Squid reverse proxy ssl problem



  • Hi,

    I have problems to configure the reverse proxy with ssl. My problem is:

    • reverse proxy with http works
    • reverse proxy with https and disabled http does not work
    • reverse proxy with https and enabled http works

    It would be nice if someone could check the configuration:

    pfSense: 2.1-RC0 (i386)
    squid3: 3.1.20 pkg 2.0.6
    For testing I created the ca and the certificate with pfsense cert manager for the domain "mail.mydomain.com".
    In the reverse proxy gui:

    General:
    external FQDN: mail.mydomain.com
    reset tcp connections: enabled
    enable http reverse mode: disabled(enabled)
    enable https reverse mode: enabled
    reverse ssl cert: mailmydomaincom

    Web Servers:
    Enabled
    Peer Alias = mailhost
    Peer IP = 192.168.11.4
    Peer Port = 80
    Peer Protocol = HTTP

    Mappings:
    Enabled
    Group name = Mail
    Peers = mailhost
    URI = webapp

    Following firewall rule added on wan interface:
    inet proto tcp from any to any port = https
    (inet proto tcp from any to any port = http)

    The configuration works only if http on reverse proxy and http firewall rule is enabled. If it is disabled I get an squid error: "Kann die Anfrage zurzeit nicht weiterleiten"

    thanks for any help.
    grassu



  • I'm doing some changes on squid3-dev code.

    Test it and see if works.

    the -dev only means gui code under devel. The squid version behind it is squid 3.3 stable version.



  • Unistalled stable and installed squid-dev(3.3.5 pkg 2.1.2). Still the same behaviour.
    Any further idea?

    Thanks,
    grassu