[squid-users] Squid Reverse HTTPS Let's Encrypt
Alex Rousskov
rousskov at measurement-factory.com
Thu Aug 23 14:22:26 UTC 2018
On 08/23/2018 07:33 AM, erdosain9 wrote:
> I have Squid configured as a proxy reverse.
> The DNS are configured too. The clients can access from outside without
> problem.
> It is working well.
> But I want to serve web pages with https and I would like to use Let's
> Encrypt (or something similar) so clients do not have to accept an invalid
> certificate.
>
> I wanted to know if this is possible.
It is. You can use any well-known CA, including Let's Encrypt, to obtain
a well-trusted certificate for your reverse proxy.
> The servers have to have configured let's encrypt?
The machine running Squid needs to be configured to use Let's Encrypt.
It usually boils down to installing Let's Encrypt automation
scripts/agents for generating/renewing certificates.
The origin servers behind your reverse proxy do not have to use
encryption and, if they use it, do not have to be configured to use
Let's Encrypt. It is your choice whether to encrypt Squid-origin
communication at all and, if yes, whether to use Let's Encrypt for that
encryption.
> Squid has to have configured let's encrypt?
Squid https_port can be configured with the Let's Encrypt-provided
certificate and private key, but Squid itself does not know where that
certificate and key came from. This is similar to, say, Apache httpd
configuration -- Apache does not know anything about Let's Encrypt, but
Let's Encrypt-generated certificates can be integrated with Apache httpd
configuration.
When you figure all the details out, consider publishing them on Squid
wiki for others to reuse.
HTH,
Alex.
More information about the squid-users
mailing list