> > https_port 443 cert=/usr/local/etc/apache/ssl.crt/server.crt
> > key=/usr/local/etc/apache/ssl.key/server.key accel
> > defaultsite=my.virtualhost.com protocol=http.
>
> Looks fine.
Except it didn't do what I wanted it to do.
>
> > This appears to rewrite everything to http://my.virtualhost.com on
> > its own and does not ever get to the redirect_program instead
> > showing up as an http:// request at my.virtualhost.com on port 443.
>
> Why are you using a redirect program?
Because I actually want to rewrite https://www.abc.com.at.example.com/ to
http://www.abc.com which may be an actual or virtual domain.
>
> The requests should not get forwarded at all unless you for some
> reason forces these direct, and if they are they should end up as
> http://my.virtualhost.com/ (port 80).
>
> There was some minor issues in how Squid-3 handled this some weeks
> ago
> (sometimes getting the port number incorrect on accelerated requests)
> but it should work fine now.
OK, I installed squid-3.0-PRE3 which seems to have that problem solved.
>
> > Can Apache3 be configured as an accelerator rewriting https://
> > requests to http:// name-based virtual domains? How do I get the
> > request to the redirect_program?
>
> This is a Squid list, not an Apache list.
Sorry, I knew that. Just a slip as I am using the Apache SSL keys and
certificates.
>
> If I understand you correctly you want Squid to accept https request
> and forward them to a http server of your choice? If this is the
> case then use something like this:
>
> https_port 443 cert=... key=... accel defaultside=...
> (don't use protocol=)
Interesting, neither accel nor vhost are listed as https_port options and
given the note I thought it was automatic. I am now using vhost with no
defaultsite=... and it seems to work OK for both rewrites and cache_peer
methods.
>
> cache_peer your.http.server parent 80 0 no-query originserver
>
> acl my dstdomain my.virtualhost.com
> cache_peer_access your.http.server allow my
OK, I understand this - sort of. I would usually do:
cache_peer 1.1.1.1 parent 80 0 no-query originserver name=www.example.com
acl my dstdomain www.abc.com.at.example.com
cache_peer_access www.example.com allow my
Are both methods OK or just yours?
>
> If the domain name requested by the browser is different compared to
> the domain name expected by the http server then you have three
> options:
>
> a) Set the defaultsite= to the domain name expected by the web server
> (not recommended.. this should be set to the externally visible
> domain name)
OK, understood.
>
> b) Use a redirector to rewrite the URL while forwarded by Squid
> (this will modify the cache_peer_access requirements accordingly).
OK, I think I can make this work. I have already done so except with
always_direct instead of cache_peer_access.
>
> c) Use the forcedomain= cache_peer option.
OK, understood
One final (ho ho ho :} question: When I rewrite https://accel.com to
http://origin.com and use always_direct allow http://origin.com the browser
(IE6) pops up the message that both secure and non-secure items are going to
be displayed. Any way 'round this?
Received on Sun Sep 07 2003 - 09:02:15 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:34 MST