Re: [squid-users] Question about Squid 3 reverse proxy and SSL

From: Tom Williams <tomdkat_at_comcast.net>
Date: Thu, 27 Nov 2008 09:10:43 -0800

Matus UHLAR - fantomas wrote:
> On 26.11.08 17:58, Tom Williams wrote:
>
>> Ok, I'm adding SSL support to my Squid 3 reverse proxy configuration.
>>
>> Here are the configuration directives:
>>
>> http_port 8085 accel defaultsite=www.mydomain.com vhost
>> https_port 4433 accel cert=/etc/ssl/cert/www_mydomain_com.crt
>> key=/etc/ssl/private/private.key defaultsite=www.mydomain.com vhost
>> cache_peer 192.168.1.7 parent 80 0 no-query originserver login=PASS
>> name=web2Accel
>> cache_peer 192.168.1.7 parent 443 0 no-query originserver ssl login=PASS
>> name=web2SSLAccel
>>
>> Here is the error I get when I try to connect:
>>
>> clientNegotiateSSL: Error negotiating SSL connection on FD 13:
>> error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
>>
>> What does this error mean?
>>
>
> someone apparently used HTTP on port you have configured to be HTTPS
>
> Btw, why are you using ports 8085 and 4433 for reverze proxy?
> Reverse proxy should listen on 80/443 and forward requests to real server on
> different IP/port?
>
Ah. Now that you mention that, I believe I made that mistake myself. I
probably used http://blah:4433/ instead of https://blah:4433/. I really
need to get some sleep. :(

As for the strange ports, it's because I'm currently doing testing.
Once everything has been worked out, we will switch Squid over to using
ports 80/443 for HTTP and HTTPS traffic. :)

Thanks!

Peace...

Tom
Received on Thu Nov 27 2008 - 17:10:51 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 27 2008 - 12:00:03 MST