[squid-users] Not sure if reverse proxy is what I need
squid3 at treenet.co.nz
Sun Apr 17 09:28:59 UTC 2016
On 16/04/2016 5:13 a.m., Renato wrote:
> Hi guys,
> I'm not sure if squid is what I need, so I'll try to explain my
> scenario to make it clear what I need:
> I have lots of virtual machines, each one running a web service.
> Those virtual machines are not exposed to the internet.
> To access the virtual machines, I want to have a "client database",
> each client will have an username, a password and the IP address and
> port number for the virtual machine, like this:
> client1, pass_cli1, http://192.168.0.1:8081
> client2, pass_cli2, http://192.168.0.1:8082
> client3, pass_cli3, http://192.168.0.1:8083
> client4, pass_cli4, http://192.168.0.2:8081
> What I'm thinking of doing is to let squid exposed to the internet,
> with authentication. When a client connects, a login/password is
> asked. If the login/pass matches one of the clients on the list,
> squid will reverse proxy to the corresponding address on database.
> Is it possible to achieve this only with squid or I need others tools too?
You will need some tool to export the database records into files
containing the cache_peer settings for each VM. One file per VM is
usually best so you can add/delete easily.
Make a directory where these config snippet files go. Only put
squid.conf snippets in there.
Use the "include" directive in squid.conf to pull in the directory
contents and have your DB tool trigger Squid to be reconfigured each
time it changes those files.
Use HTTP authentication rules in cache_peer_access to determine which VM
peer is accessible to each username to avoid needing to reconfigure each
time somebody logs in.
More information about the squid-users