[squid-users] Reverse proxy with HTTPS

sothy shan sothy.e98 at gmail.com
Fri Mar 3 15:58:05 UTC 2017 

On Fri, Mar 3, 2017 at 4:55 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 4/03/2017 3:53 a.m., sothy shan wrote:
> > On Fri, Mar 3, 2017 at 2:56 PM, Matus UHLAR - fantomas <
> uhlar at fantomas.sk>
> > wrote:
> >
> >> On 03.03.17 10:02, sothy shan wrote:
> >>>>
> >>>>> I am trying to test reverse proxy with HTTPS. For example, client
> makes
> >>>>> HTTPS request to squid server which make another HTTPS request to web
> >>>>> server.
> >>>>>
> >>>>
> >> On Fri, Mar 3, 2017 at 12:59 PM, Matus UHLAR - fantomas <
> uhlar at fantomas.sk
> >>>>
> >>> wrote:
> >>>
> >>>> what point does this have, except disabling client certificates?
> >>>>
> >>>
> >> On 03.03.17 14:09, sothy shan wrote:
> >>
> >>> Will it work as expect (i.e. reverse HTTPS Proxy) when I disable client
> >>> certificates?
> >>>
> >>
> >> It should work even without disabling client certificates, it just makes
> >> little sense.
> >>
> >> Talking to servers using HTTP and thus behaving like SSL accelerator
> makes
> >> sense.
> >>
> >> Behaving like caching accelerator while using SSL on both sides makes
> >> little
> >> sense, of course depending on cacheability of the content.
> >>
> >
> > In order to check first rever proxy with HTTP, I am using squid-4.0.18.
> > The following changes are added into /etc/squid/squid.conf
> > +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >
> > http_port 192.168.1.69:80 accel defaultsite=www.xxxx.fr
> > cache_peer X.Y.W.Z parent 80 0 no-query originserver name=myAccel
> >
> > acl our_sites dstdomain www.lemonde.fr
> > http_access allow our_sites
> > cache_peer_acces myAccel allow our_sites
> > cache_peer_access myAccel deny all
> >
> > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >
> > After that I am manually running
> > $sudo squid -d 2 -a 80 -N -X
> >
> > Squid is not running and stopped in the middle without any error msg.
> >
>
> I very much doubt there is *no* error message. Much more likely that it
> is just being sent to a place you are not noticing.
>
> > Do you see where is problem?
>
> You have told Squid to open port 80 on *all* IPs of the machine for
> generic proxy traffic (command line parameter "-a 80"), then you have
> told Squid to *also* open port 80 on IP 192.168.1.69 for reverse-proxy
> traffic.
>
> You cannot open a IP:port twice. Not even with the same application.
>

I changed the configuration
++++++++++++++++++++++++++++++++++++
http_port 192.168.1.69:80 accel defaultsite=www.AAAAA.com
cache_peer 192.168.1.31 parent 80 0 no-query originserver


http_access allow all
 ++++++++++++++++++++++++++++++++++++++++++
It worked well now for HTTP reverse proxy.

> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170303/ae9a20e8/attachment.html>

More information about the squid-users mailing list