here's how we do it: For the child: remap.config: map https://inbound.example.com https://inbound.example.com parent.config dest_domain=inbound.example.com scheme=https parent=" my-upstream1.proxy.com:443:,my-upstream2.proxy.com:443" round_robin=consistent_hash go_direct=false
For the parent/upstream: remap.config map https://inbound.example.com https://origin.example.com By mapping the inbound to the inbound on the child the parent uses the same certificate as the child -- which we know we can get (whereas we don't know we can get a certificate for the origin domain). Alternatively, its likely the 502 is because of certificate issues on the parent -- might just try playing with the https://docs.trafficserver.apache.org/admin-guide/files/records.config.en.html#proxy-config-ssl-client-verify-server-policy as a quick debugging step. On Thu, Nov 4, 2021 at 12:12 PM Zack Bartel <[email protected]> wrote: > Hello everyone, > I am trying to configure ATS 9.0.0 to upstream to another secure proxy > over https. I can't get it to work and all connections 502 Connection > Refused. Is it possible to use https for the parent proxy? > > > url_regex=.+ scheme=https parent="my-upstream.proxy.com:443" > round_robin=true ignore_self_detect=true > > > Thank you, > > Zack Bartel
