On Thu, 17 Mar 2005, Martin Burke wrote:
> Is the connection now ssl on both sides (from the client to the
> reverse proxy and then from the reverse proxy to the webserver)?
This is supported by Squid-3, or by Squid-2.5 + ssl update patch. But
unless you want to for security reasons there really is no reason to.
For OWA Squid-3 is needed for the originserver cache_peer option. I see
from your configuratoin that you use squid-3 so this shuld not be any
problem.
>> My config file is as follows:
>>
>> visible_hostname testmail.ncmec.org
>> https_port 443 defaultsite=testmail.ncmec.org
>> cert=/etc/squid/webmail.crt key=/etc/squid/webmail.key
>>
>> cache_peer 172.25.4.51 parent 80 0 no-query originserver front-end-https=auto
>
> The other suggestions I've seen for a config file for this arrangement are:
>
> proxy-only
> login=PASS
You need the login thing. If not users won't be able to log in..
> never_direct allow all
Not strictly needed, but good anyway.
> header_access Accept-Encoding deny all
Works around many broken servers..
> I've added them one by one, and since putting in login=PASS, I get
> past the login prompt but am back to the old situation of seeing two
> frames with no data.
What URLs do the frameset HTML source use for the frames? http:// or
https://?
Regards
Henrik
Received on Thu Mar 17 2005 - 09:15:59 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST