[squid-users] https_port Listen on different IP

Alex Rousskov rousskov at measurement-factory.com
Fri Oct 19 17:04:56 UTC 2018


On 10/19/2018 01:10 AM, houheming wrote:

> Configure squid to be a https tproxy proxy

Terminology clarification: You are configuring an transparent proxy for
intercepting TLS/HTTPS traffic, not an (explicit) HTTPS proxy.


> configure squid to send the client browser certificates which signed by X

This phrase can be (mis)interpreted many ways:

1. Configure Squid to automatically generate origin server certificates
(signed by a configured CA X) and send them to browsers/clients that go
to those origin servers.

2. Configure Squid to use a configured client certificate (signed by
some CA X) and send it to origin servers that request client certificates.

Does any of the above match what you want to do?


> https_port 443 ...
> https_port 180.97.33.107:443 ...
> https_port 180.97.33.108:443 ...

I am not sure, but perhaps the first https_port line (the one without an
explicit IP address) should come _last_ so that Squid can listen on the
addresses that remain after 180.97.33.107 and 180.97.33.108 are taken by
the other two ports?

Also, if your Squid, when started without "-k parse", reports any
warnings or errors, please share them.

Alex.


More information about the squid-users mailing list