Harry Griff wrote:
> Thanks very much for your reply Chris!
>
> First off, I'm stuck using 2.5. It was a lot of work getting squid installed in the first place since the linux machine is located in another country and the administrator there is really unhelpful...
>
That's going to make things tough.
>
>>> The HTTP part looks fine, but you won't be able to make a secure connection on port 443. It's set up as a http_port, not a https_port, for start. You can proxy secure connections over a http_port (it uses a tunneling method called "CONNECT").
>>>
>
> Do you mean that I should remove the line -
>
> http_port 10.20.1.1:443
>
> and have my clients connect to 10.20.1.1:80 for both http and https? If not, what should I be doing for https?
>
It depends on which route you take... If you go for the accelerator
setup, you are going to want both a http_port and a https_port line. If
you have your clients specify a proxy server in their browser, then all
you need is the http_port.
>
>>> Set it up as a reverse proxy
>>>
>
> Should this work for both http and https? -
>
> httpd_accel_host 10.251.60.180
> httpd_accel_port 80
> httpd_accel_single_host on
> httpd_accel_with_proxy on
>
> where 10.251.60.180 is the "network b" server I wish the machines in "network a" to connect to?
>
Hmmm... For an acceleration setup on Squid 2.5 (with an https_port), I
think you need something like the following...
http_port 80
https_port 443 cert=/etc/squid/cert/xyz.com.crt
key=/etc/squid/cert/xyz.com.key
httpd_accel_host 10.251.60.180
httpd_accel_port 80
httpd_accel_with_proxy off
httpd_accel_single_host on
httpd_accel_uses_host_header on
...but my memory is quite fuzzy regarding the details.
> Thanks again, I really appreciate your help,
>
> Barry.
Chris
Received on Fri May 22 2009 - 00:10:06 MDT
This archive was generated by hypermail 2.2.0 : Sat May 23 2009 - 12:00:02 MDT