> I've looked in the archives, site, and Squid book, but I can't find
> the answer to what I'm looking to do. I suspect that it's not
> supported.
>
> My origin server accepts Basic auth over SSL (non-negotiable). I'd
> like to stick a reverse proxy/surrogate in front of it for
> caching/acceleration, and have it accept non-SSL connections w/ Basic
> auth, directing those requests as https to the origin. The origin's
> responses will be cached, to be used in subsequent GETs to the proxy.
> Both machines are in a closed IP environment. Both use the same
> authentication mechanism.
>
> I see that Squid 3.0 has an "ssl-bump" option, but I don't think that
> does what I described. If it does, that's cool - I can change the
> requirement of the proxy to accept Basic/SSL.
>
> Is this configuration possible, and/or am I thinking about this wrong?
>
You need to configure an 'https_port' same as you would an http_port, but
with added SSL certificate fields.
https_port 443 accel <cert details>
then the cache_peer line needs 'ssl' to re-encrypt the link and
"login=PASS" (exact string) to pass the login details back to the web
server.
cache_peer ... ssl login=PASS
Ref:
http://www.squid-cache.org/Versions/v3/3.0/cfgman/https_port.html
http://www.squid-cache.org/Versions/v3/3.0/cfgman/cache_peer.html
Amos
Received on Wed Oct 15 2008 - 22:26:58 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 16 2008 - 12:00:04 MDT