Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid Reverse Proxy SSL Termination Problem

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zid
      last edited by

      Hello guys,

      I'm using the squid package: 3.1.20 pkg 2.1.0.
      Now my plan is to set up my Webservers to be be available like this:
      Internetdomain –-Port:443 SSL---> Squid ---Port:80---> Webserver

      If a user tries to connect via Port 80 they should get redirected to 443. Squid should terminate ssl and pass the user to the webserver via port 80.

      as i didn't find any possibilities to set my certificate (reverse SSL certificate option in the gui does nothing?), i edited the squid.inc to add additional details to my squid.conf.
      The configuration now looks like this:
      (IPs/Domains edited)

      https_port 94.58.64.159:443 accel cert=/usr/pbi/squid-i386/etc/squid/certificate.crt key=/usr/pbi/squid-i386/etc/squid/certificate.key defaultsite=domain.tld vhost
      
      cache_peer 192.168.0.100 parent 80 0 proxy-only no-query no-digest originserver login=PASS round-robin name=rvp_APACHE
      
      acl rdr_dst_webserver dstdomain apache.domain.tld
      acl rdr_path_webserver urlpath_regex ^/$
      deny_info https://apache.domain.tld/subdirectory rdr_path_webserver
      http_access deny HTTPS rdr_dst_webserver rdr_path_webserver
      
      acl rvm_APACHE url_regex -i apache.domain.tld
      cache_peer_access rvp_APACHE allow rvm_APACHE
      never_direct allow rvm_APACHE
      http_access allow rvm_APACHE
      

      What happens when I connect is:
      I type apache.domain.tld and get a HTTP connection to the root folder of the webserver. It doesn't redirect to the subdirectory and doesnt secure the public part of the connection.

      If I add HTTP in the Squid Redirect Mappings i get redirected to the right subdirectory and to the https URL. but it just jumps back to http and doesnt secure the public part either.

      I think theres some major flaw in my configuration. Maybe something with the regex?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.