1

On a Debian Machine Squid and Apache is running. HTTPs is enabled with Certbot (Lets Encrypt).

I have several Domains (Vhosts) and I am using one IP-Address for all Domains.

Apache is listening on Port 81 (HTTP) and 444 (HTTPS)

My squid.conf looks like this:

# Incoming Connections
http_port 80 accel
cache_peer localhost parent 81 0 no-query originserver
https_port 443 acceldefaultsite=yourwebserver vhost
cache_peer localhost parent 444 0 no-query originserver

# ACL
http_access allow all

# Allowed Ports
acl SSL_ports port 443          # https
acl Safe_ports port 80          # http
acl CONNECT method CONNECT

My Problem: Squid asks for Certificates to enable HTTPS when I start the service with the config above.

But for every Domain I use different Certificates. How can I force Squid just to redirect 443 to 444 localhost?

Gill-Bates
  • 585
  • 2
  • 8
  • 23

1 Answers1

1

Squid asks for Certificates to enable HTTPS

Thats the whole idea of HTTPS. You will definately need certificates to serve certificate-protected content. Otherwise you woudn't have a http-proxy and use use NAT or a TCP proxy instead (like nginx with UPSTREAM providers).

But for every Domain I use different Certificates.

That's the idea off SSL (TLS) and the reason why you can (read: you have to) configure different listeners with different properties. Or you use just TCP forwarding without terminatin (read: offloading) SSL.

In squid3 the vhost vonfiguration is done like this:

https_port serverone.com:443 cert=/etc/ssl/serverone.pem vhost
https_port servertwo.com:443 cert=/etc/ssl/servertwo.pem vhost

cache_peer lanserverone parent 80 0 name=lanserverone no-query originserver
cache_peer_domain lanserverone serverone.com

cache_peer lanservertwo parent 80 0 name=lanservertwono-query originserver
cache_peer_domain lanservertwo servertwo.com

How can I force Squid just to redirect 443 to 444 localhost

Shart anwer: You can not. Try nginx with upstream or do just NAT in your router(s).

bjoster
  • 4,805
  • 5
  • 25
  • 33