Le Lundi 17 Juillet 2006 00:05, vous avez écrit : > sön 2006-07-16 klockan 21:24 +0200 skrev gwaa: > > Hello List, > > I try to setup with SQUID3: > > HTTP[internet:80]<-->[80:NATfirewall:3128]-->[SQUID3:80]<->[80:multiples > > web servers: IN LAN] > > ok. > > > HTTPS[internet:443]<-->[443:NATfirewall:10443]-->[SQUID3:443]<-->[443:mul > >tiple web servers IN LAN] > > ok, kind of... running a SSL domain based virtual host requires the use > of a wildcard certificate which most CA:s either won't give you or > charge you a ridiculous sum for.. > > > Just to try HTTP accelerator mode, i insert in > > /usr/local/squid/etc/squid.conf > > > > http_access allow our_networks > > http_access allow all > > http_port 3128 accel vhost vport=80 > > Should read > > http_port 80 vhost defaultside=your.main.site > https_port 443 vhost defaultsite=your.main.site key=/path/to/ssl_key.pem > cert=/path/to/ssl_cert.pem > > > acl http proto http > > acl port3128 port 3128 > > Why port 3128? Because SQUID3 listen on 3128 > > > acl domains_server1 dstdomain .domaine1.com .domain2.com > > ok. > > > cache_peer 192.168.2.2 parent 3128 0 no-query originserver > > name=www-servers > > Kind of.. should be one per web server, or none.. and ports and options > need to match what the server uses. 3128 does not look right.. > > > cache_peer_access www-servers allow domains_server1 > > Ok, except that it should consider if it's http or https... > > > http_access allow http port3128 domains_server1 > > Ok, assuming the port3128 ACL gets redefined proper. > > > always_direct allow domains_server1 > > Don't.. > > Or if you do that, don't define any cache_peers. But the cache_peer > based request forwarding is generally more flexible, especially if you > want to add redundancy to some web servers etc. > > > But i always have this error: > > While trying to retrieve the URL: http://www.domain1.com/ > > The following error was encountered: > > Access Denied. > > Your current http_access rule is the culpit.. vport=80 makes the > reconstructed URLs all use port 80, while your http_access rule looks > for port 3128... > > Regards > Henrik Ok, I change my squid.conf, an now i have: http_access allow our_networks http_access allow all http_port 3128 vhost vport=80 protocol=http defaultsite=www.domain1.com acl http proto http acl port80 port 80 acl domain2_com dstdomain .domain2.com acl domain1_com dstdomain .domain1.com cache_peer 192.169.2.2 parent 80 0 no-query originserver name=domain1 cache_peer_access domain1 allow domain1_com cache_peer 192.168.2.32 parent 80 0 no-query originserver name=domain2 cache_peer_access domain2 allow domain2_com http_access allow http port80 domain2_com domain1_com always_direct allow domain2_com domain1_com port80 #misc config cache_effective_user squid cache_effective_group squid dns_nameservers 192.168.2.2 192.168.2.4 visible_hostname dns.domain1.com cache_mgr webmaster@xxxxxxxxxxx mail_from webmaster@xxxxxxxxxxx problem: domain2 works well domains1 not, i have this error: Timed out waiting for data Note: All LAN servers listen on 80 and 443, and servers are IP-based Virtual Hosts . The firewall fowards all http(s) requests to SQUID3. another mistake? thaks Regards
