[squid-users] Squid reverse proxy in http > https mode

Veiko Kukk vkukk at xvidservices.com
Tue Aug 18 15:18:13 UTC 2015


I'm trying to get most optimized solution for caching objects of cloud 

The data flow I'd like to achieve is: http client <http> squid reverse 
mode cache <https> remote https storage server

Common scenarios/examples of accel mode http(s) port include opposite 
direction of traffic encryption/decryption, client connecting via https 
and backend servers (cache_peer) being http. In my case client connects 
via localhost and to reduce cpu load, I'd like to have this connection 
without encryption and start encryption only when data leaves local 
squid to parent cache_peer, because this remote server speaks https only.

Is this possible with squid?

Another related question is: when cache_peer hostname is dns name that 
resolves into multiple ip addresses, then how does squid act? Does it 
resolve it once and use first ip addres or all addresses in round robin, 
or does it resolve every time cache_peer is accessed? What happens if 
one of the addresses is not accessible? I have checked documentation but 
did not find any explanation on that topic.

Best regards

More information about the squid-users mailing list