On Fri, Aug 01, 2008 at 12:15:53AM -0700, elsergio wrote: > I am trying to see all the reverse proxy features that Squid > offers and I have a question about SSL. I am sure you can help me. > > I have seen in the forum that it seems to be something like this: > > acl http protocol http > acl https protocol https > http_port public.ip:80 accel defaultsite=your.main.sitename vhost > acl servergroup_domains dstdomain your.main.sitename other.sitename ... > cache_peer ip.of.web.server parent 80 0 no-query originserver > name=servername_http > cache_peer_access servername_http http servergroup_domains > https_port public.ip:443 accel defaultsite=your.main.sitename > sslcert=/path/to/main.sitename.pem > cache_peer ip.of.web.server parent 443 0 no-query originserver ssl > name=servername_https > cache_peer_access servername_https https servergroup_domains > > The problem is that I cannot figure out de differences between > creating an SSL connection (the case above I think) and Squid > being the end of an SSL connection.
The configuration example you have there does both. http_port configures a port for squid itself to accept connections on. If you use https_port, it will be an SSL endpoint; which is why you need to specify the certificate file to use. cache_peer configures either an upstream proxy or defines an origin server (conceptually these are the same thing, the only difference is how you make requests to them). I suppose specifying the "ssl" option to it tells squid to make SSL connections when requesting content from it. Does that help at all?
