We help IT Professionals succeed at work.

Squid reverse proxy https

maihyvu2
maihyvu2 asked
on
The design is
Client => HTTPs(8443) => SQUID reverse proxy => HTTP(9090) => webserver.

Squid configuration:
=====
acl SSL_ports port 8443
acl Safe_ports port 8443
https_port 8443 cert=/usr/CertAuth/testcert.cert key=/usr/CertAuth/testkey.pem defaultsite=sus1.boeinglabnet.net vhost
cache_peer 10.39.151.12 parent 9090 0 no-query no-digest originserver login=PASS front-end-https=on name=sus1.boeinglabnet.net
======

Now for the crux of the problem on HTTPS  
Client sends a "HTTPS POST" request to SQUID.  SQUID forwards the POST (in HTTP) request to Bugzilla (10.39.151.12:9090).  Bugzilla returns a new "Location" in the Header with an absolute URL:
http://10.39.151.12:9090/buglist.cgi?priority=P2%20%28ASAP%29&query_format=advanced&order=Importance&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED

SQUID proxy resoved it (it is missing the https)
http://10.39.151.161.8443/buglist.cgi?priority=P2%20%28ASAP%29&query_format=advanced&order=Importance&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED

I am really stump on this.  Would need expert help.
Comment
Watch Question

Distinguished Expert 2017

Commented:
depending on whether this behavior can be within bugzilla or you may need to setup a apache on the proxy and have it handle the data exchange with the 10.39.151.12.

The other alternative is have the proxy rewrite URLS returned from the webserver or configure a local apache to handle/forward the processing of requests and URL rewrites.
http://www.mail-archive.com/squid-users@squid-cache.org/msg54898.html

Author

Commented:
Unfortunately the Apache version that I have is old and does not support Header rewrite.  Please suggest a SQUID solution. Thanks.
Distinguished Expert 2017
Commented:
You could use squid to call an external script to perform the rewrites. but you have to be careful with that.

Author

Commented:
I no longer have the requirements for https.