Re: [squid-users] Reverse Proxy + Multiple Webservers woes

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 8 Apr 2009 14:41:45 +1200 (NZST)

> Karol Maginnis wrote:
>> Hello,
>>
>> I am new to squid but not new to reverse proxies. I am trying to
>> implement a proxy that would work like this:
>>
>> www.example.com -> server 1
>> example.com -> server 1
>> dev.example.com -> server 2
>>
>> I have read the wiki here:
>> wiki.squid-cache.org/SquidFaq/ReverseProxy
>>
>> But I cant get it to work and I am about to pull my hair out.
>>
>> My squid.conf looks like:
>> --------
>> http_port 80 accel defaultsite=example.com
>> cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2
>> cache_peer_domain server_2 dev.example.com
>> cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1
>> cache_peer_domain server_1 example.com
>> --------
>>
>> This gives me a big fat: "Access Denied"
>>
>> So I added this to my squid.conf:
>> -------
>> acl our_sites dstdomain example.com dev.example.com
>> http_access allow our_sites
>> -------
>>
>> This clears the "Access Denied" however now all traffic goes to
>> "server_1" (the .115 addy).
>>
>> I have tried all sorts of cute ACLs included but not limited to
>> delcaring ACSs for server_1 and server_2 respectively and allowing
>> access to server_1 from server_1 sites and denying server_2 sites and
>> vice versa. However this just gives me an "Access Denied" for all sites.
>>
>> I have also tired every example found on this issue in the Wiki. I feel
>> like the Wiki is leaving out a key config line that is causing this not
>> to work, but I could be wrong.
>>
>> I am runnig squid:
>> Squid Cache: Version 2.7.STABLE6
>> configure options: '--disable-internal-dns'
>>
>> I hate sending such a simple question to a mailing list but I have read
>> the squid wiki so much that I almost have it memorized as far as the
>> ReverseProxy pages are concerned.
>>
>
> I'm too new with squid to help others but I have to say that I spent 2
> weeks on the very same issue. Squid 2.6 has its options which are
> different from the 2.7 series and the big difference comes with the 3.x
> series.
>
> If it helps I solved my issue with the code bellow (Squid 3.0.STABLE7)
> but I'm pretty sure this won't work in 2.7 ;)

That (below) should work in all squid 2.6 or later.

>
> ------------------ cut --------------
> cache_peer 192.168.1.115 parent 80 0 no-query no-digest originserver
> name=iis
> acl sites_iis dstdomain example.net
> cache_peer_access iis allow sites_iis
> http_access allow sites_iis
>
> --------------- end cut --------------
>
> Maybe it's just me but something doesn't feel right in the above code
> but it works and for the moment I'm all too tired with this squid
> thingie...
>

Amos
Received on Wed Apr 08 2009 - 01:41:46 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 08 2009 - 12:00:02 MDT