How would I set up a pair of squid proxies so that one uses the other as a parent and all traffic between them is encrypted using SSL? I've read the cache_peer documentation, but it's all very fuzzy to me which certs I need to create (and how), which server uses which cert, and so on. Is there a straightforward HOW-TO for this somewhere?
Just to be clear, I don't want to know how to setup squid to proxy https requests, or as a reverse proxy for a web server that uses https.
-
You don't specify the squid version, and the cache peer/parenting has changed a bit recently.
Under squid 2.7 the client side should look a little like:
cache_peer parent.fqdn parent SSL-PORT 0 ssl always_direct deny all never_direct allow allYou may want client certs if you want to authenticate both sides, however that requires building a CA and even a simple one is painful.
The server end there's more options.
Eddy : Building & managing a CA is dead simple with tinyca2: http://tinyca.sm-zone.net/LapTop006 : @Eddy I disagree, I've built several CA's, and it's not the actual CA maintenance work that's the issue, it's everything else around it.From LapTop006
0 comments:
Post a Comment