Re: [squid-users] R: Re: [squid-users] Reverse proxy problem

From: Amos Jeffries <squid3@dont-contact.us>
Date: Sun, 04 May 2008 03:04:11 +1200

Gianfranco Varone [TIN] wrote:
> Cool, it works!!!!
>
> Now Squid 2.6 stable 20 (on windows, thank you
> Guido) runs really good.
>
> Thanks thanks thanks!!!
>
> Another question...
> with squid i have to deliver 3 services:
> 1. proxy on port 8080 (it
> works);
> 2. reverse proxy on port 10000 (and NOW it works);
> But...if i
> want to (third service) reverse another port on the same server?
>
> Schema (always the same):
> MOBILE USER -> internet -> Squid(DMZ) -> FW -
>> Mail(LAN)
> but...now services answers on port 8642
>
> if i insert
> http_port ipSquid:8642 accel vhost defaultsite=fqdnMailDomain:8642 ->
> OK
>
> but
> cache_peer ipMail 8642 0 no-query originserver -> Fail! (double
> cache_peer on the same server)

cache_peer ipMail parent 10000 ... name=mail
cache_peer ipMail parent 8642 ... name=mobile

.. also need to change cache_peer_access from refering to ipMail to
refer to mail or mobile instead.

for example:

  never_direct allow fqdnMailDomain
  http_access allow fqdnMailDomain

  cache_peer_access mail allow fqdnMailDomain
  cache_peer_access mail deny all

  cache_peer_access mobile allow fqdnMailDomain
  cache_peer_access mobile deny all

Amos

>
> Thanks in advance/GfV
> ----Messaggio
> originale----
> Da: squid3@treenet.co.nz
> Data: 2-mag-2008 1.50 PM
> A:
> "Gianfranco Varone [TIN]"<gfvarone@tin.it>
> Cc: <squid-users@squid-cache.
> org>
> Ogg: Re: [squid-users] Reverse proxy problem
>
> Gianfranco Varone
> [TIN] wrote:
>> Hi to all,
>> firstable sorry for my english!!
>>
>> I'm
> trying to configure
>> reverse proxy with Squid version 2.6, to permit
> users to connect to
>> our mail server
>>
>> Schema as follow:
>> USER -
>> internet -> Squid(DMZ) -> FW
>> -> Mail(LAN)
>> Squid AND Mail answer
> on tcp port 10000
>> Squid.conf:
>> http_port ipSquid:10000
> vhost=ipMail:10000 vport=10000 accel
>
> http_port ipSquid:10000 accel
> vhost defaultsite=fqdnMailDomain:10000
>
>> cache_peer ipMail 10000 0 no-
> query originserver
>> acl MailServer ipMail/32
>
> acl MailServer dstdomain
> fqdnMailDomain
>
>> always_direct deny all !MailServer
>
> No. Instead:
>
> never_direct allow fqdnMailDomain
> http_access allow fqdnMailDomain
> cache_peer_access ipMail allow fqdnMailDomain
> cache_peer_access deny
> all
>
>> So, if i try to connect to http:
>> //ipProxy:10000/ i get the
> login page, but every request automatically
>> redirect to http:
> //ipMail:10000 and i obviously get errors!
>
> Prefer FQDN for public
> mail.
> Point FQDN for mail at ipSquid so clients can get to proxy.
>
> NP:
> no need for squid to listen on 10000, it can be anything. The
> clients
> never know the private link to mail and mail only knows squid is
> connecting correctly.
>
>> Using
>> squid 2.5 instead it works
> perfectly!
>> Squid 2.5 conf:
>> http_port 10000
>> httpd_accel_host
> 192.168.0.8
>> httpd_accel_port 10000
>> httpd_accel_single_host on
>>
> httpd_accel_uses_host_header on
>> httpd_accel_with_proxy on
>>
>> Where
> i'm in wrong???
>> Cheers/GfV
>
> Amos

-- 
Please use Squid 2.6.STABLE20 or 3.0.STABLE5
Received on Sat May 03 2008 - 15:03:27 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:02 MDT