Re: [squid-users] Reverse Proxy + Multiple Webservers woes
Karol Maginnis wrote: Hello, I am new to squid but not new to reverse proxies. I am trying to implement a proxy that would work like this: www.example.com - server 1 example.com - server 1 dev.example.com - server 2 I have read the wiki here: wiki.squid-cache.org/SquidFaq/ReverseProxy But I cant get it to work and I am about to pull my hair out. My squid.conf looks like: http_port 80 accel defaultsite=example.com cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2 cache_peer_domain server_2 dev.example.com cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1 cache_peer_domain server_1 example.com This gives me a big fat: Access Denied So I added this to my squid.conf: --- acl our_sites dstdomain example.com dev.example.com http_access allow our_sites --- This clears the Access Denied however now all traffic goes to server_1 (the .115 addy). I have tried all sorts of cute ACLs included but not limited to delcaring ACSs for server_1 and server_2 respectively and allowing access to server_1 from server_1 sites and denying server_2 sites and vice versa. However this just gives me an Access Denied for all sites. I have also tired every example found on this issue in the Wiki. I feel like the Wiki is leaving out a key config line that is causing this not to work, but I could be wrong. I am runnig squid: Squid Cache: Version 2.7.STABLE6 configure options: '--disable-internal-dns' I hate sending such a simple question to a mailing list but I have read the squid wiki so much that I almost have it memorized as far as the ReverseProxy pages are concerned. I'm too new with squid to help others but I have to say that I spent 2 weeks on the very same issue. Squid 2.6 has its options which are different from the 2.7 series and the big difference comes with the 3.x series. If it helps I solved my issue with the code bellow (Squid 3.0.STABLE7) but I'm pretty sure this won't work in 2.7 ;) -- cut -- cache_peer 192.168.1.115 parent 80 0 no-query no-digest originserver name=iis acl sites_iis dstdomain example.net cache_peer_access iis allow sites_iis http_access allow sites_iis --- end cut -- Maybe it's just me but something doesn't feel right in the above code but it works and for the moment I'm all too tired with this squid thingie...
Re: [squid-users] Reverse Proxy + Multiple Webservers woes
Hi. You try the following.. cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2 acl Server2-Domain dstdomain dev.example.com cache_peer_access server_2 allow Server2-Domain cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1 acl Server1-Domain dstdomain .example.com cache_peer_access server_1 allow Server1-Domain I defined dev.example.com for Server2. Out of this, I defined for Server1. You must look to Howto ACL. Regards. - Original Message - From: Karol Maginnis nullo...@sdf.lonestar.org To: squid-users@squid-cache.org Sent: Tuesday, April 07, 2009 9:30 PM Subject: [squid-users] Reverse Proxy + Multiple Webservers woes Hello, I am new to squid but not new to reverse proxies. I am trying to implement a proxy that would work like this: www.example.com - server 1 example.com - server 1 dev.example.com - server 2 I have read the wiki here: wiki.squid-cache.org/SquidFaq/ReverseProxy But I cant get it to work and I am about to pull my hair out. My squid.conf looks like: http_port 80 accel defaultsite=example.com cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2 cache_peer_domain server_2 dev.example.com cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1 cache_peer_domain server_1 example.com This gives me a big fat: Access Denied So I added this to my squid.conf: --- acl our_sites dstdomain example.com dev.example.com http_access allow our_sites --- This clears the Access Denied however now all traffic goes to server_1 (the .115 addy). I have tried all sorts of cute ACLs included but not limited to delcaring ACSs for server_1 and server_2 respectively and allowing access to server_1 from server_1 sites and denying server_2 sites and vice versa. However this just gives me an Access Denied for all sites. I have also tired every example found on this issue in the Wiki. I feel like the Wiki is leaving out a key config line that is causing this not to work, but I could be wrong. I am runnig squid: Squid Cache: Version 2.7.STABLE6 configure options: '--disable-internal-dns' I hate sending such a simple question to a mailing list but I have read the squid wiki so much that I almost have it memorized as far as the ReverseProxy pages are concerned. Thanks, -KJ nullo...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database: 270.11.44/2044 - Release Date: 04/06/09 18:59:00
RE: [squid-users] Reverse Proxy + Multiple Webservers woes
You need to add the vhost option to http_port so that Squid determines parent via hostname i.e. http_port 80 accel defaultsite=example.com vhost cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2 cache_peer_domain server_2 dev.example.com cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1 cache_peer_domain server_1 example.com *** NOTE: if you have DNS for example.com resolving to Squid, then make sure you override that in /etc/hosts on the squid boxes, pointing those records to your origins so that you don't run into a loop. For ACLs, I would recommend the following: acl your_site1 dstdomain example.com acl your_site2 dstdomain dev.example.com acl origin1 dst 192.168.1.114 acl origin2 dst 192.168.1.115 acl acceleratedPort port 80 cache allow your_site1 cache allow your_site2 http_access allow origin1 acceleratedPort http_access allow origin2 acceleratedPort http_access deny all GL, HTH - Gregori -Original Message- From: Karol Maginnis [mailto:nullo...@sdf.lonestar.org] Sent: Tuesday, April 07, 2009 11:30 AM To: squid-users@squid-cache.org Subject: [squid-users] Reverse Proxy + Multiple Webservers woes Hello, I am new to squid but not new to reverse proxies. I am trying to implement a proxy that would work like this: www.example.com - server 1 example.com - server 1 dev.example.com - server 2 I have read the wiki here: wiki.squid-cache.org/SquidFaq/ReverseProxy But I cant get it to work and I am about to pull my hair out. My squid.conf looks like: http_port 80 accel defaultsite=example.com cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2 cache_peer_domain server_2 dev.example.com cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1 cache_peer_domain server_1 example.com This gives me a big fat: Access Denied So I added this to my squid.conf: --- acl our_sites dstdomain example.com dev.example.com http_access allow our_sites --- This clears the Access Denied however now all traffic goes to server_1 (the .115 addy). I have tried all sorts of cute ACLs included but not limited to delcaring ACSs for server_1 and server_2 respectively and allowing access to server_1 from server_1 sites and denying server_2 sites and vice versa. However this just gives me an Access Denied for all sites. I have also tired every example found on this issue in the Wiki. I feel like the Wiki is leaving out a key config line that is causing this not to work, but I could be wrong. I am runnig squid: Squid Cache: Version 2.7.STABLE6 configure options: '--disable-internal-dns' I hate sending such a simple question to a mailing list but I have read the squid wiki so much that I almost have it memorized as far as the ReverseProxy pages are concerned. Thanks, -KJ nullo...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
[squid-users] Reverse Proxy + Multiple Webservers woes
Hello, I am new to squid but not new to reverse proxies. I am trying to implement a proxy that would work like this: www.example.com - server 1 example.com - server 1 dev.example.com - server 2 I have read the wiki here: wiki.squid-cache.org/SquidFaq/ReverseProxy But I cant get it to work and I am about to pull my hair out. My squid.conf looks like: http_port 80 accel defaultsite=example.com cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2 cache_peer_domain server_2 dev.example.com cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1 cache_peer_domain server_1 example.com This gives me a big fat: Access Denied So I added this to my squid.conf: --- acl our_sites dstdomain example.com dev.example.com http_access allow our_sites --- This clears the Access Denied however now all traffic goes to server_1 (the .115 addy). I have tried all sorts of cute ACLs included but not limited to delcaring ACSs for server_1 and server_2 respectively and allowing access to server_1 from server_1 sites and denying server_2 sites and vice versa. However this just gives me an Access Denied for all sites. I have also tired every example found on this issue in the Wiki. I feel like the Wiki is leaving out a key config line that is causing this not to work, but I could be wrong. I am runnig squid: Squid Cache: Version 2.7.STABLE6 configure options: '--disable-internal-dns' I hate sending such a simple question to a mailing list but I have read the squid wiki so much that I almost have it memorized as far as the ReverseProxy pages are concerned. Thanks, -KJ nullo...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: [squid-users] Reverse Proxy + Multiple Webservers woes
Hello, I am new to squid but not new to reverse proxies. I am trying to implement a proxy that would work like this: www.example.com - server 1 example.com - server 1 dev.example.com - server 2 I have read the wiki here: wiki.squid-cache.org/SquidFaq/ReverseProxy But I cant get it to work and I am about to pull my hair out. My squid.conf looks like: http_port 80 accel defaultsite=example.com cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2 cache_peer_domain server_2 dev.example.com cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1 cache_peer_domain server_1 example.com This gives me a big fat: Access Denied So I added this to my squid.conf: --- acl our_sites dstdomain example.com dev.example.com http_access allow our_sites --- Correct. This clears the Access Denied however now all traffic goes to server_1 (the .115 addy). This is because cache_peer_domain lists a set of domain suffixes, ie it has an implicit wildcard built-in to the domain pattern *.example.com / *.dev.example.com. I have tried all sorts of cute ACLs included but not limited to delcaring ACSs for server_1 and server_2 respectively and allowing access to server_1 from server_1 sites and denying server_2 sites and vice versa. However this just gives me an Access Denied for all sites. I have also tired every example found on this issue in the Wiki. I feel like the Wiki is leaving out a key config line that is causing this not to work, but I could be wrong. You can't cleanly mix the cache_peer_domain and cache_peer_access. Perhapse you were doing that. I think you want this: http_port 80 accel defaultsite=example.com cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2 acl dev dstdomain dev.example.com cache_peer_access server_2 allow dev cache_peer_access server_2 deny all http_access allow dev cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1 acl www dstdomain example.com www.example.com cache_peer_access server_1 allow www cache_peer_access server_1 deny all http_access allow www http_access deny all If you are still having problems with the above, then I think the error is elsewhere than the peering config. I am runnig squid: Squid Cache: Version 2.7.STABLE6 configure options: '--disable-internal-dns' Good idea to re-enable that. Amos
Re: [squid-users] Reverse Proxy + Multiple Webservers woes
Karol Maginnis wrote: Hello, I am new to squid but not new to reverse proxies. I am trying to implement a proxy that would work like this: www.example.com - server 1 example.com - server 1 dev.example.com - server 2 I have read the wiki here: wiki.squid-cache.org/SquidFaq/ReverseProxy But I cant get it to work and I am about to pull my hair out. My squid.conf looks like: http_port 80 accel defaultsite=example.com cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2 cache_peer_domain server_2 dev.example.com cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1 cache_peer_domain server_1 example.com This gives me a big fat: Access Denied So I added this to my squid.conf: --- acl our_sites dstdomain example.com dev.example.com http_access allow our_sites --- This clears the Access Denied however now all traffic goes to server_1 (the .115 addy). I have tried all sorts of cute ACLs included but not limited to delcaring ACSs for server_1 and server_2 respectively and allowing access to server_1 from server_1 sites and denying server_2 sites and vice versa. However this just gives me an Access Denied for all sites. I have also tired every example found on this issue in the Wiki. I feel like the Wiki is leaving out a key config line that is causing this not to work, but I could be wrong. I am runnig squid: Squid Cache: Version 2.7.STABLE6 configure options: '--disable-internal-dns' I hate sending such a simple question to a mailing list but I have read the squid wiki so much that I almost have it memorized as far as the ReverseProxy pages are concerned. I'm too new with squid to help others but I have to say that I spent 2 weeks on the very same issue. Squid 2.6 has its options which are different from the 2.7 series and the big difference comes with the 3.x series. If it helps I solved my issue with the code bellow (Squid 3.0.STABLE7) but I'm pretty sure this won't work in 2.7 ;) That (below) should work in all squid 2.6 or later. -- cut -- cache_peer 192.168.1.115 parent 80 0 no-query no-digest originserver name=iis acl sites_iis dstdomain example.net cache_peer_access iis allow sites_iis http_access allow sites_iis --- end cut -- Maybe it's just me but something doesn't feel right in the above code but it works and for the moment I'm all too tired with this squid thingie... Amos
