# help please: squid reverse proxy

## JonW

I'm trying to do a (fairly) simple reverse proxy using squid. I've been through the configuration examples, but can't get it to work. I'd be grateful for any hints.

 I'm trying to present three sites to the web: a standard HTTP server on port 80, and then two SSL sites on port 443 (using a wildcard certificate.) One of the parents is also SSL on port 443, while the other is SSL on port 7071. The first two work, but the latter doesn't. I get this error when I try to connect:-

```
ERROR

The requested URL could not be retrieved

The following error was encountered while trying to retrieve the URL: https://zimbra-admin.mydomain.com/

Connection to [private IP address removed] failed.

The system returned: (71) Protocol error

The remote host or network may be down. Please try the request again.

Your cache administrator is root.
```

Here's my config - it's a little messed up as I've been trying combinations of the various examples on the squid wiki:-

```

visible_hostname services.mydomain.com

http_port 80 accel defaultsite=www.mydomain.com 

https_port 443 cert=/etc/ssl/cacert.cert  key=/etc/ssl/privkey.pem defaultsite=www.mydomain.com vhost

cache_peer server.mydomain.com parent 80 0 no-query originserver name=SERVER

acl ACL_SERVER dstdomain www.mydomain.com mydomain.com 

cache_peer_access SERVER allow ACL_SERVER

http_access allow ACL_SERVER

cache_peer mail.mydomain.com parent 443 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=ZIMBRA

acl ACL_ZIMBRA dstdomain zimbra.mydomain.com mail.mydomain.com

cache_peer_access ZIMBRA allow ACL_ZIMBRA

cache_peer_access ZIMBRA deny all 

http_access allow ACL_ZIMBRA

cache_peer mail.mydomain.com parent 7071 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=ZIMBRA-ADMIN 

acl ACL_ZIMBRA_ADMIN dstdomain zimbra-admin.mydomain.com 

cache_peer_access ZIMBRA-ADMIN allow ACL_ZIMBRA_ADMIN

http_access allow ACL_ZIMBRA_ADMIN

http_access deny all
```

The cache peer names resolve to internal private addresses. I've obviously replaced the domain names and IP addresses for the purposes of this forum.

Again, grateful for any help.

Cheers,

Jon

----------

