> > https_port 443 cert=/usr/local/etc/apache/ssl.crt/server.crt > > key=/usr/local/etc/apache/ssl.key/server.key accel > > defaultsite=my.virtualhost.com protocol=http. > > Looks fine.
Except it didn't do what I wanted it to do. > > > This appears to rewrite everything to http://my.virtualhost.com on > > its own and does not ever get to the redirect_program instead > > showing up as an http:// request at my.virtualhost.com on port 443. > > Why are you using a redirect program? Because I actually want to rewrite https://www.abc.com.at.example.com/ to http://www.abc.com which may be an actual or virtual domain. > > The requests should not get forwarded at all unless you for some > reason forces these direct, and if they are they should end up as > http://my.virtualhost.com/ (port 80). > > There was some minor issues in how Squid-3 handled this some weeks > ago > (sometimes getting the port number incorrect on accelerated requests) > but it should work fine now. OK, I installed squid-3.0-PRE3 which seems to have that problem solved. > > > Can Apache3 be configured as an accelerator rewriting https:// > > requests to http:// name-based virtual domains? How do I get the > > request to the redirect_program? > > This is a Squid list, not an Apache list. Sorry, I knew that. Just a slip as I am using the Apache SSL keys and certificates. > > If I understand you correctly you want Squid to accept https request > and forward them to a http server of your choice? If this is the > case then use something like this: > > https_port 443 cert=... key=... accel defaultside=... > (don't use protocol=) Interesting, neither accel nor vhost are listed as https_port options and given the note I thought it was automatic. I am now using vhost with no defaultsite=... and it seems to work OK for both rewrites and cache_peer methods. > > cache_peer your.http.server parent 80 0 no-query originserver > > acl my dstdomain my.virtualhost.com > cache_peer_access your.http.server allow my OK, I understand this - sort of. I would usually do: cache_peer 1.1.1.1 parent 80 0 no-query originserver name=www.example.com acl my dstdomain www.abc.com.at.example.com cache_peer_access www.example.com allow my Are both methods OK or just yours? > > If the domain name requested by the browser is different compared to > the domain name expected by the http server then you have three > options: > > a) Set the defaultsite= to the domain name expected by the web server > (not recommended.. this should be set to the externally visible > domain name) OK, understood. > > b) Use a redirector to rewrite the URL while forwarded by Squid > (this will modify the cache_peer_access requirements accordingly). OK, I think I can make this work. I have already done so except with always_direct instead of cache_peer_access. > > c) Use the forcedomain= cache_peer option. OK, understood One final (ho ho ho :} question: When I rewrite https://accel.com to http://origin.com and use always_direct allow http://origin.com the browser (IE6) pops up the message that both secure and non-secure items are going to be displayed. Any way 'round this?
