Squid Reverse Proxy SSL

9acca9 · August 16, 2018, 3:49pm

Hi to all.

I have three web servers running in different machines. All them are in the same domain.

Im using another pc, with squid as reverse proxy. (in the same domain).

I want to know if it is possible to use let’s encrypt, so the people that access the webs, have no need to accept a not valid certificate.

Thanks to all.

pd.:i dont speak english.

jared.m · August 16, 2018, 5:15pm

What language do you speak? We have a few multilingual people here.

This sounds possible, yes. I don’t know anything about Squid, but reverse proxying is a common setup that many people have used Let’s Encrypt with.

9acca9 · August 23, 2018, 1:10pm

Hello.
I speak spanish…

And somebody can give me a hand with this??

Thanks

jared.m · August 23, 2018, 2:51pm

@schoen I think you speak Spanish as well?

schoen · August 23, 2018, 5:08pm

Sí, soy hablante no nativo, y @sahsanu es hablante nativo. Tal vez él puede ayudar también.

sahsanu · August 23, 2018, 5:58pm

Hola @schoen,

Desafortunadamente el problema no es el idioma, el problema es que jamás he usado Squid así que no tengo ni idea de si se puede hacer lo que @9acca9 quiere

Siento no poder ser de ayuda con este tema.

Un saludo,
sahsanu

Patches · August 24, 2018, 1:45am

[I won’t embarass myself or my colleagues on the forum by attempting to translate this. Lo siento.]

An example squid.conf that forwards challenges to certbot in standalone mode would look like this. Of course, the OP should already have the origin cache_peer defined.

acl challenge urlpath_regex ^/.well-known/acme-challenge

cache_peer ORIGIN_SERVER parent 80 0 no-query originserver name=origin
cache_peer_access origin deny challenge

cache_peer 127.0.0.1 parent 5555 0 no-query originserver name=certbot
cache_peer_access certbot allow challenge
cache_peer_access certbot deny all

With that you can reload squid and get a certificate:

certbot --standalone --preferred-challenges http --http-01-port 5555 --deploy-hook 'systemctl reload squid' --d yourdomain.com,www.yourdomain.com

And then configure said certificate:

https_port 443 cert=/etc/letsencrypt/live/yourdomain.com/fullchain.pem key=/etc/letsencrypt/live/yourdomain.com/privkey.pem accel defaultsite=yourdomain.com vhost

system · September 23, 2018, 1:45am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Letsencrypt Certificate with Squid3 Proxy on Debian?	2	4180	August 16, 2016
Letsencrypt noob.. Apache reverse proxy + SSL on backend Help	3	7959	August 22, 2018
Lets Encrypt and reverse proxy Help	5	1398	May 3, 2018
Let's Encrypt certificate for client to Squid proxy encryption Help	11	3072	November 23, 2023
Let's Encrypt Installations Help	15	930	October 6, 2021

Squid Reverse Proxy SSL

Related topics