RE: [squid-users] SSL Reverse Proxy

From: Dwyer, Simon <sdwyer@dont-contact.us>
Date: Thu, 11 Oct 2007 16:22:48 +1100

Ok I have worked out the first issue which was a firewall rule issue.

The http version is working fine now but the https one is still having
issues. This is what I am getting when browsing to it.

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: https://<website> /

The following error was encountered:

    * Unable to forward this request at this time.

This request could not be forwarded to the origin server or to any parent
caches. The most likely cause for this error is that:

    * The cache administrator does not allow this cache to make direct
connections to origin servers, and
    * All configured parent caches are currently unreachable.

Your cache administrator is sdwyer@federalit.net.
Generated Thu, 11 Oct 2007 05:21:58 GMT by <proxy>.federalit.net
(squid/2.6.STABLE10)

-----Original Message-----
From: Dwyer, Simon
Sent: Thursday, 11 October 2007 4:13 PM
To: 'squid-users@squid-cache.org'
Subject: [squid-users] SSL Reverse Proxy

Hi everyone,

First time doing this so if I mess it up don’t flame too much ☺

I have an internal web server that needs to be reached from the outside
world.

| Internal web server | <--> | Firewall | <--> | Squid Proxy | <--> |
Firewall | <--> Internet

Between the web server and the proxy it will be standard http but from the
proxy to the internet it will be https. I have purchased a cert for the
domain used and generated all the stuff needed on the squid server for that
using openssl.

I think these are the two relevant lines in my config.

https_port 443 accel cert=/<path to cert>/cert.crt key=/<path to
key>/key.key defaultsite=<website> vhost

cache_peer reports2.federalit.net parent 2002 0 no-query originserver
name=reports.federalit.net

I know 2002 is a funny port but that’s what the windows people have this
site running on.

I also added the line

http_port 80 accel defaultsite=reports.federalit.net vhost

to see if I could get it working over just HTTP but that does the same
thing.

It just sits there and times out very slowly...

Any ideas would be great,

Cheers,

Simon Dwyer
Technology Services Group
Received on Wed Oct 10 2007 - 23:22:59 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT