<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>It seems the option http_port cannot be put under each process ID. If using workers, http_port cannot bind to ports specified from http_port.<br><br>Alex<br><br /><br /><div>> Date: Wed, 1 Jul 2015 14:56:46 +1200<br>> From: squid3@treenet.co.nz<br>> To: alex_wu2012@hotmail.com; squid-users@lists.squid-cache.org<br>> Subject: Re: [squid-users] sslbump and caching of generated cert<br>> <br>> On 1/07/2015 5:08 a.m., Alex Wu wrote:<br>> > /*<br>> > You could assign two workers, each with a different http_port and<br>> > ssl_crtd helper using different cert databases.<br>> > <br>> > */<br>> > <br>> > How to do this? It sounds it might meet our need. <br>> > <br>> <br>> at the top of squid.conf place:<br>> <br>> workers 2<br>> <br>> if ${process_number} = 1<br>> http_port 10045 ...<br>> sslcrtd_program ...<br>> <br>> else<br>> http_port 10046 ...<br>> sslcrtd_program ...<br>> <br>> endif<br>> <br>> The list of other directives which also need separate per-worker<br>> configuration can be found at<br>> <http://wiki.squid-cache.org/MultipleInstances#Relevant_squid.conf_directives>.<br>> <br>> <br>> > The reason is that we assign a port for internal, <br>> > so we can use cheap CA (self-generated CA), for the collaboration, we use a diffrent port, <br>> > may need to set up a different CA.<br>> <br>> That dont make sense to me. There should be no need for internal traffic<br>> to use a different CA from what external has. Costs are already paid to<br>> get the public CA, there is no incremental increase for internal traffic<br>> to use it as well.<br>> <br>> You can do simpler things like using a private LAN-specific IP on the<br>> listening http_port for internal traffic and myportname ACL for internal<br>> vs external access controls (that work regardless of whether the request<br>> has been bumped or not).<br>> <br>> Amos<br>> <br></div> </div></body>
</html>