Re: Re: https bypass squid cache in reverse proxy mode
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On Sun, 1 May 2011 23:22:26 +0800, Gary K wrote:
Hi Amos, Thank you for your response. The following is is my configuration: http_port 80 accel defaultsite=www.abc.com cache_peer 202.x.x.x parent 80 0 no-query originserver name=myAccel acl our_sites dstdomain www.abc.com cache_peer_access myAccel allow our_sites cache_peer_access myAccel deny all
So all traffic arriving on port 80 will be sent to 202.x.x.x.
acl HTTPS proto HTTPS deny_info http://www.efg.com/ HTTPS http_access deny HTTPS cache_peer 75.x.x.x parent 80 0 no-query originserver name=myserver1 acl sites_myserver1 dstdomain www.efg.com
None of these will be used with the mentioned http_port settings. Reverse-proxy will only get traffic on its port 80 (HTTP). The main 202.* peer is likely up, so the backup 75.* will not be used (no access rules to say when 75.* applies therefore its available as a backup).
I change my host file in window and connect to http://www.efg.com is no problem and can see the log in /var/log/squid3/access.log. But when i click one of the icon in this site is involved https, no response and I can see any a hit in the log.
port 443 on whichever IP you configured in hosts file is not working. The config you just showed indicates Squid is not involved. The lack of log traces in squid confirms that.
I know i can use https_port 443 to add the cert in squid. But I want to config this squid server to serve different customers as a cache server and their dns porint to this server. What I want to do is: 1. Cache the http service for different site ( now is OK) 2. if this site involve https service, let the traffice redirect to the original web server ( no solution now).3. if https_port can support multiple cert for different sites. cachethe https sites. (no solution now). Hope you can help. Regards, Gary 2011/5/1 Amos Jeffries:On 01/05/11 15:41, Gary K wrote:Hi Amos, Thank you for your reply!Any method when received http go to squid cache, when received httpsredirect to web server directly?Multiple concepts clash in your statement... Â"squid cache" -> storage component of Squid Â"redirect" -> HTTP 301, 302, 303 or 307 message Â"web server direct" -> use global DNS to locate web service The config I gave you earlier prevents Squid proxy using Squid cache component to service the HTTPS requests. Reverse proxy HTTPS can redirect to web server HTTP with: Âacl HTTPS proto HTTPS Âdeny_info http://example.com/ HTTPS Âhttp_access deny HTTPS Making Squid reverse proxy go direct to web servers instead of usingcache_peer is unsafe. Normal reverse proxy configuration has cache_peer entires to pass the requests to web servers without using global DNS.Reading between the lines I suspect you mean passing HTTP traffic to Squidand HTTPS not to Squid?ÂReverse proxy has gobal DNS pointing a whole domain at Squid IP. You can:Â(at DNS level) configure with a different domain Â (ie http://www.example.com/ and https://ssl.example.com/) ORÂ(at packet level) forward/route port 443 from Squid box to the web serverbox instead of configuring squid https_port. ORÂ(at service level) have Squid listening on port 80 and web server on port443 on the Squid box. Any of this helpful?
[Linux Audio Users] [Photo] [Yosemite News] [Samba] [Video Projectors] [Video Devices] [Big List of Linux Books] [LCD TVs] [Webcams] [Linux USB]