Re: [squid-users] Need some advice on configuration

From: Michael Pye <michael@dont-contact.us>
Date: Fri, 27 Jan 2006 11:48:21 +0000

On Thu, Jan 26, 2006 at 02:03:44PM -0800, Jeremy Utley wrote:
> Greetings to the list!
>
> I'm very new to Squid configuration, and have been trying to research
> how to do this, but have ended up running in circles, so I'm coming to
> the list with this - hopefully someone out there has done something
> similar before, and can point me into the right direction, or perhaps

We have a very similar setup to what you describe. Squid acting
as a reverse proxy or http accelerator.

We use regular dns on the squid servers but setup an /etc/hosts file
to direct squid to the backend origin web servers for each vhost. We also
use a software load balancer as we have multiple backend servers that each
vhost can be served from. (http://www.inlab.de/balance) You could also
use a redirector.

Using name based vhosts is fine as long as you set:
httpd_accel_uses_host_header on

To prevent proxying for sites other than your own you use a dst acl, ie:
acl ourips dst 127.0.0.0/8
http_access deny !ourips
http_access allow ourips

where ourips lists the ips of your backend servers or where your
balance/redirector is.

Squid 3 has an extra feature of directing requests to your origin servers
using the cache_peer origin directive but this is not advisable to put
into production yet. Theres no need for balance or a redirector if you
only have one web server per vhost.

Squid is very flexible as a reverse proxy. The only issue you may have
is using wildcard domains, as you cannot do this in /etc/hosts.

--
Michael
Received on Fri Jan 27 2006 - 04:48:23 MST

This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST