§ On Mon, Mar 9, 2009 at 1:53 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > Pavel Georgiev wrote: >> >> On Mon, Mar 9, 2009 at 1:24 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> >> wrote: >>>> >>>> I'm trying to get squid to work as a reverse proxy in front of a >>>> single web server which runs domain virtualhosts: >>>> >>>> http_port in:80 vhost >>>> cache_peer out parent 80 0 originserver >>>> 'in' is my input address, 'out' is the address of of the web server. >>>> >>>> The problem that I have is that each requests takes a considerable >>>> time to process (in which time squid is trying to resolve the Host: >>>> hostname and since I dont have a dns on the squid box, resolve never >>>> succeeds). Eventually the page is served, it just waits through some >>>> timeout on every request. Adding my vhosts to /etc/hosts on the squid >>>> box solves the issue. >>>> >>>> Can I have an accelerator for a single backend server with vhosts, >>>> without the need to resolve the Host: header (or if not possible, how >>>> to effectivly workaround it, adding all vhosts to /etc/hosts is not an >>>> option)? >>> >>> The recommended reverse-proxy accelerator setup does not require DNS in >>> any form. >>> >>> http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator >>> >>> It is possible to direct "cache_peer_access blah allow all" to the web >>> server if you only have one backend and all domains go to it. Just note >>> that this removes any false-domain restrictions squid might otherwise >>> provide, and only works with a single back-end. >>> >>> Amos >>> >> >> The provided example suggest using 'http_port ... defaultsite=...' >> which ends up rewriting the Host: header in the request to the backend >> server (which would not work with vhosts), > > No. defaultsite= adds a new Host: header if none was provided. Upgrading the > broken request to HTTP-compliance. Any other behavior is a bug in your > Squid. > >> and as soon as I change >> that to 'http_port ... vhost' and add the 'cache_peer access ... allow >> all' l get the dns timeouts. > > Ah, maybe 'all' (AKA 0.0.0.0/0) is doing the rDNS to find an IP to test > against emptiness. Sorry, I'm so used to Internet connected machines having > access to DNS its hard to think around it. > >> >> So is it possible to have vhosts for a single backend server without dns? > > Um, give this a try: > acl anyHost dstdomain . > cache_peer_access X allow anyHost > > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 > Current Beta Squid 3.1.0.6 > Adding dafaultsite=... rewrites the Host: header even when a valid Host: header is present in the request. Adding vhost to the http_port still requires DNS for resolving the hostname from the host header and the dstdomain . workaround did not help. I`ll try a newer version to see if that helps. Let me know if you have any ather ideas how to make this work as I`d rather stick with the current version that comes with the distro.