<div dir="ltr">Hello<div><br></div><div> I am new to squid and I have a use case that I need to configure a forward proxy with squid. But there will be two squid servers chained to isolate the networks. So when client machine wanted to access some internet site, they will specify proxy as my first squid server. This proxy in turn will forward the packet to squid server 2 and from there traffic will be forwarded to origin server and response will come through the same path.</div><div><br></div><div> I could achieve this by configuring cache_peer.</div><div><br></div><div>>>>>> configuration in SquidServer1</div><div>
<p class="gmail-p1">http_port 3223<br><span class="gmail-s1"></span></p>
<p class="gmail-p1">include "/etc/squid3/blockedhosts.lst"<br><span class="gmail-s1"></span></p>
<p class="gmail-p1">http_access allow all<br><span class="gmail-s1"></span></p><p class="gmail-p1"><span class="gmail-s1"></span></p>
<p class="gmail-p1">cache_peer 10.106.251.90 parent 3223 0 no-query default <br><span class="gmail-s1"></span></p><p class="gmail-p2"><<<<<<br></p><p class="gmail-p1">So this will forward packets to SquidServer2 ( 10.106.251.90 ) and then will be forwarded further from there to origin server</p><p class="gmail-p1"><br></p><p class="gmail-p1">Now I want to make ssl connection between SquidServer1 and SquidServer2. </p><p class="gmail-p1">I tried the following line for cache_peer</p><p class="gmail-p1">>>>></p><p class="gmail-p1">
</p><p class="gmail-p1"><span class="gmail-s1">cache_peer 10.106.251.90 parent 3223 0 no-query default ssl sslcert="/tmp/server_90.pem" sslkey="/tmp/privkey_90.pem"</span></p><p class="gmail-p1"><span class="gmail-s1"><<<<<</span></p><p class="gmail-p1">But this doesn't work.</p><p class="gmail-p1">when I try to start quid - it gives the following error</p><p class="gmail-p1"><span class="gmail-s1">>>>>>></span></p><p class="gmail-p1"><span class="gmail-s1">~ # /usr/sbin/squid3 -N -Y -d 5 -f /tmp/minsquid.conf </span></p><p class="gmail-p1"><span class="gmail-s1">2017/01/19 21:04:24| parse_peer: token='ssl'</span></p><p class="gmail-p1"><span class="gmail-s1">FATAL: Bungled minsquid.conf line 12: cache_peer 10.106.251.90 parent 3223 0 no-query default ssl sslcert="/tmp/server_90.pem" sslkey="/tmp/privkey_90.pem"</span></p><p class="gmail-p1"><span class="gmail-s1">Squid Cache (Version 3.1.19): Terminated abnormally.</span></p><p class="gmail-p1"><span class="gmail-s1">CPU Usage: 0.004 seconds = 0.004 user + 0.000 sys</span></p><p class="gmail-p1"><span class="gmail-s1">Maximum Resident Size: 28224 KB</span></p><p class="gmail-p1">
</p><p class="gmail-p1"><span class="gmail-s1">Page faults with physical i/o: 0</span></p><p class="gmail-p1"><span class="gmail-s1"><<<<<<</span></p><p class="gmail-p1">what could be the issue .</p><p class="gmail-p1">-----</p><p class="gmail-p1">In SquidServer2 I think I need to specify https port for the client to access. I have put this line in config file</p><p class="gmail-p1">>>>>></p><p class="gmail-p1">
</p><p class="gmail-p1"><span class="gmail-s1">https_port 3224 cert=self_s_cert.pem key=key.pem</span></p><p class="gmail-p1"><span class="gmail-s1"><<<<<</span></p><p class="gmail-p1"><span class="gmail-s1">There while executing squid, getting the following error</span></p><p class="gmail-p1"><span class="gmail-s1"><br></span></p><p class="gmail-p1"><span class="gmail-s1">>>>></span></p><p class="gmail-p1"><span class="gmail-s1">~ # /usr/sbin/squid3 -N -Y -d 5 -f /tmp/minsquid.conf</span></p><p class="gmail-p1"><span class="gmail-s1">
</span></p><p class="gmail-p1"><span class="gmail-s1">2017/01/19 15:37:40| cache_cf.cc(381) parseOneConfigFile: minsquid.conf:4 unrecognized: 'https_port'</span></p><p class="gmail-p1"><span class="gmail-s1"><<<< </span></p><p class="gmail-p1"><br></p><p class="gmail-p1">Thanks</p><p class="gmail-p1">~S</p></div></div>