[squid-users] reverse proxy and HTTP redirects

Vieri Di Paola vieridipaola at gmail.com
Tue Dec 3 09:11:53 UTC 2019


Hi,

On Tue, Dec 3, 2019 at 6:33 AM Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> NP: you have not configured any Elliptic Curve to be used, so all those
> EC ciphers will not be usable. Also you configured some DES based
> ciphers and then disable DES.

I'll review that, thanks.

> The problem is that the client is talking to port 50443 and the service
> is expecting port 8080 in URLs.
>
> The best solution is to have the server and Squid using the same port
> number. Preferably 443 for HTTPS services.

I can't. Both 443 and 8080 are already in use.

> Alternatively you might be able to use the vport= option on https_port
> to set the URL port to 8080. However, this affects *all* inbound traffic
> at that port and any embedded URLs the service sends the client will
> remain broken (contain port 8080).

Whether I use vport=8080 or not, it still fails because the client
gets an HTTP redirection such as:

http://squidserver.local:50443/whatever (without vport=)

http://squidserver.local:8080/whatever (with vport=8080)

Note the http://.
So the client browser is instructed to connect to an HTTP port which
is closed/firewalled.
I would need to somehow rewrite the redirection to something like:

https://squidserver.local:50443/whatever (without vport=)

Vieri


More information about the squid-users mailing list