On 5/4/22 12:30, roee klinger wrote:
Basically, I need to set up a cache_peer, and have all traffic to it be
sent using CONNECT, and add an HTTP CONNECT header such as:
CONNECT test1 HTTP/1.1\r\n\r\n .
Is that possible with Squid?
Squid can be configured to forward all http_port and https_port traffic
to a cache_peer. The same may be true for ftp_port, but I am not sure.
However, Squid cannot be configured to forward "all traffic" (i.e. all
protocols and all protocol commands) using the CONNECT request method
specifically. For example, plain HTTP GET requests received on an
http_port will be forwarded using the GET method, not CONNECT.
Furthermore, it would be difficult (and probably wrong) to rewrite the
destination of all requests to "test1". In most cases, a request going
to origin server A should look different than a request going to origin
server B. However, I am not sure whether "test1" in your template was a
constant that should not be changed across requests.
Finally, I doubt that you actually need to forward _all_ traffic using
CONNECT tunnels. You probably need to forward some specific requests.
For that (unknown to me) subset of requests, Squid may (or may not) use
CONNECT when talking to a configured cache_peer.
Alex.
On 3 May 2022, 16:30 +0300, Alex Rousskov wrote:
On 5/3/22 06:12, roee klinger wrote:
Hey,
I am trying to use Squid with FTP server TCP Port Multiplexing, on the
FRP documentation (https://github.com/fatedier/frp#tcp-port-multiplexing
<https://github.com/fatedier/frp#tcp-port-multiplexing>), it says:
frp supports receiving TCP sockets directed to different proxies on
a single port on frps, similar to vhost_http_port and vhost_https_port.
The only supported TCP port multiplexing method available at the
moment is httpconnect - HTTP CONNECT tunnel.
When setting tcpmux_httpconnect_port to anything other than 0 in
frps under [common], frps will listen on this port for HTTP CONNECT
requests.
The host of the HTTP CONNECT request will be used to match the proxy
in frps. Proxy hosts can be configured in frpc by configuring
custom_domain and / or subdomain under type = tcpmux proxies, when
multiplexer = httpconnect.
In the above configuration - frps can be contacted on port 1337 with
a HTTP CONNECT header such as:
CONNECT test1 HTTP/1.1\r\n\r\n
and the connection will be routed to proxy1.
I have been struggling to find info about the use of CONNECT tunnels in
Squid, the only page that seems to be talking about it is this:
https://wiki.squid-cache.org/Features/HTTPS
<https://wiki.squid-cache.org/Features/HTTPS>, and the link it points to
is broken.
My question is, how can I use this with Squid? Can I configure Squid to
receive traffic and then send it out to FRP with a custom CONNECT header?
I am not sure if this is only good for web servers, or if upstream proxy
servers can use this method too.
CONNECT is usually used for opening TCP tunnels through HTTP proxies.
Squid uses CONNECT (only) when the HTTP protocol requires such use:
Squid will send a CONNECT request if you configure Squid to talk to a
configured cache_peer (without an originserver flag), provided Squid
needs to open a TCP tunnel through that cache_peer.
Squid uses TCP tunnels in several cases. The most common use case is
when Squid is forwarding a received CONNECT request (or an intercepted
TLS connection) through a cache_peer.
I have not studied FRP documentation and do not know how it all maps to
your specific use case, but if you can summarize your use case in basic
FTP/HTTP/TLS terms (e.g. Squid receives FTP request X and should send
HTTP request Y), we may be able to help you with Squid configuration.
Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
