<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 9, 2017 at 1:41 PM, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 6/03/2017 11:21 p.m., sothy shan wrote:<br>
> Hi,<br>
><br>
> I can give precise what I am doing on this part.See the previous mail below<br>
> for my exact requirement.<br>
><br>
> //create the keys.<br>
><br>
> $openssl req -new -keyout key.pem -nodes -x509 -days 365 -out cert.pem<br>
><br>
> Both keys(cert.pem and key.pem) are places in /etc/squid/.<br>
><br>
> Then, I make following in squid.<br>
> ++++++++++++++++++++++++++++++<wbr>++++++++++++++++++++++++++++++<wbr>+++<br>
> https_port <a href="http://192.168.1.69:443" rel="noreferrer" target="_blank">192.168.1.69:443</a> cert=/etc/squid/cert.pem key=/etc/squid/key.pem<br>
<br>
</span>The "accel" mode flag s missing.<br>
<br>
It is that alone which makes squid a reverse-proxy. The rest of the<br>
config details are 'agnostic' to the proxy type/mode.<br></blockquote><div>Yes. I made it like that. It worked! <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class=""><br>
<br>
> cache_peer X.Y.Z.Z parent 443 0 no-query originserver<br>
><br>
><br>
> http_access allow all<br>
> ++++++++++++++++++++++++++++++<wbr>++++++++++++++++<br>
><br>
> When I type in browser like this <a href="https://192.168.1.69" rel="noreferrer" target="_blank">https://192.168.1.69</a><br>
<br>
</span>Thats okay for a first test, but you should use a domain as soon as<br>
possible so all the domain related validations have a chance to be tested.<br>
There are cert domain and SNI validations happening at the TLS/SSL<br>
level, and there should also be dstdomain ACLs in squid.conf to ensure<br>
only the wanted domains traffic gets handled by the proxy.<br>
<br>
Amos<br>
<br>
______________________________<wbr>_________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/<wbr>listinfo/squid-users</a><br>
</blockquote></div><br></div></div>