<br><font size=2 face="sans-serif">Thanks for the reply. I have it working
with Apache as you suggested, seems to work well, except the target server
seems can't be SSL. That's no problem.</font>
<br>
<br><font size=2 face="sans-serif">Thanks</font>
<br><font size=2 face="sans-serif">Justin</font>
<br>
<br><font size=2 face="sans-serif"><br>
--<br>
Justin Bennett<br>
Network Administrator<br>
Dynabrade, Inc.</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Darin Perusich <Darin.Perusich@cognigencorp.com></b>
</font>
<br><font size=1 face="sans-serif">Sent by: nflug-bounces@nflug.org</font>
<p><font size=1 face="sans-serif">07/16/2007 09:28 AM</font>
<table border>
<tr valign=top>
<td bgcolor=white>
<div align=center><font size=1 face="sans-serif">Please respond to<br>
nflug@nflug.org</font></div></table>
<br>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">nflug@nflug.org</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">Re: [nflug] squid reverse proxy SSL</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><tt><font size=2>When you reverse proxy an SSL site with squid you
need to define the <br>
https_port option and provide the cert/key for the site you're trying to
<br>
proxy. The site also can not be setup as a transparent proxy, this would
<br>
be a man-in-the-middle and squid won't allow it.<br>
<br>
I find that this is much easier to do with Apache and mod_proxy.<br>
<br>
# some ssl virtual host<br>
<VirtualHost 0.0.0.0:443><br>
...<br>
...<br>
...<br>
<Proxy *><br>
Order Deny,Allow<br>
Deny from all<br>
Allow from all<br>
</Proxy><br>
<br>
ProxyRequests off<br>
SSLProxyEngine on<br>
SSLProxyVerify optional<br>
SSLProxyCACertificateFile /etc/apache2/ssl.crt/cacert.crt<br>
<br>
<Location "/proxysite/"><br>
ProxyPass https://internal.domain.com/<br>
ProxyPassReverse https://internal.domain.com/<br>
</Location><br>
</VirtualHost><br>
<br>
justin.bennett@dynabrade.com wrote:<br>
> <br>
> Hey Folks,<br>
> <br>
> I am trying to setup a reverse proxy,
basically I have a web <br>
> service running on a server and I want to put it behind a squid reverse
<br>
> proxy. The application is SSL encrpyted, I want the client (on the
<br>
> internet) to go through SSL to the reverse proxy, then the reverse
proxy <br>
> to go SSL to the web application (this is not neccesary since the
proxy <br>
> and web server are on the same lan however it is currently setup this
way).<br>
> <br>
> Here is my squid.conf<br>
> <br>
> http_port 8888<br>
> httpd_accel_host 192.168.128.2<br>
> httpd_accel_port 443<br>
> httpd_accel_single_host on<br>
> httpd_accel_with_proxy off<br>
> httpd_accel_uses_host_header off<br>
> <br>
> <br>
> when I do:<br>
> https://reveseproxy.xxx.xxx:8888<br>
> <br>
> It just times out.<br>
> <br>
> Is there a trick to get squid to do SSL? I assume it's just
expecting <br>
> http not https from the client to the reverse proxy?<br>
> <br>
> Thanks<br>
> Justin<br>
> <br>
> --<br>
> Justin Bennett<br>
> Network Administrator<br>
> Dynabrade, Inc.<br>
> <br>
> <br>
> ------------------------------------------------------------------------<br>
> <br>
> _______________________________________________<br>
> nflug mailing list<br>
> nflug@nflug.org<br>
> http://www.nflug.org/mailman/listinfo/nflug<br>
<br>
-- <br>
Darin Perusich<br>
Unix Systems Administrator<br>
Cognigen Corporation<br>
395 Youngs Rd.<br>
Williamsville, NY 14221<br>
Phone: 716-633-3463<br>
Email: darinper@cognigencorp.com<br>
_______________________________________________<br>
nflug mailing list<br>
nflug@nflug.org<br>
http://www.nflug.org/mailman/listinfo/nflug<br>
</font></tt>
<br>