[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] Question about Squid 3 reverse proxy and SSL
From:       Tom Williams <tomdkat () comcast ! net>
Date:       2008-11-27 17:10:43
Message-ID: 492ED493.4070108 () comcast ! net
[Download RAW message or body]

Matus UHLAR - fantomas wrote:
> On 26.11.08 17:58, Tom Williams wrote:
>   
>> Ok, I'm adding SSL support to my Squid 3 reverse proxy configuration.
>>
>> Here are the configuration directives:
>>
>> http_port 8085 accel defaultsite=www.mydomain.com vhost
>> https_port 4433 accel cert=/etc/ssl/cert/www_mydomain_com.crt 
>> key=/etc/ssl/private/private.key  defaultsite=www.mydomain.com vhost
>> cache_peer 192.168.1.7 parent 80 0 no-query originserver login=PASS 
>> name=web2Accel
>> cache_peer 192.168.1.7 parent 443 0 no-query originserver ssl login=PASS 
>> name=web2SSLAccel
>>
>> Here is the error I get when I try to connect:
>>
>> clientNegotiateSSL: Error negotiating SSL connection on FD 13: 
>> error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
>>
>> What does this error mean?
>>     
>
> someone apparently used HTTP on port you have configured to be HTTPS
>
> Btw, why are you using ports 8085 and 4433 for reverze proxy? 
> Reverse proxy should listen on 80/443 and forward requests to real server on
> different IP/port?
>   
Ah.  Now that you mention that, I believe I made that mistake myself.  I 
probably used http://blah:4433/ instead of httpS://blah:4433/.  I really 
need to get some sleep.   :(

As for the strange ports, it's because I'm currently doing testing.  
Once everything has been worked out, we will switch Squid over to using 
ports 80/443 for HTTP and HTTPS traffic.  :)

Thanks!

Peace...

Tom
[prev in list] [next in list] [prev in thread] [next in thread]