[squid-users] Squid as reverse proxy for two or more webs
Antony Stone
Antony.Stone at squid.open.source.it
Fri Aug 10 14:36:28 UTC 2018
On Friday 10 August 2018 at 16:26:31, erdosain9 wrote:
> > php.mydomain.lan 192.168.1.223
> > ticket.mydomain.lan 192.168.1.246
> >
> >.. and clients never connect to the above directly. So these domains are
> >never to be accessed by users/clients.
>
> The client can connect directly from the domain. (i mean they can connect
> directly in work, but i want to do this (proxy reverse, for when they are
> at home...) I dont public yet nothing of this, im trying to do it first
> inside my network.
Ah, it might have been helpful for you to mention that in the first place.
> >If (as I suspect) the above statements are not true, then your naming is
> >the first thing that is wrong.
>
> Why?
Because the name the clients connect to myst resolve to the IP address of
Squid, for it work as a reverse proxy.
> >The domain name(s) which your clients access should point to the proxy.
> >There can be multiple.
>
> I dont get this.
If name.domain.lan points to 10.20.30.40, then a client browser requesting
http://name.domain.lan will start talking to machine 10.20.30.40
If you want that to be the real server, that's fine.
If you want that machine to be squid acting as a reverse proxy, that's fine
too.
The point is that the IP address must point to the machine you want the client
to connect to.
> >Right now your ticket_acl and php_acl are exactly the same. So they are
> >telling Squid that both peers are providing identical content (ie both
> >are authoritative for anything inside *.mydomain.lan). The first of the
> >available peers will be used, unless it starts to overload then the
> >second will start receiving the traffic.
> >
> >
> >To send traffic to one of the peers and not the other you need some way
> >to distinguish between them.
> >
> >Normally you would have the ticket.* and php.* domain names both
> >pointing at Squid (192.168.1.21) so your ACLs can check for and use the
> >domain name to identify which peer is supposed to receive it.
>
> I create two entries pointing to squid in DNS now.
> site1.mydomain.lan
> site2.mydomain.lan
So, both of those resolve to 192.168.1.21, right?
> > The config example you want to follow is
> > https://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers
>
> I read that... but i dont get what im doing wrong.
You want to follow the section:
Switching on Domains
Using cache_peer_access:
cache_peer ip.of.server1 parent 80 0 no-query originserver name=server_1
acl sites_server_1 dstdomain www.example.com example.com
cache_peer_access server_1 allow sites_server_1
> this is the config now.
>
> http_port 192.168.1.21:80 accel vhost
>
> cache_peer 192.168.1.246 parent 80 0 proxy-only name=site1
> cache_peer 192.168.1.223 parent 80 0 proxy-only name=site2
You are missing "originserver" at the very least. Otherwise Squid expects to
find another proxy at the IP address.
> acl soporte_acl dstdomain ticket.MYDOMAIN.lan
> http_access allow soporte_acl
> cache_peer_access site1 allow soporte_acl
>
> acl phplists_acl dstdomain php.MYDOMAIN.lan
> http_access allow phplists_acl
> cache_peer_access site2 allow phplists_acl
>
> ------------------------------------------------------------
>
> But, i get this error
>
> " Unable to forward this request at this time."
...when you requested what as a URL?
> 1533911112.071 1 192.168.6.20 TCP_MISS/500 4605 GET
> http://site1.MYDOMAIN.lan/ - HIER_NONE/- text/html
Looks like you entered "site1.mydomain.lan" into your browser.
Try "ticket.mydomain.lan" (after correcting the above config problems) instead.
> 1533911112.193 0 192.168.6.20 TCP_MEM_HIT_ABORTED/200 4274 GET
> http://reverse.MYDOMAIN.lan/squid-internal-static/icons/SN.png -
> HIER_NONE/- image/png
> 1533911124.117 0 192.168.6.20 TCP_MISS/500 4605 GET
> http://site2.MYDOMAIN.lan/ - HIER_NONE/- text/html
> 1533911124.217 0 192.168.6.20 TCP_MEM_HIT_ABORTED/200 4274 GET
> http://reverse.MYDOMAIN.lan/squid-internal-static/icons/SN.png -
> HIER_NONE/- image/png
Antony.
--
Salad is what food eats.
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list