Re: [squid-users] Squid 3: Reverse Proxy with HTTPS and upstream proxy

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 11 Feb 2005 11:09:30 +0100 (CET)

On Fri, 11 Feb 2005, Tobias Reckhard wrote:

> I'm not sure I fully understand, is the following right?
>
> 1. Client connects to Squid v3 and requests http://somesite, thinking it's
> the origin server.

or https://somesite, doesn't matter.

if using http Squid v3 can even be contacted as a proxy.

If using https the client need to think the Squid server is the origin
server as the client SSL connection then should be terminated at the
proxy.

> 2. Squid v3 requests https://somesite from a separate CONNECT relaying proxy.
>
> 3. The separate CONNECT relaying proxy tranforms the https://somesite request
> into a CONNECT request and forwards this request to an upstream WWW proxy.

Correct. A simple "plug" type proxy which when it gets a TCP connection
from Squid connects to the HTTP proxy and issues a CONNECT request to the
preconfigured https server.

> 4. The upstream WWW proxy connects to the origin server and passes through
> data across the established tunnel thereby.
>
> Since I currently don't have such a CONNECT relaying proxy, I guess I'm out
> of luck momentarily, huh? ;-) I'll see if a search turns up one.

socat looks reasonable. Kind of an swiss army nife for this kind of
tasks..

Regards
Henrik
Received on Fri Feb 11 2005 - 03:09:36 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST