Search squid archive

Re: Reverse proxy on two sub-domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Elli Albek wrote:

Hi,
I am trying to set up squid as reverse proxy for two sub domains with the
same origin server:

http_port 3128 accel defaultsite=s1.blah.com:80
cache_peer 1.2.3.4 parent 1234 0 no-query originserver name=my_parent

acl url_s1_dir urlpath_regex ^/s1_dir/
acl url_s2_dir urlpath_regex ^/s2_dir/
acl s1_domain dstdomain s1.blah.com
acl s2_domain dstdomain s2.blah.com
http_access allow s1_domain url_s1_dir
http_access allow s2_domain url_s2_dir

cache_peer_domain my_parent .blah.com
This maps the two domains/directories s1.blah.com/s1_dir s2.blah.com/s2_dir 

Nothing else is allowed.

It works for s1, but does not work for s2. When I look at the access log, I
see that squid is rewriting the domain name for s2 requests to s1, and this
does not pass the s1 ACL. 
So if I go to:
http://s2.blah.com/s2_dir/hello
Squid rewrites it to:
http://s1.blah.com/s2_dir/hello

S1 domain works end-to-end.

From what I can understand from the docs defaultsite is used when NOT SENT
from the client. Docs: "What to use for the Host: header if it is not present in a request" 
My client does send it in the request.

Any ideas? Do I need vhost? If I do vhost, what is the default domain when
it is not specified? Do I need both vhost and defaultsite in one line?

Thanks

Elli
You need to kill whatever interception rules are sending stuff to port 3128 and setup a real virtual hosting reverse proxy. 


 http_port 80 accel vhost defaultsite=s1.blah.com:80
 cache_peer 1.2.3.4 parent 1234 0 no-query originserver name=my_parent

 acl url_s1_dir urlpath_regex ^/s1_dir/
 acl url_s2_dir urlpath_regex ^/s2_dir/
 acl s1_domain dstdomain s1.blah.com
 acl s2_domain dstdomain s2.blah.com
 http_access allow s1_domain url_s1_dir
 http_access allow s2_domain url_s2_dir
 http_access deny all

...Thats it, the entire lot.

see http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting
If you get badly coded web-apps on the parent ending requests to port 1234 you may also need this: 
 http_port 1234 accel vhost defaultsite=s1.blah.com:80


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
  Current Beta Squid 3.1.0.8
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux