> I've looked in the archives, site, and Squid book, but I can't find > the answer to what I'm looking to do. I suspect that it's not > supported. > > My origin server accepts Basic auth over SSL (non-negotiable). I'd > like to stick a reverse proxy/surrogate in front of it for > caching/acceleration, and have it accept non-SSL connections w/ Basic > auth, directing those requests as https to the origin. The origin's > responses will be cached, to be used in subsequent GETs to the proxy. > Both machines are in a closed IP environment. Both use the same > authentication mechanism. > > I see that Squid 3.0 has an "ssl-bump" option, but I don't think that > does what I described. If it does, that's cool - I can change the > requirement of the proxy to accept Basic/SSL. > > Is this configuration possible, and/or am I thinking about this wrong? >
You need to configure an 'https_port' same as you would an http_port, but with added SSL certificate fields. https_port 443 accel <cert details> then the cache_peer line needs 'ssl' to re-encrypt the link and "login=PASS" (exact string) to pass the login details back to the web server. cache_peer ... ssl login=PASS Ref: http://www.squid-cache.org/Versions/v3/3.0/cfgman/https_port.html http://www.squid-cache.org/Versions/v3/3.0/cfgman/cache_peer.html Amos
