Excellent help Henrik; thanks! I do have another question; what's the best way to configure automatic startup of squid (i.e. what do I need to do so that I don't get prompted for the PEM password for each of the certs on startup?)
Thanks again. Ben -----Original Message----- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, September 02, 2004 6:36 PM To: R. Benjamin Kessler Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] SSL Reverse Proxy of multiple hosts On Thu, 2 Sep 2004, R. Benjamin Kessler wrote: > I'd like to have something like the following: > > public site1 xx.yy.133.201 > public site2 xx.yy.133.202 > public site3 xx.yy.133.203 > > all serviced by proxy1 > > internal site1 192.168.133.201 > internal site2 192.168.133.202 > internal site3 192.168.133.203 > > Do I have to run three different instances of squid to do this? No, but you you need one https_port specification per certificate, each bound to their public IP. > If they're all xxx.foo.com can I use a singel "wild card" SSL > certificate? Then you can run them all on a single public IP address. squid.conf: https_port ... https_port ... https_port ... httpd_accel_host your.primary.website httpd_accel_port 80 httpd_accel_with_proxy on acl port80 port 80 never_direct allow all cache_peer server1 parent 80 0 no-query acl site1 dstdomain www.site1.com http_access allow site1 port80 cache_peer_access server1 allow site1 cache_peer server2 parent 80 0 no-query acl site2 dstdomain www.site2.com http_access allow site2 port80 cache_peer_access server2 allow site2 [etc]. Alternatively you can take out the cache_peer, cahce_peer_access and never_direct lines and place the IP addresses of the web server for each accelerated web server into /etc/hosts. Regards Henrik
