On 14/11/2016 2:58 p.m., creditu wrote: > I'm having trouble understanding how to configure an accelerator to > handle multiple IPs and backend servers. In the past we used virtual > IPs and a redirector script to send the requests to a given backend. > Now we need to change to cache peer statements. What you need is cache_peer_access as documented at <http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting> and <http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers>. > > Given the following: > > Squid listens on: > 10.10.10.1 - www.example.com > 10.10.10.2 - dev.example.com > > For .1, there are 3 backend origin servers. > For .2 there is only 1 backend origin servers. > > The following config (right now we need to handle both http and https): > https_port 10.10.10.1:443 accel defaultsite=www.example.com > cert=/etc/squid/www.crt key=/etc/squid/www.key > http_port 10.10.10.1:80 accel defaultsite=www.example.com > > # For www.example.com > cache_peer 192.168.1.2 parent 80 0 no-query originserver round-robin > cache_peer 192.168.1.3 parent 80 0 no-query originserver round-robin > cache_peer 192.168.1.4 parent 80 0 no-query originserver round-robin > > This seems to work fine for 10.10.10.1 (www.example.com), but I'm stuck > on how to handle 10.10.10.2 (dev.example.com)and tell it to send > requests coming in to a different cach_peer (cache_peer 192.168.0.1 > parent 80 0 no-query originserver)? Use cache_peer_access to only permit the www.example.com dstdomain. Like so: acl site1 dstdomain www.example.com cache_peer_access 192.168.1.2 allow site1 cache_peer_access 192.168.1.2 deny all cache_peer_access 192.168.1.3 allow site1 cache_peer_access 192.168.1.3 deny all cache_peer_access 192.168.1.4 allow site1 cache_peer_access 192.168.1.4 deny all > > Just guessing, but can I do something like this along with the above: > https_port 10.10.10.2:443 accel defaultsite=dev.example.com > cert=/etc/squid/www.crt key=/etc/squid/www.key > http_port 10.10.10.2:80 accel defaultsite=dev.example.com > > cache_peer 192.168.0.1 parent 80 0 no-query originserver > Follow that with cache_peer_access like above, but allowing access only to the dev.example.com domain. > If so, I'm unsure how to do the ACLs to direct the traffic to the > correct backend servers. Especially since for www.example.com I can not > use the same name= statement for all three backends to construct the > ACLs. name= is just a label for the cache_peer link. It does not by itself do anything like permissions. The default name= for any peer link is the text you put in as IP/hostname Squid is to contact. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users