Re: [squid-users] Question about Squid 3 reverse proxy and SSL

From: Matus UHLAR - fantomas <uhlar_at_fantomas.sk>
Date: Thu, 27 Nov 2008 15:46:44 +0100

On 26.11.08 17:58, Tom Williams wrote:
> Ok, I'm adding SSL support to my Squid 3 reverse proxy configuration.
>
> Here are the configuration directives:
>
> http_port 8085 accel defaultsite=www.mydomain.com vhost
> https_port 4433 accel cert=/etc/ssl/cert/www_mydomain_com.crt
> key=/etc/ssl/private/private.key defaultsite=www.mydomain.com vhost
> cache_peer 192.168.1.7 parent 80 0 no-query originserver login=PASS
> name=web2Accel
> cache_peer 192.168.1.7 parent 443 0 no-query originserver ssl login=PASS
> name=web2SSLAccel
>
> Here is the error I get when I try to connect:
>
> clientNegotiateSSL: Error negotiating SSL connection on FD 13:
> error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
>
> What does this error mean?

someone apparently used HTTP on port you have configured to be HTTPS

Btw, why are you using ports 8085 and 4433 for reverze proxy?
Reverse proxy should listen on 80/443 and forward requests to real server on
different IP/port?

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name. 
Received on Thu Nov 27 2008 - 14:46:51 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 27 2008 - 12:00:03 MST