[squid-users] reverse proxy and HTTP redirects
Vieri Di Paola
vieridipaola at gmail.com
Mon Dec 2 14:46:25 UTC 2019
Hi,
I configured a reverse proxy with something like this:
https_port 10.215.145.81:50443 accel cert=/etc/ssl/whatever.cer
key=/etc/ssl/whatever_key_nopassphrase.pem
options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,CIPHER_SERVER_PREFERENCE,No_Compression
cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA25
6:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
tls-dh=/etc/ssl/whatever/dh2048.pem defaultsite=whatever.org
cache_peer 10.215.248.40 parent 8080 0 no-query originserver
login=PASS front-end-https=on name=httpsServer
[etc]
I can load the web portal just fine from a web client connecting to
10.215.145.81:50443. However, the web server then sends an HTTP
redirection to an HTTP URL which is something like
http://10.215.248.40:8080/whatever (in other words, the page is hosted
on the same server). That breaks the browsing experience (connection
reset).
If I can't modify the server code at 10.215.248.40, is there a
workaround for this?
Thanks,
Vieri
More information about the squid-users
mailing list