Re: [squid-users] SSL Accel - Reverse Proxy

From: Tory M Blue <tmblue@dont-contact.us>
Date: Mon, 5 May 2008 09:23:58 -0700

On Fri, May 2, 2008 at 6:17 PM, Henrik Nordstrom
<henrik@henriknordstrom.net> wrote:
> On ons, 2008-04-30 at 11:10 -0700, Tory M Blue wrote:
> > I was wondering if there was a way for Squid to pass on some basic
> > information to the server citing that the original request was Secure,
> > so that the backend server will respond correctly.
>
> Yes. See the front-end-https cache_peer option.

Thanks Henrik

Either I have this implemented wrong (more likely). Or the directive
is not quite right.

I seem to see this header: Front-End-Https: On:, If I hit the page
via port 80 or port 443, this in itself tells me that I've
misunderstood and botched the config, or this is not quite working
correctly (betting against me, vs the feature)..

Here is the pertinent configuration, As I stated above if i hit any of
the domains on port 80 (http://blah) or on port 443 (https://blah), I
see the header, which I should not see if I hit the page on port 80.

Thanks

Tory

http_port 80 accel vhost
http_port 199 accel vhost
http_port 360 accel vhost
cache_peer 10.40.5.229 parent 80 0 no-query originserver front-end-https
cache_peer 10.40.5.152 parent 80 0 no-query originserver front-end-https
cache_peer 10.40.5.231 parent 80 0 no-query originserver front-end-https
cache_peer_domain 10.40.5.229 !submit-dev.eng.domain.com
cache_peer_domain 10.40.5.229 !admanager-dev.eng.domain.com
cache_peer_domain 10.40.5.152 !apps-dev.eng.domain.com
cache_peer_domain 10.40.5.152 !dev-cache.eng.domain.com
cache_peer_domain 10.40.5.152 !devcache01.eng.domain.com
cache_peer_domain 10.40.5.152 !admanager-dev.eng.domain.com
cache_peer_domain 10.40.5.231 !submit-dev.eng.domain.com
cache_peer_domain 10.40.5.231 !apps-dev.eng.domain.com
cache_peer_domain 10.40.5.231 !dev-cache.eng.domain.com
cache_peer_domain 10.40.5.231 !devcache01.eng.domain.com

##SSL DIRECTIVES##
https_port 443 accel cert=/etc/squid/wildcard.eng.domain.com.pem vhost
https_port 444 accel cert=/etc/squid/wildcard.domain.com.pem vhost
Received on Mon May 05 2008 - 16:24:04 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:02 MDT