[squid-users] pass ssl through Squid reverse proxy

Amos Jeffries squid3 at treenet.co.nz
Wed May 20 10:41:02 UTC 2015


On 20/05/2015 5:03 p.m., Дмитрий Лозицкий wrote:
> Hello,
> 
> I have a requirement to setup a reverse proxy for a secure connection to a
> server where tomcat is working.
> Services on tomcat already have ssl setup, but as tomcat doesn't have
> explicit certificate and a key file for ssl connection, I'd like to let the
> https traffic from a client to pass through the reverse proxy directly to a
> server and use encryption on a server instead of on reverse proxy.
> 
> Can anyone please give an idea if it possible to do?

What you are asking for is not possible with Squid. But its also
unnecessary and very much *not* reverse-proxy.


What reverse-proxy Squid do is terminate the client TLS connection then
proxy the embeded HTTP request(s) to the backend server(s). Optionally
using TLS on the connections between Squid and the server (Tomcat).

Like so:
 https_port 443 accel defaultdomain=example.com \
    ssl cert=/path/to/example.com.pem

 cache_peer tomcat.local 443 0 originserver ssl

... and the relevant TLS parameters. With DNS of course pointing at the
Squid instead of tomcat.

THe iwki config example
<http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate>
should have what you need.

Amos



More information about the squid-users mailing list