On Sat, Jan 8, 2011 at 8:40 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 29/12/10 15:45, Colin Coe wrote:
>>
>> Hi all
>>
>> I'm currently redesigning an environment I've inherited. The
>> environment consists of two main sites with limited replication. Each
>> site is effectively a replica of the other.
>>
>> The environment was built with four proxy servers at each site (so
>> eight in total) with 2 being forwarding proxies and two being reverse
>> proxies. I'd like to consolidate these into either a single proxy or
>> a HA cluster of two proxies at each site, I'm still deciding. The
>> current platform is RHEL5 (squid 2.6), the new platform will likely be
>> RHEL6 (squid 3.1.4).
>>
>> My squid fu is weak and as both reverse proxies have
>>
>> https_port 80 defaultsite=server1.company.com
>> key=/etc/ssl/server1.company.com.key
>> cert=/etc/ssl/server1.company.com.crt protocol=http
>> https_port 443 defaultsite=server1.company.com
>> key=/etc/ssl/server1.company.com.key
>> cert=/etc/ssl/server1.company.com.crt protocol=https
>>
>> and
>>
>> http_port 80 defaultsite=server2.company.com
>> https_port 443 defaultsite=server2.company.com
>> key=/etc/ssl/server2.company.com.key
>> cert=/etc/ssl/server2.company.com.crt protocol=http
>>
>> I've no idea if the consolidation is possible or not.
>>
>> I've searched the archive and googled but not seen anything to tell me
>> if I can do this.
>>
>> Any ideas?
>
> At a minimum add the "accel vhost" options to those http_port and check the
> rest of the config logics are based on dstdomain.
> http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting
>
> Whether they are combinable after that will depend on the client software
> visitig. If they are HTTP/1.1 compliant enough to send Host: header you can
> (most do).
>
> The forward-proxy can be merged in easily (with squid-2.6 or later) as long
> as care is taken to place the forward-proxy config later in the config file
> than the reverse-proxy config. The difference may be that the forward proxy
> traffic reduces the caching efficiency overall which the reverse-proxy sees.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.10
> Beta testers wanted for 3.2.0.4
>
I won't be in a position to start testing for at least a few weeks but
could you clarify if the 'vhost' setting is still required for the
reverse proxying even if the two sites to be reverse proxied are on
physically different hosts?
Thanks
CC
-- RHCE#805007969328369Received on Mon Jan 10 2011 - 23:27:26 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 11 2011 - 12:00:04 MST