Search squid archive

R: Re: [squid-users] Reverse proxy problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Cool, it works!!!!

Now Squid 2.6 stable 20 (on windows, thank you 
Guido) runs really good. 

Thanks thanks thanks!!!

Another question...
with squid i have to deliver 3 services:
1. proxy on port 8080 (it 
works);
2. reverse proxy on port 10000 (and NOW it works);
But...if i 
want to (third service) reverse another port on the same server?

Schema (always the same):
MOBILE USER -> internet -> Squid(DMZ) -> FW -
> Mail(LAN)
but...now services answers on port 8642

if i insert 
http_port ipSquid:8642 accel vhost defaultsite=fqdnMailDomain:8642 -> 
OK

but
cache_peer ipMail 8642 0 no-query originserver -> Fail! (double 
cache_peer on the same server)

Thanks in advance/GfV
----Messaggio 
originale----
Da: squid3@xxxxxxxxxxxxx
Data: 2-mag-2008 1.50 PM
A: 
"Gianfranco Varone [TIN]"<gfvarone@xxxxxx>
Cc: <squid-users@squid-cache.
org>
Ogg: Re:  Reverse proxy problem

Gianfranco Varone 
[TIN] wrote:
> Hi to all, 
> firstable sorry for my english!!
> 
> I'm 
trying to configure 
> reverse proxy with Squid version 2.6, to permit 
users to connect  to 
> our mail server
> 
> Schema as follow:
> USER -
> internet -> Squid(DMZ) -> FW 
> -> Mail(LAN)
> Squid AND Mail answer 
on tcp port 10000
> 
> Squid.conf:
> http_port ipSquid:10000 
vhost=ipMail:10000 vport=10000 accel

http_port ipSquid:10000 accel 
vhost defaultsite=fqdnMailDomain:10000

> cache_peer ipMail 10000 0 no-
query originserver
> acl MailServer ipMail/32

acl MailServer dstdomain 
fqdnMailDomain

> always_direct deny all !MailServer

No. Instead:

never_direct allow fqdnMailDomain
http_access allow fqdnMailDomain
cache_peer_access ipMail allow fqdnMailDomain
cache_peer_access deny 
all

> 
> So, if i try to connect to http:
> //ipProxy:10000/ i get the 
login page, but every request automatically 
> redirect to http:
//ipMail:10000 and i obviously get errors!

Prefer FQDN for public 
mail.
Point FQDN for mail at ipSquid so clients can get to proxy.

NP: 
no need for squid to listen on 10000, it can be anything. The 
clients 
never know the private link to mail and mail only knows squid is 
connecting correctly.

> 
> Using 
> squid 2.5 instead it works 
perfectly!
> 
> Squid 2.5 conf:
> http_port 10000
> httpd_accel_host 
192.168.0.8
> httpd_accel_port 10000
> httpd_accel_single_host on
> 
httpd_accel_uses_host_header on
> httpd_accel_with_proxy on
> 
> Where 
i'm in wrong???
> 
> Cheers/GfV

Amos
-- 
Please use Squid 2.6.STABLE20 
or 3.0.STABLE5
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux