Search squid archive

Re: Reverse Proxy + Multiple Webservers woes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Hello,
>
> I am new to squid but not new to reverse proxies.  I am trying to
> implement a proxy that would work like this:
>
> www.example.com -> server 1
> example.com     -> server 1
> dev.example.com -> server 2
>
> I have read the wiki here:
> wiki.squid-cache.org/SquidFaq/ReverseProxy
>
> But I cant get it to work and I am about to pull my hair out.
>
> My squid.conf looks like:
> --------
> http_port 80 accel defaultsite=example.com
> cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2
> cache_peer_domain server_2 dev.example.com
> cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1
> cache_peer_domain server_1 example.com
> --------
>
> This gives me a big fat: "Access Denied"
>
> So I added this to my squid.conf:
> -------
> acl our_sites dstdomain example.com dev.example.com
> http_access allow our_sites
> -------
>

Correct.

> This clears the "Access Denied" however now all traffic goes to "server_1"
> (the .115 addy).

This is because cache_peer_domain lists a set of domain suffixes, ie it
has an implicit wildcard built-in to the domain pattern *.example.com /
*.dev.example.com.

>
> I have tried all sorts of cute ACLs included but not limited to delcaring
> ACSs for server_1 and server_2 respectively and allowing access to
> server_1 from server_1 sites and denying server_2 sites and vice versa.
> However this just gives me an "Access Denied" for all sites.
>
> I have also tired every example found on this issue in the Wiki.  I feel
> like the Wiki is leaving out a key config line that is causing this not to
> work, but I could be wrong.

You can't cleanly mix the cache_peer_domain and cache_peer_access.
Perhapse you were doing that.

I think you want this:

  http_port 80 accel defaultsite=example.com

  cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2

  acl dev dstdomain dev.example.com
  cache_peer_access server_2 allow dev
  cache_peer_access server_2 deny all
  http_access allow dev

  cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1

  acl www dstdomain example.com www.example.com
  cache_peer_access server_1 allow www
  cache_peer_access server_1 deny all
  http_access allow www

  http_access deny all


If you are still having problems with the above, then I think the error is
elsewhere than the peering config.

>
> I am runnig squid:
> Squid Cache: Version 2.7.STABLE6
> configure options:  '--disable-internal-dns'

Good idea to re-enable that.

Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux