On 14/05/2014 4:34 a.m., Nico Snyman wrote:
> Hi guys,
>
> I am trying to set up an https reverse proxy to cache and proxy a data
> feed from a 3rd party.
>
> At the moment, as a POC inside a VirtualBox VM, I am simply trying to
> reverse proxy https://localhost to fetch https://www.google.com (or
> any other https site).
>
The Right Way(tm) to test is with hosts file entry standing in for
public DNS.
/etc/hosts:
127.0.0.1 google.com
... and making sure the proxy configuration is correct ...
/etc/squid/squid.conf:
...
https_port 443 accel defaultsite=google.com cert=...
http_port 80 accel defaultsite=google.com
...
cache_peer google.com parent 443 0 originserver ssl ...
...
acl our_sites dstdomain google.com
acl port443 myportname 443
acl port80 myportname 80
cache_peer_access myAccel allow port443 our_sites
cache_peer_access myAccel1 allow port80 our_sites
http_access allow our_sites
http_access deny all
...
> Unfortunately, I consistently get the following:
>
> kid1| TCP connection to www.google.com/443 failed
> kid1| WARNING: HTTP: Invalid response: No object data received for
> https://localhost/ AKA localhost/
>
> In a browser this is a "Zero Sized Reply" message.
>
> My squid.conf as follows:
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> https_port 443 accel cert=/etc/squid3/squid.crt
> key=/etc/squid3/squid.key defaultsite=localhost
> http_port 80 accel defaultsite=localhost
> cache_peer www.google.com parent 443 0 no-query no-digest originserver
> name=myAccel
> cache_peer www.google.com parent 80 0 no-query no-digest originserver
> name=myAccel1
> acl our_sites dstdomain localhost
> http_access allow our_sites
> cache_peer_access myAccel allow our_sites
> cache_peer_access myAccel1 allow our_sites
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost manager
> http_access deny manager
> http_access allow localhost
> http_access deny all
> access_log daemon:/squid3_logs/access.log squid
> cache_store_log daemon:/squid3_logs/store.log
> cache_log /squid3_logs/cache.log
> coredump_dir /var/spool/squid3
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
> refresh_pattern . 0 20% 4320
>
> Anybody have any ideas? I for the life of me cannot figure it out, and
> haven't been able to find relevant help in the archives.
>
> Squid version: squid3-3.3.8
> Ubuntu 13.10 inside Virtualbox 4.3.6
>
>
>
> Thank you!
>
Received on Tue May 13 2014 - 16:53:20 MDT
This archive was generated by hypermail 2.2.0 : Wed May 14 2014 - 12:00:05 MDT