[squid-users] reverse proxy and HTTP redirects
Vieri Di Paola
vieridipaola at gmail.com
Tue Dec 3 09:11:53 UTC 2019
On Tue, Dec 3, 2019 at 6:33 AM Amos Jeffries <squid3 at treenet.co.nz> wrote:
> NP: you have not configured any Elliptic Curve to be used, so all those
> EC ciphers will not be usable. Also you configured some DES based
> ciphers and then disable DES.
I'll review that, thanks.
> The problem is that the client is talking to port 50443 and the service
> is expecting port 8080 in URLs.
> The best solution is to have the server and Squid using the same port
> number. Preferably 443 for HTTPS services.
I can't. Both 443 and 8080 are already in use.
> Alternatively you might be able to use the vport= option on https_port
> to set the URL port to 8080. However, this affects *all* inbound traffic
> at that port and any embedded URLs the service sends the client will
> remain broken (contain port 8080).
Whether I use vport=8080 or not, it still fails because the client
gets an HTTP redirection such as:
http://squidserver.local:50443/whatever (without vport=)
http://squidserver.local:8080/whatever (with vport=8080)
Note the http://.
So the client browser is instructed to connect to an HTTP port which
I would need to somehow rewrite the redirection to something like:
https://squidserver.local:50443/whatever (without vport=)
More information about the squid-users