On Wed, 06 Apr 2011 08:40:32 +1200, Mike Bordignon (GMI) wrote:
Hello
I'm using squid 3.1.6 on Debian Squeeze. I run two instances of squid
- on port 3128 and 3129. The instance on port 3128 services my LAN
clients, authenticating via Kerberos/negotiate. The other instance
acts as a transparent proxy (via a DNAT rule on a router).
I have two questions.
a) Is this the best way of achieving a transparent proxy, to run
another instance of squid, or can I successfully combine both
instances into one?
You can combine them both in any squid-2.6 or later.
Just place the http_port lines from each into one config file.
b) Should I have the two instances/caches peer with each other using
cache_peer ?
You may want it for failover or load leveling etc.
It is not necessary for handling the different types of traffic.
c) Can squid proxy SSL requests transparently ?
Yes. But only for one definition of "transparent": the HTTP RFC
definition.
/pedant
It will not handle NAT intercepted SSL.
Amos
