Re: [squid-users] Is it possible to have squid as do Proxy and OWA/RPCoHTTPS accelerator?

From: Alan Lehman <alehman_at_gbateam.com>
Date: Thu, 1 Jan 2009 21:52:13 -0600

So I have OWA and RPCoHTTPS accelerator working on 3.0, with forward
proxy on a separate instance of 2.6. Now I'm building a new Redhat box
and I would like to handle both my normal LAN proxy and reverse proxy
for OWA, RPCoHTTPS and Activesync on one instance of Squid. It sounded
like 2.6 should be able to handle the chunked encoding and NTLM auth
required for Activesync. Can I/should I do all this on one instance of
Squid? Am I asking too much?

The latest Redhat comes with 2.6STABLE6, which I realize this is rather
old. But I decided to forge ahead and try it.

I am directing two different public domains to the same Exchange server.
This basic configuration works on 3.0. Now trying to add it to the 2.6
forward proxy config, sometimes Squid seems to be redirecting forward
proxy requests to my OWA server, and I get:

The following error was encountered:
    * Socket Failure
The system returned:
    (99) Cannot assign requested address
Squid is unable to create a TCP socket, presumably due to excessive
load. Please retry your request.

Config follows...

#OWA
https_port domain1-owa:443 cert=/usr/share/ssl/combined.crt
key=/usr/share/ssl/owa.key defaultsite=owa.domain1.com
https_port domain2-owa:443 cert=/usr/share/ssl/domain2/domain2-owa.pem
defaultsite=owa.domain2.com
cache_peer ip_of_exchange parent 443 0 no-query originserver login=PASS
ssl sslflags=DONT_VERIFY_PEER
sslcert=/usr/share/ssl/exchange/exch-owa.pem name=owa-server
acl OWA dstdomain owa.domain1.com
acl OWA dstdomain owa.domain2.com
cache_peer_access owa-server allow OWA
never_direct allow OWA
http_access allow OWA

#rpc_http
https_port domain1-rpc:443 cert=/usr/share/ssl/rpc/rpc.pem
defaultsite=rpc.domain1.com
https_port domain2-rpc:443 cert=/usr/share/ssl/domain2/domain2-rpc.pem
defaultsite=rpc.domain2.com
cache_peer ip_of_exchange parent 443 0 no-query originserver login=PASS
ssl sslflags=DONT_VERIFY_PEER
sslcert=/usr/share/ssl/exchange/exch-owa.pem name=rpc-server
acl RPC dstdomain rpc.domain1.com
acl RPC dstdomain rpc.domain2.com
cache_peer_access rpc-server allow RPC
never_direct allow RPC
http_access allow RPC

[typical stand-alone forward http proxy configuration follows]

Any thoughts would be most appreciated.

Thanks
Alan Lehman
Received on Fri Jan 02 2009 - 03:52:31 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 02 2009 - 12:00:02 MST