0

We have a service running internally that needs to upload files to S3 and all outgoing traffic currently routes through a Squid server I manage. The service that sends the files only supports HTTP but we want them encrypted when going from the proxy to S3. It appears that Squid cannot do this natively, so I'm attempting to set up Apache 2.2 on port 80 on the same Ubuntu server to transparently rewrite the URL from http to https and then proxy it through Squid on 3128. I just haven't been able to figure out the right Apache configuration for this. I think it should be something like this (assume local IP is 10.1.2.3):

<VirtualHost 10.1.2.3> ServerName 10.1.2.3 RewriteEngine on RewriteCond %{HTTPS} !=on RewriteCond %{SERVER_NAME} /\.s3-.*amazonaws\.com/ RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] ProxyRequests on <Proxy *> Order deny,allow Deny from all Allow from 10.0.0.0/8 # for example </Proxy> # now need to send rewritten https request through squid at 10.1.2.3:3128 </VirtualHost> 

It's that last comment that I haven't been able to figure out. Any suggestions?

1
  • I'm pointing out the obvious but usually people script tasks like this so they can sanity/security check the files before uploading them. Commented Feb 22, 2023 at 23:13

2 Answers 2

0

Don't use Rewrite for this, use a simple proxy. It seems you need something described here.

4
  • I may still be missing something but when I set the shell environment variables, e.g. http_proxy=10.1.2.3:80, and then curl a URL, e.g. curl www.google.com, all I see is the directory list response from Apache, i.e. it's not doing the forwarding to Squid as I would expect from the ProxyPass settings. Commented Jan 16, 2015 at 18:45
  • You probably won't need squid at all (and thus, you won't need the http_proxy variable to be set). If you set up Apache to do the proxying, and then point your upload service to the URL you configured, Apache should forward your request. Commented Feb 3, 2015 at 12:32
  • I don't think the Squid is needed any more, either, but even just with Apache, it seems to be ignoring any rewrite rules and just returning a directory index of the actual Apache server. Commented Feb 3, 2015 at 19:53
  • Rewrite rules? You don't need rewrite rules, you need a proxy. Have you checked the link I gave? Commented Feb 9, 2015 at 16:55
0

Even if you do need squid for some advanced proxy features, i would use nginx for the simplicity of redirection and http header handling. Nginx can also handle caching.

Try something like this in /etc/nginx/conf.d/mysite.conf

replace cache path and servicenames as needed.

proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { listen 80; server_name localhost 10.1.2.3; location / { proxy_cache my_cache; proxy_pass https://servicename.s3.amazonaws.com/; } } 

You must log in to answer this question.