Search squid archive

Re: Multiple site example

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Gregori Parker wrote:

You only need one http_port statement with one defaultsite...define
multiple cache_peer parents, like so, and make sure you're acl's are
straight (this is the tricky aspect of reverse-proxy imo, getting the
security right)


http_port 80 accel defaultsite=bananas.mysite.com vhost
cache_peer 10.10.10.1 parent 80 0 no-query no-digest originserver
name=mysite1
cache_peer 10.10.10.2 parent 80 0 no-query no-digest originserver
name=mysite2
cache_peer 10.10.10.3 parent 80 0 no-query no-digest originserver
name=mysite3
cache_peer_domain mysite1 apples.mysite.com
cache_peer_domain mysite2 oranges.mysite.com
cache_peer_domain mysite3 bananas.mysite.com

acl my_site1 dstdomain apples.mysite.com
acl my_site2 dstdomain oranges.mysite.com
acl my_site3 dstdomain bananas.mysite.com
acl myaccelport port 80

cache allow my_site1
cache allow my_site2
cache allow my_site3

http_access allow my_site1 myaccelport
http_access allow my_site2 myaccelport
http_access allow my_site3 myaccelport
To keep the security straight and easy I prefer setting the ACL earlier and re-using the exact same condition like so: 

 cache_peer .... namePeerN
 acl aclname dstdomain fubar.example.com
 http_access allow aclname
 cache_peer_access peerN allow aclname
 cache_peer_access peerN deny aclname

That keeps each domain handling config separate and easily checked.
No fiddling around with ports or multiple lists of domains in simple setups.

Amos



Personally, I use a load balancer to direct traffic to Squid, and have
the hostnames redefined in /etc/hosts to get traffic to the backend
servers

Hope that helps, YMMV

- Gregori

-----Original Message-----
From: Ramon Moreno [mailto:rammor1@xxxxxxxxx] Sent: Friday, November 14, 2008 1:24 PM 
To: Henrik Nordstrom
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  Multiple site example

Henrik,

Thanks for the quick reply.

So I think this answers the cache peer question.

The other is what do I specify for the http_port section.

Currently I only am doing acceleration for one site:
http_port 80 accel defaultsite=bananas.mysite.com

How do I configure this parameter for 3 sites while using the same
port? I am guessing, but would it be something like this:
http_port 80 accel defaultsite=bananas.mysite.com vhost
http_port 80 accel defaultsite=apples.mysite.com vhost
http_port 80 accel defaultsite=oranges.mysite.com vhost




On Fri, Nov 14, 2008 at 1:12 PM, Henrik Nordstrom
<henrik@xxxxxxxxxxxxxxxxxxx> wrote:

On fre, 2008-11-14 at 12:19 -0800, Ramon Moreno wrote:


I know how to accelerate for one site based on the faq, however not
too sure how to do multiple.

It's also in the FAQ..

Squid FAQ Reverse Proxy - Sending different requests to different

backend web servers
http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-7bd155a1a9919bda8
ff10ca7d3831458866b72eb

Regards
Henrik




--
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
  Current Beta Squid 3.1.0.2
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux