Search squid archive

Re: SQUID Reverse Proxy not forwarding requests to Apache web server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/01/2012 1:52 p.m., Roman Gelfand wrote:
My squid server 3.1.6 sits in dmz.  On this server, I am running
apache server 2.2.9.  My goal is to a) cash owa responses b) forward
https owa requests to the Apache server on port 8443 c) The Apache
server forwards the request to internal exchange server.

Why bother with relaying it through Apache? Squid does the job of being a proxy better than Apache web server can. Particularly since you already have the traffic going through a Squid.


Below, is my squid reverse proxy configuration.  The domain
webmail.mydomain.com resolves to the of external interface of the
exchange server.  However, I am saying, in configuration, that
cache_peer is localhost.  Nevertheless, the https request is never
forwarded to apache server.  Rather, it is going directly to the
external interface of the exchange server.

Where am I going wrong here?

You have not provided any info about what the client traffic is actually requesting and what the Apache server is responding with when squid tries to pass the requests there.

You are missing the cache_peer_access rules to limit what traffic goes through Apache. So everything will be attempted.

You are missing never_direct rules denying Squid direct contact with the requested domain server.


hierarchy_stoplist cgi-bin
acl QUERY urlpath_regex cgi-bin
shutdown_lifetime 1 second
visible_hostname webmail.mydomain.com

#1GB disk cache
cache_dir ufs /usr/local/squid/var/cache 1024 16 256

maximum_object_size 5 MB
cache_mem 1024 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 512 KB

cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA

https_port 443 cert=/etc/apache2/certs/pkey.pem
key=/etc/apache2/certs/sitecert.key vhost vport
cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver
sslflags=DONT_VERIFY_PEER front-end-https login=PASS

Thanks in advance



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux