On Mon, 19 Jul 2004, Chris Perreault wrote:
>> With the below setup, I can use squid (on the test box) and hit 3 back
>> end webservers in ssl mode, after being ldap auth'd, by basically
>> going to website.com/site1, website.com/site2, and website.com/site3
>> with the 3 sites being 3 different webservers. Each site needs the
>> webpages to all reside within the URI (site1, site2, site3) and to the
>> client it just looks like one big site ie: website.com/extranet,
>> website.com/intranet, website.com/hr_functions, etc. Easy for the user
>> and we only need one SSL cert too.
Henrik Wrote:
>Why do you use a redirector in this setup? None is needed. Just use
>cache_peer_access to select which server to forward the request to.
>You only need a redirector if you need to rewrite the URI while it is
>forwarded to the backend server, not for selecting which backend server to
>use.
>Regards
>Henrik
First...Thanks for taking the time to reply to this and all the other
messages you've gone through today. It is greatly appreciated.
Someone here came up with this idea:
Wherever the worker is at: at their desk or an internet connected pc
(airport kiosk, laptop while traveling, at home, etc), they should be able
to access the same web based services that they can access sitting at their
desk, and in the same manner. Inside.mywebsite.com is the address. While at
work, internal DNS sends you to the internal reverse proxy. While outside of
work the public DNS sends you to the external reverse proxy. Multiple
webservers mean making it appear like one virtual server would be easier to
manage. The ldapuser name gets passed down through the header, and is used
against a profile database that serves up content on a home brewed web
portal. Each of these webservers may have links to the others, but the links
need to be recognized by users (on the internet) accessing the various
webservers (on the private network).
Client types inside.mysite.com/intranet and it hits the accelerated proxy
server which passes it to inside.realserver.com/intranet (or just the ip
address 10.x.y.23/intranet)
Cache_peer_access is where we started at, but then moved to the redirector.
Could you possibly give an example for 3 sites?
Ie: the user types in:
mysite.com/intranet and ends up at 10.x.y.1/intranet
mysite.com/extranet and ends up at 10.x.y.2/extranet
mysite.com/sales and ends up at 10.x.y.3/sales
Links on 10.x.y.3 (mysite.com/intranet) need to reach 10.x.y.1/intranet. We
used the URI's so we'd know which server to get to.
Could it be as simple as:
acl i2_host dst mysite.com/intranet
cache_peer_access 10.y.x.11 allow i2_host
cache_peer_access 10.y.x.11 deny all
acl extranet dst mysite.com/extranet
cache_peer_access 10.y.x.22 allow extranet
cache_peer_access 10.y.x.22 deny all
Thanks again,
Chris
Received on Mon Jul 19 2004 - 14:49:35 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT