We have a service running internally that needs to upload files to S3 and all outgoing traffic currently routes through a Squid server I manage. The service that sends the files only supports HTTP but we want them encrypted when going from the proxy to S3. It appears that Squid cannot do this natively, so I'm attempting to set up Apache 2.2 on port 80 on the same Ubuntu server to transparently rewrite the URL from http to https and then proxy it through Squid on 3128. I just haven't been able to figure out the right Apache configuration for this. I think it should be something like this (assume local IP is 10.1.2.3):
<VirtualHost 10.1.2.3>
ServerName 10.1.2.3
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_NAME} /\.s3-.*amazonaws\.com/
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
ProxyRequests on
<Proxy *>
Order deny,allow
Deny from all
Allow from 10.0.0.0/8 # for example
</Proxy>
# now need to send rewritten https request through squid at 10.1.2.3:3128
</VirtualHost>
It's that last comment that I haven't been able to figure out. Any suggestions?
Best Answer
Don't use Rewrite for this, use a simple proxy. It seems you need something described here.