[squid-users] Rewriting HTTP to HTTPS for generic package proxy
Amos Jeffries
squid3 at treenet.co.nz
Wed Jul 10 11:34:45 UTC 2024
On 10/07/24 22:57, Fiehe, Christoph wrote:
> The idea behind was to find a way to cache packages from a repository that only provides HTTPS-based connections. It would work, when the HTTPS connection terminates at the Squid Proxy and not at the client, so that the proxy can forward the message payload to the client using normal HTTP. Apt-Cacher-NG implements the behavior, but it seems to be too buggy to use in a productive environment.
>
> There is no way to achieve that with standard Squid mechanisms?
>
At risk of allowing bad actors to install arbitrary software on all of
your clients: You can direct all the archive traffic to a cache_peer
with port 443 and "originserver tls" flags.
YMMV, caveat emptor.
Cheers
Amos
More information about the squid-users
mailing list