Squid Reverse Proxy SSL


#1

Hi to all.

I have three web servers running in different machines. All them are in the same domain.

Im using another pc, with squid as reverse proxy. (in the same domain).

I want to know if it is possible to use let’s encrypt, so the people that access the webs, have no need to accept a not valid certificate.

Thanks to all.

pd.:i dont speak english.


#2

What language do you speak? We have a few multilingual people here.

This sounds possible, yes. I don’t know anything about Squid, but reverse proxying is a common setup that many people have used Let’s Encrypt with.


#3

Hello.
I speak spanish…

And somebody can give me a hand with this??

Thanks


#4

@schoen I think you speak Spanish as well?


#5

Sí, soy hablante no nativo, y @sahsanu es hablante nativo. Tal vez él puede ayudar también.


#6

Hola @schoen,

Desafortunadamente el problema no es el idioma, el problema es que jamás he usado Squid así que no tengo ni idea de si se puede hacer lo que @9acca9 quiere :frowning:

Siento no poder ser de ayuda con este tema.

Un saludo,
sahsanu


#7

[I won’t embarass myself or my colleagues on the forum by attempting to translate this. Lo siento.]

An example squid.conf that forwards challenges to certbot in standalone mode would look like this. Of course, the OP should already have the origin cache_peer defined.

acl challenge urlpath_regex ^/.well-known/acme-challenge

cache_peer ORIGIN_SERVER parent 80 0 no-query originserver name=origin
cache_peer_access origin deny challenge

cache_peer 127.0.0.1 parent 5555 0 no-query originserver name=certbot
cache_peer_access certbot allow challenge
cache_peer_access certbot deny all

With that you can reload squid and get a certificate:

certbot --standalone --preferred-challenges http --http-01-port 5555 --deploy-hook 'systemctl reload squid' --d yourdomain.com,www.yourdomain.com

And then configure said certificate:

https_port 443 cert=/etc/letsencrypt/live/yourdomain.com/fullchain.pem key=/etc/letsencrypt/live/yourdomain.com/privkey.pem accel defaultsite=yourdomain.com vhost

#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.