squid 2.7配置HTTPS代理问题


有这么一个需求,需要对一个HTTPS协议的原站,配置squid HTTPS缓存代理。即客户发送HTTPS请求至squid,squid再通过HTTPS访问原站进行回源,最终缓存。(squid版本:2.7)

将原站的crt和key放置在squid服务器,在squid.conf中添加如下配置:


 https_port 443 cert=/xxx/xxx.crt key=/xxx/xxx.key defaultsite=www.xxx.com

但是一直无法成功,方式curl访问得到如下错误:


 curl -svo /dev/null -k -x 127.0.0.1:443 https://www.xxx.com/xxx.css
* About to connect() to proxy 127.0.0.1 port 443 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* Establish HTTP proxy tunnel to www.xxx.com:443
> CONNECT www.xxx.com:443 HTTP/1.1
> Host: www.xxx.com:443
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
> 
* Recv failure: Connection reset by peer
* Received HTTP code 0 from proxy after CONNECT
* Connection #0 to host 127.0.0.1 left intact

cache.log中的错误信息为:


 2015/07/06 09:03:03| clientNegotiateSSL: Error negotiating SSL connection on FD 20: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1)
2015/07/06 09:03:03| SSL fd 20 read error error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request (-1/1)

请问大家,是有哪些地方配置的不对吗?

之前参考的感觉比较靠谱的资料:

squid ssl https

蕾米莉亚丶 10 years, 4 months ago

Your Answer