OK, here the problem is SSL certificate is keeping in the destination
backend server and this is initializing the SSL transaction. The
proxy server itself has some SSL cert/key for other servers for any
HTTPS request from the clients ...
I had tried redirection from http://example.com:8080/abc to
https://example.com:8443/abc in apache just for testing, but getting
some dots only in the browser ..!!
thanks,
Br-
Navas
At 04:41 PM 9/19/2006, fulan Peng wrote:
>I show you a workable configuration file for 2.6 S3. You can replace
>those things.
>
>http_port 127.0.0.1:80 defaultsite=ddint.org
>https_port 443 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
>defaultsite=zyzg.org.ru
>https_port 9001 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
>defaultsite=192.168.0.1
>https_port 9003 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem
>defaultsite=www.peacehall.com
>cache_peer www.peacehall.com parent 80 0 originserver name=peacehall
>
>cache_peer 192.168.0.1 parent 5225 0 originserver name=futurechinaforum
>cache_peer zyzg.org.ru parent 80 0 originserver name=zyzg
>cache_peer ddint.org parent 80 0 originserver name=ddint
>hierarchy_stoplist cgi-bin ?
>acl QUERY urlpath_regex cgi-bin \?
>cache deny QUERY
>acl apache rep_header Server ^Apache
>broken_vary_encoding allow apache
>access_log c:/squid/var/logs/access.log squid
>debug_options ALL,9
>refresh_pattern ^ftp: 1440 20% 10080
>refresh_pattern ^gopher: 1440 0% 1440
>refresh_pattern . 0 20% 4320
>acl www.peacehall.com dstdomain www.peacehall.com
>acl 192.168.0.1 dstdomain 192.168.0.1
>acl zyzg.org.ru dstdomain zyzg.org.ru
>acl ddint.org dstdomain ddint.org
>acl all src 0.0.0.0/0.0.0.0
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl to_localhost dst 127.0.0.0/8
>acl SSL_ports port 443 563
>acl Safe_ports port 80
>acl Safe_ports port 21
>acl Safe_ports port 443 563
>acl Safe_ports port 70
>acl Safe_ports port 210
>acl Safe_ports port 1025-65535
>acl Safe_ports port 280
>acl Safe_ports port 488
>acl Safe_ports port 591
>acl Safe_ports port 777
>acl CONNECT method CONNECT
>http_access allow zyzg.org.ru
>http_access allow www.peacehall.com
>http_access allow ddint.org
>#http_access allow www.dajiyuan.com
>http_access allow 192.168.0.1
>http_access allow localhost
>http_access allow manager localhost
>http_access deny manager
>http_access deny !Safe_ports
>http_access deny CONNECT !SSL_ports
>http_access allow all
>http_reply_access allow all
>icp_access allow all
>cache_peer_access zyzg allow zyzg.org.ru
>cache_peer_access peacehall allow www.peacehall.com
>cache_peer_access futurechinaforum allow 192.168.0.1
>#cache_peer_access dajiyuan allow www.dajiyuan.com
>cache_peer_access ddint allow ddint.org
>visible_hostname ddint.org
>coredump_dir c:/squid/var/cache
>
>
>On 9/19/06, Mohamed Navas V <abusam@gmail.com> wrote:
>>hi,
>>
>>We have one setup with a reverse proxy for multiple backend back
>>servers. All these servers are for HTTPtraffic only with accel port
>>80.
>>
>>But it's propsed one additional with the existing setup as follows:-
>>
>>
>> request on port 8080 request
>> on port 8080
>>user
>>-------------------------------->R.Proxy------------------------------->Web
>>Server
>>
>> Replay on 8443 replay on port 8443
>>user
>><--------------------------------R.Proxy<--------------------------------Web
>>Server
>>
>>ie User will request http://example.com:8080/abc but he want to get
>>HTTPS replay as https://example.com:8443/abc ....
>>
>>We are using squid 2.5, all other servers except this one are
>>listening on 80,443 ports only.
>>
>>What changes to be done config file for the same ?
>>
>>Br--
>>Navas
Received on Tue Sep 19 2006 - 23:41:55 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT