Squid Web Cache wiki

Squid Web Cache documentation

🔗 Reverse Proxy with HTTPS Virtual Host Support

🔗 Usage

This configuration example documents how to configure a Squid proxy to receive HTTPS traffic for multiple domains when it is acting as a “reverse-proxy” (aka CDN frontend or gateway proxy).

This configuration is for Squid-4 and newer which have been built with GnuTLS support. Older Squid versions and Squid built with OpenSSL support cannot be configured this way.

🔗 Squid Configuration

https_port 443 accel defaultsite=example.net \
    tls-cert=/etc/squid/tls/example.net.pem \
    tls-cert=/etc/squid/tls/example.com.pem \
    tls-cert=/etc/squid/tls/example.org.pem

Next, you need to tell Squid where to find the real web server:

cache_peer backend.webserver.ip.or.dnsname parent 80 0 no-query originserver name=myAccel

And finally you need to set up access controls to allow access to your site without pushing other web requests to your web server.

acl our_sites dstdomain your.main.website.name
http_access allow our_sites
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all

You should now be able to start Squid and it will serve requests as a HTTP server.

🔗 Testing and Live

Testing of reverse-proxies should be done with Squid configured properly as it would be used in production. But the public DNS setting not pointing at it. The /etc/hosts file of a test machine can be altered to send test requests to the squid IP instead of the live webserver.

When that testing works, public DNS can be updated to send public requests to the Squid proxy instead of the master web server and Acceleration will begin immediately.


⚠️ Disclaimer: Any example presented here is provided "as-is" with no support
or guarantee of suitability. If you have any further questions about
these examples please email the squid-users mailing list.

Categories: ConfigExample

Navigation: Site Search, Site Pages, Categories, 🔼 go up