[squid-users] Reverse proxy is not responding

Amos Jeffries squid3 at treenet.co.nz
Tue Mar 20 13:24:53 UTC 2018 

On 19/03/18 19:13, Kiru Pananthan wrote:
> Hi Amos
> 
> I have removed *. dashboard and also timetable which is not in use.
> 
> I have added the accel after port number and removed vhost as per your
> advice. Can you check the file now, am I good to go. I have not yet run
> the query  "squid -k parse" , later will run it and update you on the
> outcome. I need to update the config file in server once your verify the
> config file for me to run the query

Okay, though of course backup the config running now before you change
it. I have been known to be wrong sometimes.

> 
> So basically I set this config file for below url, All this should able
> to access through https by auto redirec from http to https.

Um, lets be clear. "redirect" means something other than what you are
doing. Your traffic is still very much clear-text HTTP on the
client/"external" side of the network. What you have is secure
connections between the proxy and peer servers (ie the *internal* network).

To have a "redirect" the proxy would be responding to all incoming
http:// URLs with a 302 message telling the client to re-try with
https:// instead. If you want that to happen it is easy enough, but
another step additional to the bit we have been trying to get working so
far.


> 
> Portal.aism.edu.my <http://Portal.aism.edu.my>
> Helpdesk.aism.edu.my <http://Helpdesk.aism.edu.my>
> Booking.aism.edu.my <http://Booking.aism.edu.my>
> 
> 
> Config file URL
>  https://goo.gl/Q4a749
> 

Your config also proxies the bookings* and library.* domains.

Related to those your last "acl" line looks kind of odd:
  acl sites_server_2 dstdomain library.*

Is the server_2 peer accepting library.* domain as well as bookings.* ?


Your "deny all" lines for this smaller config now should be:

 cache_peer_access server_1  deny all
 cache_peer_access server_2  deny all
 cache_peer_access lib_1_SSL deny all
 cache_peer_access lib_1     deny all

 http_access deny all


(you see why its useful to group all the liens about a server together?
these should not have been able to be missed by your last edit).


Amos

More information about the squid-users mailing list