hi there!
I am having a bad day with squid, i must admit i don't know squid at all, but the boss needs a reverse proxy for a ssl site.
I would need a simple base configuration allowing internet clients to connect to our lan based web server through a dmz based squid with out any caching or anything.
All I want to do is hide the windows web server from direct internet connections...
What I currently don't know is:
Do I have to have the ssl cert which is "domain based" installed on the squid or on the web server?
Best would be that the cert stay on the web server and that all traffic is transparently forwarded to it.
Here is my current config... not realy working as it should
Code:
acl all src 0.0.0.0/0.0.0.0
visible_hostname www[.]somesite[.]com
icp_access allow all
#http_port 193.222.222.222:443 cert=/etc/squid/cert.cer version=3
http_port 193.222.222.222:443
# tell squid to contact the real webserver
httpd_accel_host 172.168.2.1
httpd_accel_port 443
httpd_accel_uses_host_header off
# Disable proxy support
httpd_accel_with_proxy off
http_access allow all
no_cache
When I connect to this address I am currently getting the following error
ssl_error_rx_record_too_long
Can anyone help me with a minimal configuration to let all ssl traffic pass through the proxy transparently??
cheers
gogga