On Wed, 06 Apr 2011 08:40:32 +1200, Mike Bordignon (GMI) wrote:
Hello I'm using squid 3.1.6 on Debian Squeeze. I run two instances of squid - on port 3128 and 3129. The instance on port 3128 services my LAN clients, authenticating via Kerberos/negotiate. The other instance acts as a transparent proxy (via a DNAT rule on a router). I have two questions. a) Is this the best way of achieving a transparent proxy, to run another instance of squid, or can I successfully combine both instances into one?
You can combine them both in any squid-2.6 or later. Just place the http_port lines from each into one config file.
b) Should I have the two instances/caches peer with each other using cache_peer ?
You may want it for failover or load leveling etc. It is not necessary for handling the different types of traffic.
c) Can squid proxy SSL requests transparently ?
Yes. But only for one definition of "transparent": the HTTP RFC definition.
/pedant It will not handle NAT intercepted SSL. Amos