Pavel Georgiev wrote:
§
On Mon, Mar 9, 2009 at 1:53 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
Pavel Georgiev wrote:
On Mon, Mar 9, 2009 at 1:24 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx>
wrote:
I'm trying to get squid to work as a reverse proxy in front of a
single web server which runs domain virtualhosts:
http_port in:80 vhost
cache_peer out parent 80 0 originserver
'in' is my input address, 'out' is the address of of the web server.
The problem that I have is that each requests takes a considerable
time to process (in which time squid is trying to resolve the Host:
hostname and since I dont have a dns on the squid box, resolve never
succeeds). Eventually the page is served, it just waits through some
timeout on every request. Adding my vhosts to /etc/hosts on the squid
box solves the issue.
Can I have an accelerator for a single backend server with vhosts,
without the need to resolve the Host: header (or if not possible, how
to effectivly workaround it, adding all vhosts to /etc/hosts is not an
option)?
The recommended reverse-proxy accelerator setup does not require DNS in
any form.
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
It is possible to direct "cache_peer_access blah allow all" to the web
server if you only have one backend and all domains go to it. Just note
that this removes any false-domain restrictions squid might otherwise
provide, and only works with a single back-end.
Amos
The provided example suggest using 'http_port ... defaultsite=...'
which ends up rewriting the Host: header in the request to the backend
server (which would not work with vhosts),
No. defaultsite= adds a new Host: header if none was provided. Upgrading the
broken request to HTTP-compliance. Any other behavior is a bug in your
Squid.
and as soon as I change
that to 'http_port ... vhost' and add the 'cache_peer access ... allow
all' l get the dns timeouts.
Ah, maybe 'all' (AKA 0.0.0.0/0) is doing the rDNS to find an IP to test
against emptiness. Sorry, I'm so used to Internet connected machines having
access to DNS its hard to think around it.
So is it possible to have vhosts for a single backend server without dns?
Um, give this a try:
acl anyHost dstdomain .
cache_peer_access X allow anyHost
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
Current Beta Squid 3.1.0.6
Adding dafaultsite=... rewrites the Host: header even when a valid
Host: header is present in the request.
Adding vhost to the http_port still requires DNS for resolving the
hostname from the host header and the dstdomain . workaround did not
help. I`ll try a newer version to see if that helps. Let me know if
you have any ather ideas how to make this work as I`d rather stick
with the current version that comes with the distro.
Oh well. You will have to leave the http_port at the one that works for
you then.
As for the dstdomain. I've strted thinking again and recalled why I use
'all' in DNS-free configs:
in squid.conf it refers to "acl all src all" ==> *src*. The IP told to
squid by the OS when a client connects. You have not redefined it to
'dst' type have you? 'dst' requires DNS, 'src' does not.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
Current Beta Squid 3.1.0.6
