RE: [squid-users] Noob - OWA - Squid3 - SSL

Derek,

Thanks for the response.
In your conf, it seems that you are communication with the exchange
server via ssl port 443.
I want squid to listen on 443 with https then retrieve the pages from
exchange on 80 with http.
I understand this is a major reason to use the pre-release of version 3.

Is this how I would do that?:
https_port 3129 accel defaultsite=exchange.domain.com
cert=/usr/local/squid/etc/squid.pem protocol=http
cache_peer exchangeIP parent 80 0 no-query originserver
front-end-https=on login=PASS name=exchange-https

Alex
-----Original Message-----
From: Derek Winkler [mailto:dwinkler@algorithmics.com]
Sent: Wednesday, June 09, 2004 1:34 PM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Noob - OWA - Squid3 - SSL

Remember externally for testing exchange.domain.com should point to the
squid server, the squid server itself should be able to resolve
exchange.domain.com to the actual owa server.

For testing you can make an entry in your workstation host file to point
exchange.domain.com to the squid server.

The squid server will actually listen on port 443, no need to specify
port. This is important since the OWA server doesn't specify a port.

Here's my config which worked.

visible_hostname whatever.domain.com
cache_mgr whoever@domain.com

https_port 443 cert=/opt/squid/etc/certificate.crt
key=/opt/squid/etc/private.key cafile=/opt/squid/etc/cacert.crt
defaultsite=exchange.domain.com

cache_peer exchange.domain.com parent 443 0 no-query ssl proxy-only
originserver login=PASS sslflags=DONT_VERIFY_PEER

debug_options ALL,3

ssl_unclean_shutdown on

acl owa-exchange urlpath_regex \/exchange(\/|$)
acl owa-webid urlpath_regex \/WebID\/

acl all src 0.0.0.0/0.0.0.0
acl all-dst dst 0.0.0.0/0.0.0.0
acl owa-host dst XXX.XXX.XXX.XXX/255.255.255.255

http_access allow owa-host owa-exchange
http_access allow owa-host owa-webid
http_reply_access allow all-dst
http_access deny all
http_access deny all-dst

> -----Original Message-----
> From: Alex Zlaten [mailto:alex@reiusa.net]
> Sent: Wednesday, June 09, 2004 2:19 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Noob - OWA - Squid3 - SSL
>
>
> Hi,
> I have been working with squid 3 for a few days now, I don't want to
> bother you guys with questions that have already been answered a
> million times but here goes.
> Is there a good post of a squif.conf for using squid3 as an SSL
> front-end?
>
> Does the URL in the browser have to be the FQDN of the exchange server

> or does squid take care of the url translation?
> Example:
>
> Squid server: https://10.0.0.1:3129
> Exchange server (from https_port in conf): exchange.domain.com
>
> Can I go to https://10.0.0.1:3129/exchange to communticate with
> http://exchange.domain.com/exchange ? Or do I have to have DNS point
> to my squid server as exchange.domain.com?
>
> Here is the changes to the default squid.conf I am using:
>
> https_port 3129 accel defaultsite=exchange.domain.com
> cert=/usr/local/squid/etc/squid.pem protocol=http cache_peer
> exchangeIP parent 80 0 no-query originserver front-end-https=on
> login=PASS name=exchange-https cache_peer_access exchange-https allow
> http always_direct allow all acl http proto http cache_peer_access
> exchange-https allow http
>
> Currently, if I go to https://10.0.0.1:3129 I get whatever is in the
> root of my exchange server (iis Under construction) If I go to
> https://10.0.0.1:3129/exchange, I get the Basic Authentication Login.
> After entering the login is says I'm leaving secure connection then I
> get page cannot be displayed.
>
> Thank you for any help.
> Alex Zlaten
>
>
>
Received on Wed Jun 09 2004 - 13:20:24 MDT