On 2013-12-06 02:37, Gianluigi Ruggeri wrote:
I'm very very confused!!
When is necessary to configure Squid as transparent proxy and when is
necessary to configure it as accellerator?
The word "transparent" by itself simply means "see-through" in English
and that is exactly what it means in language about proxies as well.
There are many phrases and terms describing proxy behaviour which use
it, => "transparent proxy" is a *3* word phrase where somebody left out
the most important word which described the operation which is behaving
transparently (eg transparent interception, transparent authentication,
transparent relay, transparent/auto- configuration).
in this page
http://www.deckle.co.uk/squid-users-guide/accelerator-mode.html
I read:
"NOTE: This information is outdated as of 2.6. "
That document was written for squid-2.5 or older so much of the content
is wrong for 2.6 and later. In particular all the texts around
"transparent" are wrong. Sadly even the section on how to upgrade from
2.5 syntax to 2.6 syntax is wrong about how to use the 2.6 options :-(
When to use Accelerator Mode
Accelerator mode should not be enabled unless you need it. There are a
limited set of circumstances in which it is needed, so if one of the
following setups applies to you, you should have a look at the
remainder of this chapter.
Out of the whole page the only relevant part for you does seem to be the
use-case descriptions. The use-case you described earlier is the one
there labeled "Acceleration of a slow server". Ignore the other use-case
descriptions on that page and any of the texts mentioning "transparent".
Transparent Caching/Proxy
Squid can be configured to magically intercept outgoing web requests
and cache them. Since the outgoing requests are in web-server format,
it needs to translate them to cache-format requests. Transparent
caching is covered in detail in the following section.
Note that this is talking about *outgoing* traffic:
LAN users -> (transparent intercept) Squid -> Internet websites
You said you wanted the opposite:
Internet visitors -> Squid -> Apache in LAN
Back to the problem:
did vport=80 on your http_port line work?
If no, then you will have to configure Apache to ensure that it uses
port 80 (or no port at all) on any URLs it is generating in page content
and 3xx redirects.
The easy way to do that is to run Apache on a different IP address, but
on port 80 itself. That way both software think port 80 is the users
port and you don't have to worry about port details leaking out.
If you do choose to leave Apache on port 8008 or whatever, then it is a
good idea to also have Squid listening on that port on the public IP to
catch any traffic which gets sent tehre accidentally. You can either
accept and pass that traffic to Apache normally with "http_port 8008
accel vport=80" or in the latest releases use a deny_info and myportname
ACL to redirect it back to port 80.
Amos
