[squid-users] sharing generated certs between squid instances
Alex Rousskov
rousskov at measurement-factory.com
Tue Aug 29 18:34:20 UTC 2023
On 8/26/23 1:53 PM, Brendan Kearney wrote:
> list members,
>
> i have a couple squid instances that are performing bump/peek/splice and
> generating dynamic certs. i want to share the certs that are generated
> by the individual instances across the rest of them, via NFS or some
> shared mechanism. so, if squid1 creates a certs i want squid2, squidN
> to be able to leverage that cert and not have to create the cert again.
>
> having tried to put the certs on a NFS share, i am seeing that all of
> the instances run into file locking issues when updating the database
> file "index.txt".
>
> is there any way to share the certs between instances to save processing
> power/time?
I believe there is. Use a file system that supports the locking
mechanism used by Squid (sorry, I cannot recommend anything specific,
but something basic like sshfs might work in some environments) or
implement your own certificate generation helper that does
locking/sharing the way you want it to.
The generated certificates themselves are meant to be
interchangeable/stable.
HTH,
Alex.
More information about the squid-users
mailing list