[squid-users] Second ssl website on squid3

From: Vítor Matos <vhmatos_at_emfa.pt>
Date: Wed, 22 Jan 2014 15:03:05 +0000

Hello!
 
I'm having trouble figuring out how to do solve this.
 
Right now i'm using squid 3.1.9 as reverse proxy with these configurations left by the old administrator:
 
This is working for what we want but now i need to do this for a second website (webmail.server1.pt) and can't seem to get it working.
I can get the target server working with https only(not allowing http traffic) but when i add the reverse proxy (squid3) in the middle, it stops working.
 
thanks in advance!
 
squid.conf
 
visible_hostname www.server1.pt
 
acl purge method PURGE
acl CONNECT method CONNECT
acl SSL method CONNECT
 
acl CP_HTTP proto HTTP
acl CP_HTTPS proto HTTPS
 
cache_peer_access dc2_64 deny !CP_HTTP
cache_peer_access dc2_64_ssl deny !CP_HTTPS
 
acl all src all
acl manager proto cache_object
 
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
 
acl server1 dstdomain www.server1.pt
 
http_access allow all
acl https port 443
http_access allow https
 
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
 
http_access allow manager localhost
http_access deny manager
 
http_access deny !Safe_ports
 
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
 
http_port 80 protocol=http defaultsite=www.server1.pt vhost
acl regular_acl port 80
acl http proto http
 
https_port 443 sslBump protocol=https accel defaultsite=server1.pt cert=/etc/squid3/ssl/server1.crt key=/etc/squid3/ssl/server1.key cafile=/etc/squid3/ssl/CACHAIN.crt
acl secure_acl port 443
http_access allow secure_acl
 
cache_peer 1.1.1.1 parent 80 0 no-query originserver forceddomain= name=www round-robin
cache_peer_domain www www.server1.pt server1.pt
cache_peer_access www allow regular_acl
 
cache_peer 1.1.1.1 parent 443 0 no-query originserver name=wwws originserver ssl sslflags=DONT_VERIFY_PEER
cache_peer_domain wwws www.server1.pt server1.pt
cache_peer_access wwws allow secure_acl
 

cache_dir ufs /var/spool/squid3 100 16 256
 
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
 
access_log /var/log/squid3/access_server1.log combined server1
 

logfile_rotate 15
 
emulate_httpd_log on
 
coredump_dir /var/spool/squid3
 
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
 
refresh_pattern . 0 20% 4320
 
cache_effective_user proxy
httpd_suppress_version_string on
 
cache_effective_group proxy
Received on Wed Jan 22 2014 - 15:03:18 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 24 2014 - 12:00:06 MST