Its looking as if squid is only intended to use tunnel connections, ie. SSL and that I couldn't do this kind of accelleration/conversion with squid alone.......
----- Original Message ----- From: "mlister" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 20, 2003 2:44 PM Subject: [squid-users] SSL<->SSL<->unencrypted, (was: provide external access) > This is great. I set up an accelerator box and its working. What I would > like to do next is talk SSL between two squid boxes (firewall will be in > between them). > The communication to the web server from SQUID2 should be > unencrypted. > > [ accellerator ] <--> [ FIREWALL ] <--> [ accellerator ] > <--> [ webserver ] > <-SSL-> <-SSL-> <-SSL::UNENCRPTED-> > <-UNENCRYPTED-> > SQUID1 > SQUID2 > > For now, I have two squid boxes running. The FIREWALL is currently not > part of the setup > for the sake of troubleshooting. The SQUID1 is accelerating SQUID2 which > in turn is accellerating the webserver. This is working as far as > unencrypted communication. > when I try https from the first squid box , I believe its trying to do ssl > with the webserver, > which of course breaks. I added the following line in the configuration: > https_port 443 cert=/etc/httpd/ssl.crt/server.crt > key=/etc/httpd/ssl.key/server.key > on SQUID1 > > Is this configuration possible? Thanks for any insight from anyone. > > > > ----- Original Message ----- > From: "Henrik Nordstrom" <[EMAIL PROTECTED]> > To: "mlister" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Thursday, March 20, 2003 2:25 AM > Subject: Re: [squid-users] provide external access > > > > Yes. This can be done via the accelerator mode of Squid. See the Squid > > FAQ for some basic setup instructions. > > > > Regards > > Henrik > > > > mlister wrote: > > > > > > I'm new to squid and looking to see if it would be the app which could > > > provide external access (outside of firewall) to an internal web server. > > > Basically, on the DMZ, we need a server to play "Middle-Man" with an > > > internal web server, providing access to outside internet users. > > > Would squid be feesible for this sort of task? If so, I'm curious if we > > > would need two squid boxes, as well, ONE on the outside, ONE on the > > > inside of the firewall and these TWO talk SSL between each other and > then > > > the internal squid server forwards the html data from internal web > > > server to the external squid server. Thanks much for any information > > > relating to this concept. >
