On Fri, Mar 3, 2017 at 4:55 PM, Amos Jeffries <squ...@treenet.co.nz> wrote:
> On 4/03/2017 3:53 a.m., sothy shan wrote: > > On Fri, Mar 3, 2017 at 2:56 PM, Matus UHLAR - fantomas < > uh...@fantomas.sk> > > wrote: > > > >> On 03.03.17 10:02, sothy shan wrote: > >>>> > >>>>> I am trying to test reverse proxy with HTTPS. For example, client > makes > >>>>> HTTPS request to squid server which make another HTTPS request to web > >>>>> server. > >>>>> > >>>> > >> On Fri, Mar 3, 2017 at 12:59 PM, Matus UHLAR - fantomas < > uh...@fantomas.sk > >>>> > >>> wrote: > >>> > >>>> what point does this have, except disabling client certificates? > >>>> > >>> > >> On 03.03.17 14:09, sothy shan wrote: > >> > >>> Will it work as expect (i.e. reverse HTTPS Proxy) when I disable client > >>> certificates? > >>> > >> > >> It should work even without disabling client certificates, it just makes > >> little sense. > >> > >> Talking to servers using HTTP and thus behaving like SSL accelerator > makes > >> sense. > >> > >> Behaving like caching accelerator while using SSL on both sides makes > >> little > >> sense, of course depending on cacheability of the content. > >> > > > > In order to check first rever proxy with HTTP, I am using squid-4.0.18. > > The following changes are added into /etc/squid/squid.conf > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > > http_port 192.168.1.69:80 accel defaultsite=www.xxxx.fr > > cache_peer X.Y.W.Z parent 80 0 no-query originserver name=myAccel > > > > acl our_sites dstdomain www.lemonde.fr > > http_access allow our_sites > > cache_peer_acces myAccel allow our_sites > > cache_peer_access myAccel deny all > > > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > > After that I am manually running > > $sudo squid -d 2 -a 80 -N -X > > > > Squid is not running and stopped in the middle without any error msg. > > > > I very much doubt there is *no* error message. Much more likely that it > is just being sent to a place you are not noticing. > > > Do you see where is problem? > > You have told Squid to open port 80 on *all* IPs of the machine for > generic proxy traffic (command line parameter "-a 80"), then you have > told Squid to *also* open port 80 on IP 192.168.1.69 for reverse-proxy > traffic. > > You cannot open a IP:port twice. Not even with the same application. > I changed the configuration ++++++++++++++++++++++++++++++++++++ http_port 192.168.1.69:80 accel defaultsite=www.AAAAA.com cache_peer 192.168.1.31 parent 80 0 no-query originserver http_access allow all ++++++++++++++++++++++++++++++++++++++++++ It worked well now for HTTP reverse proxy. > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users