We have been using squid in accelerator mode for a number of years. In
the current setup we have the squid frontends that send all the http
requests to the backend apache webservers using a simple redirect
script.  We need to switch to https for the public presence.

So, our initial thought would be to use https_port for public HTTPS
presence and send the requests using cache_peer to the backend apache
servers using plain http.  Basically terminating HTTPS from clients and
relaying it to backend servers using HTTP.  

We will need to implement HSTS at some point (i.e.
Strict-Transport-Security: max-age=8888; includeSubDomains; preload),
will we be able to do this in the above scenario?

Also, we will initially be providing both http and https, but will need
to stop http at some point.  Is there a way to redirect the clients that
try to connect via http to use https with squid?  Something like the
rewrite engine in apache?

We use RH 6.x which comes with squid 3.1.  Thanks for any feedback. 
squid-users mailing list

Reply via email to