Installation guide
#
# SSL configuration
#
# Ensure you enter each configuration directive on a single line
acl is_ssl port 443
https_port 443 cert=/etc/pki/tls/certs/lb.crt
key=/etc/pki/tls/certs/lb.key accel vhost name=proxy_ssl
cache_peer proxya.example.com parent 443 0 no-query originserver
round-robin ssl name=proxya.example.com
sslcafile=/etc/pki/tls/certs/squid-ca.crt
cache_peer proxyb.example.com parent 443 0 no-query originserver
round-robin ssl name=proxyb.example.com
sslcafile=/etc/pki/tls/certs/squid-ca.crt
cache_peer_access proxya.example.com allow is_ssl
cache_peer_access proxya.example.com deny !is_ssl
cache_peer_access proxyb.example.com allow is_ssl
cache_peer_access proxyb.example.com deny !is_ssl
#
# Non-SSL configuration
#
# Ensure you enter each configuration directive on a single line
acl nonssl port 80
http_port 80 accel name=proxy_nonssl defaultsite=dhcp16.example.com
cache_peer 192.168.100.16 parent 80 0 no-query name=proxy_nonssl
originserver
cache_peer_access proxy_nonssl allow nonssl
cache_peer_access proxy_nonssl deny !nonssl
sslpassword_program /bin/password.out
forwarded_for on
The previous example demonstrates setting up two reverse proxies. Port 443 has two proxies that are
used in round-robin mode. Requests are shared equally between the two proxies. The server. crt
and server. key files were renamed to lb. crt and lb. key respectively (short for load balancer)
for easier identification. The Satellite CA certificate was renamed to sq ui d -ca. crt; the cache_peer
ssl cafi l e option refers to this file.
Add the certificates to the sq ui d group:
# chgrp squid /etc/pki/tls/certs/{lb.crt,lb.key,squid-ca.crt}
The file details should appear as follows:
Red Hat Sat ellit e 5.7 Proxy In st allat ion G uide
26