Hi Amos,
Thanks for the quick reply!
>>
>> I am trying to setup squid as a ssl proxy to load balance btwn
>> reverse-proxies. I believe the config is right but what is happening
>
> What you have setup is a forward proxy load balancer which only permits
> management and binary-over-HTTP tunneled traffic from its localhost machine
> IP.
That is actually what I want. I want to do binary-over-HTTP from the
localhost to the reverse-proxy servers. When the forward proxy tries
to connect to the origin server directly it does a tunnelConnect but
even though I have set originserver for the cache_peers it seems to
just forward the CONNECT instead of doing a tunnelConnect. I thought
originserver should force squid to treat the cache_peers as if they
were web servers?
>
>> is that squid gets the CONNECT request and connects to the reverse
>> servers on the right port but forwards the CONNECT request instead of
>> connecting to them as the originserver. I am pasting the config as it
>> is right now. I am using localhost as test reverse proxies just for
>> testing. It Also doesn't seem to be failing to the next peer when the
>> first one it selects either returns an error(http error code or
>> connection failure) and I have retry_on_error.
>
> This would be an artifact of the special handling CONNECT requests have.
>
> Your goal of having an SSL proxy directly opposes the use of CONNECT. Since
> CONNECT is a binary-over-HTTP tunnel.
>
> I suggest going back to your first stated criteria "setup squid as a ssl
> proxy" and getting that going.
I would rather not have to maintain certs as I will have several of
these squid proxies.
> This means using the https_port directive (NOT the http_port!!). With a
> server SSL certificate. Squid will then be an SSL proxy.
> * Problem 2 is then how to get browsers etc to send traffic to it.
>
> Since your third criteria is to pass traffic to reverse proxies it implies
> that this is to be a front-end reverse-proxy itself.
> If that is correct, then setup the https_port with the reverse-proxy accel
> options. And do a standard reverse-proxy to two backends configuration.
Thanks for the info...will definitely keep this in mind.
Sri
Received on Fri Feb 11 2011 - 06:25:29 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 11 2011 - 12:00:03 MST