ons 2007-06-06 klockan 11:14 -0500 skrev Jason Hitt:
> Thinking maybe I hosted up my squid.conf anf want a config that should
> work for reverse proxy using ssl.
https_port public.ip:443 cert=/path/cert.pem defaultsite=your.public.website.name
cache_peer ip.of.websever parent 443 0 no-query originserver ssl
if the peer is using a self-signed certificate or one issued by a CA not
in your default list of trusted CAs then you also need the sslcafile=
option or sslflags=DONT_VERIFY_PEER (sslflags not recommended, opens for
an man-in-the-middle attack on the encryption). For a self-signed
certificate use the server certificate as a CA, for a otherwise
untrusted CA use the CA root certificate.
If your Squid has digest or icmp support enabled then you also want the
no-digest and no-netdb-exchange options. Will work fine without them,
but you might be a little annoyed by automated HTTP requests from
Squid..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT