For a 3.1 accelerator we have put the followinconfig together. This
accelerator will not be doing any caching since we use an external
service. Initially both http and https will be provided. Some
questions: I think the ordering of statements and acls is correct, but
was hoping to get some feedback if possible. Also, since we want to
turn caching off completely I was wondering if some of the statements
are unnecessary. Any feedback or recommendations on the overall config
would be appreciated.
-----------------------------------
visible_hostname squid.example.com
http_port 192.168.100.1:80 accel defaultsite=www.example.com vhost
http_port 192.168.100.2:80 accel defaultsite=dev.example.com vhost
http_port 192.168.100.4:80 accel defaultsite=test1.example.com vhost
https_port 192.168.100.1:443 accel defaultsite=www.example.com vhost
cert=/path/cert.pem key=/path/key.pem
options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,CIPHER_SERVER_PREFERENCE
cipher=[cipher-list] dhparams=/path/dhparams.pem
https_port 192.168.100.2:443 accel defaultsite=dev.example.com vhost
cert=/path/cert.pem key=/path/key.pem
options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,CIPHER_SERVER_PREFERENCE
cipher=[cipher-list] dhparams=/path/dhparams.pem
https_port 192.168.100.4:443 accel defaultsite=test1.example.com vhost
cert=/path/cert.pem key=/path/key.pem
options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,CIPHER_SERVER_PREFERENCE
cipher=[cipher-list] dhparams=/path/dhparams.pem
# Backend servers for www
acl www dstdomain www.example.com
cache_peer 10.10.10.1 parent 80 0 no-query no-digest originserver
round-robin
cache_peer_access 10.10.10.1 allow www
cache_peer_access 10.10.10.1 deny all
cache_peer 10.10.10.2 parent 80 0 no-query no-digest originserver
round-robin
cache_peer_access 10.10.10.2 allow www
cache_peer_access 10.10.10.2 deny all
# Backend server for dev
acl dev dstdomain dev.example.com
cache_peer 10.10.10.3 parent 80 0 no-query no-digest originserver
round-robin
cache_peer_access 10.10.10.3 allow dev
cache_peer_access 10.10.10.3 deny all
# Debug
#debug_options All,1
cache_effective_user squid
cache_effective_group squid
cache deny all
cache_log /var/log/squid/cache.log
buffered_logs on
cache_store_log none
strip_query_terms off
emulate_httpd_log on
logformat custom %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st
"%{Referer}>h" "%{User-Agent}>h" "%{Host}>h" "%tr" %Ss:%Sh
access_log /var/log/squid/access.log custom
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80
acl Safe_ports port 443
acl SSL_ports port 443
acl internal src 10.10.10.0/24
acl CONNECT method CONNECT
acl test1_dst dstdomain test1.example.com
acl test1-refer referer_regex -i [^:]+://[^/]+/test1/
acl test1 url_regex -i [^:]+://test1.example.com
deny_info TCP_RESET test1
http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
http_access deny CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny internal
http_access deny to_localhost
http_access allow localhost
http_access allow www
http_access allow dev
http_access allow test-refer
#http_access deny test1
http_access deny all
url_rewrite_program /usr/local/bin/red_http
url_rewrite_children 5
cachemgr_passwd none info
cachemgr_passwd disable all
cache_mgr user@xxxxxxxxxx
allow_underscore off
httpd_suppress_version_string on
log_mime_hdrs on
client_db off
log_icp_queries off
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
##cache_mem 1000 MB
##cache_dir diskd /var/spool/squid 5000 16 256
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
