On Thu, Mar 9, 2017 at 1:41 PM, Amos Jeffries <squ...@treenet.co.nz> wrote:
> On 6/03/2017 11:21 p.m., sothy shan wrote: > > Hi, > > > > I can give precise what I am doing on this part.See the previous mail > below > > for my exact requirement. > > > > //create the keys. > > > > $openssl req -new -keyout key.pem -nodes -x509 -days 365 -out cert.pem > > > > Both keys(cert.pem and key.pem) are places in /etc/squid/. > > > > Then, I make following in squid. > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > https_port 192.168.1.69:443 cert=/etc/squid/cert.pem > key=/etc/squid/key.pem > > The "accel" mode flag s missing. > > It is that alone which makes squid a reverse-proxy. The rest of the > config details are 'agnostic' to the proxy type/mode. > Yes. I made it like that. It worked! > > > > cache_peer X.Y.Z.Z parent 443 0 no-query originserver > > > > > > http_access allow all > > ++++++++++++++++++++++++++++++++++++++++++++++ > > > > When I type in browser like this https://192.168.1.69 > > Thats okay for a first test, but you should use a domain as soon as > possible so all the domain related validations have a chance to be tested. > There are cert domain and SNI validations happening at the TLS/SSL > level, and there should also be dstdomain ACLs in squid.conf to ensure > only the wanted domains traffic gets handled by the proxy. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
