Discussion:
[squid-users] pass ssl through Squid reverse proxy
Дмитрий Лозицкий
2015-05-20 05:03:46 UTC
Permalink
Hello,

I have a requirement to setup a reverse proxy for a secure connection to a
server where tomcat is working.
Services on tomcat already have ssl setup, but as tomcat doesn't have
explicit certificate and a key file for ssl connection, I'd like to let the
https traffic from a client to pass through the reverse proxy directly to a
server and use encryption on a server instead of on reverse proxy.

Can anyone please give an idea if it possible to do?

Thank you for comments.

Dmitry.
Amos Jeffries
2015-05-20 10:41:02 UTC
Permalink
Post by Дмитрий Лозицкий
Hello,
I have a requirement to setup a reverse proxy for a secure connection to a
server where tomcat is working.
Services on tomcat already have ssl setup, but as tomcat doesn't have
explicit certificate and a key file for ssl connection, I'd like to let the
https traffic from a client to pass through the reverse proxy directly to a
server and use encryption on a server instead of on reverse proxy.
Can anyone please give an idea if it possible to do?
What you are asking for is not possible with Squid. But its also
unnecessary and very much *not* reverse-proxy.


What reverse-proxy Squid do is terminate the client TLS connection then
proxy the embeded HTTP request(s) to the backend server(s). Optionally
using TLS on the connections between Squid and the server (Tomcat).

Like so:
https_port 443 accel defaultdomain=example.com \
ssl cert=/path/to/example.com.pem

cache_peer tomcat.local 443 0 originserver ssl

... and the relevant TLS parameters. With DNS of course pointing at the
Squid instead of tomcat.

THe iwki config example
<http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate>
should have what you need.

Amos

Loading...