ons 2007-06-06 klockan 11:14 -0500 skrev Jason Hitt: > Thinking maybe I hosted up my squid.conf anf want a config that should > work for reverse proxy using ssl.
https_port public.ip:443 cert=/path/cert.pem defaultsite=your.public.website.name cache_peer ip.of.websever parent 443 0 no-query originserver ssl if the peer is using a self-signed certificate or one issued by a CA not in your default list of trusted CAs then you also need the sslcafile= option or sslflags=DONT_VERIFY_PEER (sslflags not recommended, opens for an man-in-the-middle attack on the encryption). For a self-signed certificate use the server certificate as a CA, for a otherwise untrusted CA use the CA root certificate. If your Squid has digest or icmp support enabled then you also want the no-digest and no-netdb-exchange options. Will work fine without them, but you might be a little annoyed by automated HTTP requests from Squid.. Regards Henrik
signature.asc
Description: Detta är en digitalt signerad meddelandedel
