I should have mentioned I am running Squid3.0 Stable 18 > -----Original Message----- > From: Andy Litzinger > Sent: Wednesday, August 12, 2009 10:03 AM > To: 'squid-users@xxxxxxxxxxxxxxx' > Subject: Reverse Proxy that listens and forwards to multiple ports to > the same backend server > > Hi all, > I'm banging my head on what I think should be a simple config. I > want squid to receive requests on port 80 and forward them on to the > origin server on port 80. I also want squid to receive requests on > port 8081 and forward requests to the same origin server on port 8081. > > I have a Load Balancer (BigIP) sitting in front of my Squid server and > the origin server Squid points to is also actually a VIP on the LB that > sits in front of a pool of real origin servers. > > The goal is simple proxy- I'm not caching anything (that is working > fine). > > Clients connect to http/https://my.test.com > This resolves in my DNS to 192.168.94.225, a VIP hosted on the LB that > forwards traffic on to Squid. > The origin server VIP for the content is 192.168.94.226 > > > This is what the flows should look like focusing only on the > destination TCP port as it goes through each device: > Desired HTTP request flow: > Request port 80 ---> LB ---> request port 80 ---> Squid ---> request > port 80 ---> origin VIP on LB ----> request port 8080 ---> server > listening on port 8080 > > Desired HTTPS request flow: > Request port 443 ---> LB (SSL offload) ---> request port 8081 ---> > Squid ---> request port 8081 ---> Origin VIP on LB ----> request port > 8081 ---> server listening on port 8081 > > > What I see happening for the HTTPS requests is that the request arrives > properly at the squid server on port 8081, but squid forwards the > request to the Origin VIP on port 80 instead of 8081. > > Here is the config I'm trying: > > http_port 80 accel defaultsite=my.test.com > http_port 8081 accel defaultsite=my.test.com > icp_port 0 > htcp_port 0 > snmp_port 3401 > > debug_options ALL,1 33,2 > > cache_peer 192.168.94.226 parent 80 0 no-query no-digest originserver > name=my_test > cache_peer 192.168.94.226 parent 8081 0 no-query no-digest originserver > name=my_test_ssl > > acl our_http_port port 80 > acl our_ssl_port port 8081 > acl my_test_dom dstdomain my.test.com > > cache_peer_access my_test_ssl allow our_ssl_port my_test_dom > cache_peer_access my_test_ssl deny all > > cache_peer_access my_test allow our_http_port my_test_dom > cache_peer_access my_test deny all > > # acl to block caching > acl our_sites dstdomain .test.com > # acl listing the IP of each vip > acl vips dst 192.168.94.225 > acl acceleratedPort port 80 8081 > > # we do NOT want the responses to > # any requests to be cached. > cache deny our_sites > # Allow requests to make it through to the VIPs > # but only on the expected ports > http_access allow vips acceleratedPort > http_access deny all > http_reply_access allow all > > cache_effective_user squid > cache_effective_group squid > visible_hostname testproxy.test.com > unique_hostname testsquid01 > > client_db off > uri_whitespace allow > strip_query_terms off > relaxed_header_parser on > minimum_expiry_time 30 seconds > > request_header_access Accept-Encoding deny all > > any suggestions? > > Thanks! > Andy
