[squid-users] Reverse proxy and TUNNEL to same cache peer

Hariharan Sethuraman srnhari at gmail.com
Wed Aug 8 04:49:44 UTC 2018


I think giving name helped to fwd/reverse to same parent proxy port:
cache_peer parent-proxy.domain.com parent 80       0  no-query no-digest
login=PASS originserver name=reverseproxy
cache_peer parent-proxy.domain.com parent 80       0  no-query no-digest
login=PASS name=forwardproxy


On Wed, Aug 8, 2018 at 9:55 AM, Hariharan Sethuraman <srnhari at gmail.com>
wrote:

> > The traffic types have different syntax. It is possible to have a parent
> > proxy which receives both, but that has to be different ports and
> > different cache_peer links between them.
>
> As I said in same cache_peer (without changing the parent proxy port),
> both forward (removed originserver option) and reverse (with origin server
> option) works.
> For now, I will go with two squid instances one instance for forward and
> other for reverse till I get an answer.
>
> On Wed, Aug 8, 2018 at 6:07 AM, Hariharan Sethuraman <srnhari at gmail.com>
> wrote:
>
>> Yes correct, the parent Proxy is a forward, but the squid will have to do
>> both from client aspect.
>>
>> Can I run two instances of squid - forward and reverse separately
>> considering my configuration is good enough?
>>
>> On Tue, 7 Aug 2018, 22:00 Amos Jeffries, <squid3 at treenet.co.nz> wrote:
>>
>>> On 08/08/18 04:01, Hariharan Sethuraman wrote:
>>> > Thanks Amos: yes agree that I should have told forward proxy.
>>> >
>>> > When I remove the originserver option from cache_peer, the forward
>>> proxy
>>> > is working so which means the rewriter is not precluding from
>>> happening.
>>> > Does that give any clue to us?
>>> >
>>>
>>> Ah, cant believe I missed that. If the parent proxy is your access to
>>> the Internet then is *not* a reverse-proxy. It cannot be and receive
>>> proxy<->proxy traffic.
>>>
>>> Any attempt to change the scheme is erased because the scheme is not
>>> part of origin-form message syntax.
>>>
>>>
>>> > Moreover the reverse proxy is in next hop to the client and not in
>>> > internet. Time being, we are ok to have insecure channel between client
>>> > and squid. Do you have any sample config that that uses a parent proxy
>>> > to do both forward/reverse proxy? Or do you see my config is good
>>> enough
>>> > for this requirement.
>>> >
>>>
>>> The traffic types have different syntax. It is possible to have a parent
>>> proxy which receives both, but that has to be different ports and
>>> different cache_peer links between them.
>>>
>>> Amos
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180808/5d798f36/attachment-0001.html>


More information about the squid-users mailing list