Squid Reverse Proxy SSL Termination Problem

  • Hello guys,

    I'm using the squid package: 3.1.20 pkg 2.1.0.
    Now my plan is to set up my Webservers to be be available like this:
    Internetdomain –-Port:443 SSL---> Squid ---Port:80---> Webserver

    If a user tries to connect via Port 80 they should get redirected to 443. Squid should terminate ssl and pass the user to the webserver via port 80.

    as i didn't find any possibilities to set my certificate (reverse SSL certificate option in the gui does nothing?), i edited the squid.inc to add additional details to my squid.conf.
    The configuration now looks like this:
    (IPs/Domains edited)

    https_port accel cert=/usr/pbi/squid-i386/etc/squid/certificate.crt key=/usr/pbi/squid-i386/etc/squid/certificate.key defaultsite=domain.tld vhost
    cache_peer parent 80 0 proxy-only no-query no-digest originserver login=PASS round-robin name=rvp_APACHE
    acl rdr_dst_webserver dstdomain apache.domain.tld
    acl rdr_path_webserver urlpath_regex ^/$
    deny_info https://apache.domain.tld/subdirectory rdr_path_webserver
    http_access deny HTTPS rdr_dst_webserver rdr_path_webserver
    acl rvm_APACHE url_regex -i apache.domain.tld
    cache_peer_access rvp_APACHE allow rvm_APACHE
    never_direct allow rvm_APACHE
    http_access allow rvm_APACHE

    What happens when I connect is:
    I type apache.domain.tld and get a HTTP connection to the root folder of the webserver. It doesn't redirect to the subdirectory and doesnt secure the public part of the connection.

    If I add HTTP in the Squid Redirect Mappings i get redirected to the right subdirectory and to the https URL. but it just jumps back to http and doesnt secure the public part either.

    I think theres some major flaw in my configuration. Maybe something with the regex?

    Thanks in advance

Log in to reply