Squid Reverse Proxy SSL Termination Problem
-
Hello guys,
I'm using the squid package: 3.1.20 pkg 2.1.0.
Now my plan is to set up my Webservers to be be available like this:
Internetdomain –-Port:443 SSL---> Squid ---Port:80---> WebserverIf a user tries to connect via Port 80 they should get redirected to 443. Squid should terminate ssl and pass the user to the webserver via port 80.
as i didn't find any possibilities to set my certificate (reverse SSL certificate option in the gui does nothing?), i edited the squid.inc to add additional details to my squid.conf.
The configuration now looks like this:
(IPs/Domains edited)https_port 94.58.64.159:443 accel cert=/usr/pbi/squid-i386/etc/squid/certificate.crt key=/usr/pbi/squid-i386/etc/squid/certificate.key defaultsite=domain.tld vhost cache_peer 192.168.0.100 parent 80 0 proxy-only no-query no-digest originserver login=PASS round-robin name=rvp_APACHE acl rdr_dst_webserver dstdomain apache.domain.tld acl rdr_path_webserver urlpath_regex ^/$ deny_info https://apache.domain.tld/subdirectory rdr_path_webserver http_access deny HTTPS rdr_dst_webserver rdr_path_webserver acl rvm_APACHE url_regex -i apache.domain.tld cache_peer_access rvp_APACHE allow rvm_APACHE never_direct allow rvm_APACHE http_access allow rvm_APACHEWhat happens when I connect is:
I type apache.domain.tld and get a HTTP connection to the root folder of the webserver. It doesn't redirect to the subdirectory and doesnt secure the public part of the connection.If I add HTTP in the Squid Redirect Mappings i get redirected to the right subdirectory and to the https URL. but it just jumps back to http and doesnt secure the public part either.
I think theres some major flaw in my configuration. Maybe something with the regex?
Thanks in advance