On Tue, 24 Aug 2004, André Füchsel wrote:
> Internet -> FW -> squid (192.168.200.12:80) -> FW -> JBoss (10.0.10.102:8100)
This (different ports) can only be done if your web server (JBoss) support
running on another port than it announces in URLs generated by the
software running on your web server, or if your server software never ever
generates absolute URLs either directly in HTML or indirectly as part of
redirects (30X responses).
> http_accel_host 10.0.10.102
This should be your public domain name for the site.
For Squid to find the correct IP the server name should be placed in
/etc/hosts.
> http_accel_port 8100
This requires the use of a web server running on a different port than
what is advertised to the clients, or very careful use of the server. Most
servers do not support this.
> http_accel_single_host on
> http_accel_uses_host_header on
The last you should only enable if you need to accelerate multiple
domains. For a single-host setup it is best left off.
> Now I have read, that I should use port 80 for the internal web server (which
> I don't want) or use a redirector (which I don't understand; is there any
> explanation about this?).
Forget about the redirector. It is not related to your problem.
> Also it has been said earlier in this forum that I should use
> "http_accel_uses_host_header off". Why? As you can see on my previous
> posting, this does not work either.
This is because it is not related to your problem.
> Finally, can you give me a clue how to set up the acl's? Is it bad by just
> using "http_access allow all" since I want everybody from the net to connect
> to this accelerating server?
The acls of a reverse proxy should be set up to limit what sites may be
visited via the accelerator, pretty much in the same manner as a normal
proxy should be set up to limit what client IPs may access the proxy..
See dst / dstdomain acls.
Regards
Henrik
Received on Tue Aug 24 2004 - 15:16:52 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT