On 11/08/18 01:15, erdosain9 wrote: > Hi to all. > I was reading several tutorials and I can not find what I'm doing wrong. > I want to use squid to redirect to these two sites that are both within my > domain. > > In my internal dns I have declared both servers, with their corresponding > ips, also squid. > > reverse.mydomain.lan 192.168.1.21 (SQUID) > So "reverse.mydomain.lan" is the public name which your users/clients are browsing ... > php.mydomain.lan 192.168.1.223 > ticket.mydomain.lan 192.168.1.246 .. and clients never connect to the above directly. So these domains are never to be accessed by users/clients. If (as I suspect) the above statements are not true, then your naming is the first thing that is wrong. The domain name(s) which your clients access should point to the proxy. There can be multiple. > > In addition to the internal DNS, I have the / etc / hosts configured with > these values: > [root@squidReverse ~]# cat /etc/hosts > 127.0.0.1 localhost localhost.localdomain localhost4 > localhost4.localdomain4 > #::1 localhost localhost.localdomain localhost6 > localhost6.localdomain6 > 192.168.1.21 reverse.mydomain.lan > 192.168.1.246 ticket.mydomain.lan > 192.168.1.223 php.mydomain.lan > These entries are not required when internal DNS is properly configured. (FYI: Current Squid versions can also use multicast-DNS for LAN servers if you use the standardized .local TLD for internal server names. That is not related to your problem though.) > > This is the configuration of the squid referring to the reverse proxy: > > http_port 192.168.1.21:80 accel vhost > > cache_peer 192.168.1.246 parent 80 0 proxy-only name=ticket > cache_peer 192.168.1.223 parent 80 0 proxy-only name=php > > acl ticket_acl dstdomain .MYDOMAIN.lan > http_access allow ticket_acl > cache_peer_access ticket allow ticket_acl > > > acl php_acl dstdomain .MYDOMAIN.lan > http_access allow php_acl > cache_peer_access php allow php_acl > > With this config when i go to reverse.mydomain.lan (from a web browser) i > get the ticket web, but how i can go to the second web?? php web?? Right now your ticket_acl and php_acl are exactly the same. So they are telling Squid that both peers are providing identical content (ie both are authoritative for anything inside *.mydomain.lan). The first of the available peers will be used, unless it starts to overload then the second will start receiving the traffic. To send traffic to one of the peers and not the other you need some way to distinguish between them. Normally you would have the ticket.* and php.* domain names both pointing at Squid (192.168.1.21) so your ACLs can check for and use the domain name to identify which peer is supposed to receive it. The cache_peer use raw-IP like you have, or a *different* server name from DNS pointing at the particular peer which can serve the content your ACLs let Squid send to it. The config example you want to follow is <https://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers>. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
