate certificates.

Work around used then was, using a single wild-card certificate for
domain and use it for all sites/sub-domains ..... if it is acceptable
for you to use shared certificates. Wild card certificates should not
trigger errors at client side.

Sunil

>>> Chris Perreault <Chris.Perreault@Wiremold.com> 06/22/04 07:26PM
>>>
As someone else just wrote, if you try and use a cert for web1.com on
web3.com you get an error message saying the cert isn't for web3.com.

To answer your question though, the squid.conf file mentions the
following,
stating that you can run multiple addresses each with their own ssl
cert:
(this is the conf file for squid-3.0.pre so check your own once you've
compiled it with --enable-ssl)

# TAG: https_port
# Usage: [ip:]port cert=certificate.pem [key=key.pem]
[options...]
#
# The socket address where Squid will listen for HTTPS client
# requests.
#
# This is really only useful for situations where you are
running
# squid in accelerator mode and you want to do the SSL work at
the
# accelerator level.
#
# You may specify multiple socket addresses on multiple lines,
# each with their own SSL certificate and/or options.
#
# Options:
#
# defaultsite= The name of the https site presented on
# this port
#

Chris

-----Original Message-----
From: Dan DeLong [mailto:ddelong@custdata.com]
Sent: Tuesday, June 22, 2004 9:20 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] reverse proxy / virtual hosting

I am setup in a similar way,
Internet-end-user----> SSL (serviced by squid) ----> RP ---> backend
webserver. But I am hosting sites where each have their own SSL cert.
So I
think what I'm hearing is that I will not be able to start one Squid
instance that can handle multiple different SSL certs ?

My goal is to be able to host multiple websites with 1 ip address.
Your
suggestions are welcome. Thanks.

----- Original Message -----
From: "Chris Perreault" <Chris.Perreault@Wiremold.com>
To: <squid-users@squid-cache.org>
Sent: Tuesday, June 22, 2004 9:07 AM
Subject: RE: [squid-users] reverse proxy / virtual hosting

> Further thought...on how we are setting it up.
>
> One ssl cert for www.mycompany.com, resides on the proxy.
>
> Internet-end-user -->ssl-->rp-->non-ssl ldap-authenticated traffic
-->
back
> end webserver
>
> With the redirect for each of the back end webservers, you can have
a
single
> cert. You can not have a single cert for two different domains
though,
> (mycompany.com and mycompany2.com need different certs)
> mycompany.com/intranet and mycompany.com/extranet can use the same
> cert.
>
> Chris Perreault
>
> -----Original Message-----
> From: Francois Liot [mailto:fliot@kyriba.com]
> Sent: Tuesday, June 22, 2004 8:49 AM
> To: Dan DeLong
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] reverse proxy / virtual hosting
>
>
> As far as I know SSL standart it's unfortunatelly impossible.
>
> Apache is suffering of the same limitation.
>
> Regards
>
> Francois Liot
>
> On Tue, 2004-06-22 at 14:42, Dan DeLong wrote:
> > Hello,
> >
> > I currently have squid running as a reverse proxy. I have a number

> > of squid instances running to handle a number of different
websites.
> > Each squid instance listens on it's own ip address and handles the

> > SSL cert for the incoming web request. My goal is to have squid
> > listen on one address to handle multiple websites in essence do
> > virtual hosting. Can this be done with squid ? If so, can you
> > provide any direction on how to set squid up to do this ?
> >
> > Thanks.
> >
> >
>
Received on Tue Jun 22 2004 - 15:43:16 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:03 MDT