sön 2006-07-16 klockan 21:24 +0200 skrev gwaa: > Hello List, > I try to setup with SQUID3: > HTTP[internet:80]<-->[80:NATfirewall:3128]-->[SQUID3:80]<->[80:multiples web > servers: IN LAN] ok. > HTTPS[internet:443]<-->[443:NATfirewall:10443]-->[SQUID3:443]<-->[443:multiple > web servers IN LAN] ok, kind of... running a SSL domain based virtual host requires the use of a wildcard certificate which most CA:s either won't give you or charge you a ridiculous sum for.. > Just to try HTTP accelerator mode, i insert in /usr/local/squid/etc/squid.conf > > http_access allow our_networks > http_access allow all > http_port 3128 accel vhost vport=80 Should read http_port 80 vhost defaultside=your.main.site https_port 443 vhost defaultsite=your.main.site key=/path/to/ssl_key.pem cert=/path/to/ssl_cert.pem > acl http proto http > acl port3128 port 3128 Why port 3128? > acl domains_server1 dstdomain .domaine1.com .domain2.com ok. > cache_peer 192.168.2.2 parent 3128 0 no-query originserver name=www-servers Kind of.. should be one per web server, or none.. and ports and options need to match what the server uses. 3128 does not look right.. > cache_peer_access www-servers allow domains_server1 Ok, except that it should consider if it's http or https... > http_access allow http port3128 domains_server1 Ok, assuming the port3128 ACL gets redefined proper. > always_direct allow domains_server1 Don't.. Or if you do that, don't define any cache_peers. But the cache_peer based request forwarding is generally more flexible, especially if you want to add redundancy to some web servers etc. > But i always have this error: > While trying to retrieve the URL: http://www.domain1.com/ > The following error was encountered: > Access Denied. Your current http_access rule is the culpit.. vport=80 makes the reconstructed URLs all use port 80, while your http_access rule looks for port 3128... Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
