squid 2.7配置HTTPS代理问题
有这么一个需求,需要对一个HTTPS协议的原站,配置squid HTTPS缓存代理。即客户发送HTTPS请求至squid,squid再通过HTTPS访问原站进行回源,最终缓存。(squid版本:2.7)
将原站的crt和key放置在squid服务器,在squid.conf中添加如下配置:
https_port 443 cert=/xxx/xxx.crt key=/xxx/xxx.key defaultsite=www.xxx.com
但是一直无法成功,方式curl访问得到如下错误:
curl -svo /dev/null -k -x 127.0.0.1:443 https://www.xxx.com/xxx.css
* About to connect() to proxy 127.0.0.1 port 443 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* Establish HTTP proxy tunnel to www.xxx.com:443
> CONNECT www.xxx.com:443 HTTP/1.1
> Host: www.xxx.com:443
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
* Recv failure: Connection reset by peer
* Received HTTP code 0 from proxy after CONNECT
* Connection #0 to host 127.0.0.1 left intact
cache.log中的错误信息为:
2015/07/06 09:03:03| clientNegotiateSSL: Error negotiating SSL connection on FD 20: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1)
2015/07/06 09:03:03| SSL fd 20 read error error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request (-1/1)
请问大家,是有哪些地方配置的不对吗?
之前参考的感觉比较靠谱的资料:
蕾米莉亚丶
10 years, 2 months ago
