Mario Remy Almeida wrote:
> Hi Amos,
>
> I followed the instruction as per
> http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
>
> But I am some how failing to configure https.
>
> My squid.conf
> ========================================================================
> https_port 443 defaultsite=mail.airarabia.ae \
> cert=/etc/squid/keys/cert.pem key=/etc/squid/keys/key.pem
Okay two extra things about the port:
1) unless you have the wilcard cert its best to specify the IP:port
combo and generate the cert for those IP:port. That way you can use
other IP for other domains and be sure Squid is sending SSL on the right IP.
2) check that the cert/key are correct for the IP:port squid is
listening on.
> cache_peer 10.200.22.12 parent 80 0 no-query originserver login=PASS \
> front-end-https=on login=PASS name=owaServer
So OWA is listening on port 80?
> cache_peer_access owaServer allow OWA
> acl OWA dstdomain mail.airarabia.ae
> http_access allow OWA
> miss_access allow OWA
> miss_access deny all
Missing:
never_direct allow OWA
that bit is important to prevent Squid even attempting to request a
connection direct to OWA without the peerage settings.
Amos
>
> cache.log
> ========================================================================
> 2009/05/17 13:32:12| fwdNegotiateSSL: Error negotiating SSL connection \
> on FD 24: error:00000000:lib(0):func(0):reason(0) (5/-1/104)
> 2009/05/17 13:32:12| fwdNegotiateSSL: Error negotiating SSL connection \
> on FD 24: error:00000000:lib(0):func(0):reason(0) (5/-1/104)
> 2009/05/17 13:32:13| fwdNegotiateSSL: Error negotiating SSL connection \
> on FD 24: error:00000000:lib(0):func(0):reason(0) (5/-1/104)
>
> Error on the browser
> ========================================================================
> While trying to retrieve the URL: https://mail.airarabia.ae/exchweb/
>
> The following error was encountered:
>
> * Connection to 10.200.22.12 Failed
>
> The system returned:
>
> (71) Protocol error
>
> The remote host or network may be down. Please try the request again.
>
>
> Please help
>
> //Remy
>
>
> On Fri, 2009-05-15 at 16:35 +1200, Amos Jeffries wrote:
>> Mario Remy Almeida wrote:
>>> Hi All,
>>>
>>> Need to setup Reverse proxy
>>>
>>> I have
>>>
>>> Squid 2.7STABLE6
>>> OS Centos
>>>
>>> Web server= Microsoft Outlook Web Access
>>> SSL enabled
>>> port 443
>>>
>>>
>>> My squid config is as below
>>>
>>> acl vhosts1_domains dstdomain mail.airarabiauae.com
>>> http_port 443 accel defaultsite=mail.airarabiauae.com vhost
>>> cache_peer 10.200.22.12 parent 443 0 no-query originserver name=vhost1 \
>>> ssl
>>> cache_peer_access vhost1 allow vhosts1_domains
>>>
>>> Please someone tell me it that is the right way to configure it.
>>>
>> No. Here is the tutorial:
>>
>> http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
>>
>> port 443 is often encrypted. It requires the https_port option instead
>> of http_port, and the certificate as well.
>>
>> The peer part may be correct, or further ssl-related options may be
>> needed. It depends on your peer so I can't say for certain unless you
>> actually hit a problem.
>>
>>
>> Amos
>
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.7Received on Sun May 17 2009 - 06:16:22 MDT
This archive was generated by hypermail 2.2.0 : Sun May 17 2009 - 12:00:01 MDT