[squid-users] Caching HTTPS with a parent squid
Amos Jeffries
squid3 at treenet.co.nz
Thu Dec 28 03:44:46 UTC 2017
On 2017-12-28 07:53, Mauricio Garavaglia wrote:
> Hello! I have a squid 3.5 caching HTTPS doing BumpSSL, everything
> works ok butI need to add another one as a parent (bigger storage and
> but different SLA...) of the first one, while still allowing it to go
> direct if the parent is not available.
>
> [Client]---->[Squid 1]----->[Squid 2]---->[Origin Server]
>
> To proper cache both, I would need to bump, but that's not available
> per
> https://github.com/squid-cache/squid/blob/v3.5/src/FwdState.cc#L813
>
> What would be the correct way to accomplish that? Tried making the
> first one to just peek but I still want to allow to cache the
> responses and not just bypass the connection.
The way to do this is to use MARK or TOS to label the child proxy
outgoing traffic so routing can send it to the parent proxy where it
gets re-bumped. Both proxies otherwise operate as stand-alone
interceptors.
DO NOT use cache_peer originserver connections between them - while this
can appear to work for some traffic it removes TLS properties needed by
many modern clients.
Amos
More information about the squid-users
mailing list