How to configure reverse proxy for HTTPS using squid.
Environment
- Red Hat Enterprise Linux
- squid
Issue
- How to setup squid for the following requirements.
- Reverse Proxy
- Squid uses private key and certificate, between the client and proxy server communicate HTTPS.
- Between proxy server and web server communicate HTTP.
Resolution
To perform the reverse proxy with HTTPS, add the following settings to squid.conf.
https_port <LISTEN PORT> vhost cert=<CERTIFICATE> key=<PRIVATE KEY>
cache_peer <TARGET IP ADDRESS> parent <DESTINATION PORT> 0 no-query originserver
For example, to <LISTEN PORT> 443, to <TARGET IP ADDRESS> is the IP address of a Web server, to <DESTINATION PORT> is 80, please specify. To <CERTIFICATE> and <PRIVATE KEY> are, provide a certificate file and private key file for the machine squid is running, specify these filepathes.
https_port 443 vhost cert=/etc/pki/tls/certs/server.crt key=/etc/pki/tls/certs/server.key
cache_peer 192.1.1.2 parent 80 0 no-query originserver
If private key is encrypted with RSA/DSA, it needs to decrypt key using by openssl command previously.
In case of RSA:
# mv server.key server.key.encrypt
# openssl rsa -in server.key.encrypt > server.key
In case of DSA:
# mv server.key server.key.encrypt
# openssl dsa -in server.key.encrypt > server.key
After setting, start squid service.
# service squid restart
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments