On Friday 10 August 2018 at 16:26:31, erdosain9 wrote: > > php.mydomain.lan 192.168.1.223 > > ticket.mydomain.lan 192.168.1.246 > > > >.. and clients never connect to the above directly. So these domains are > >never to be accessed by users/clients. > > The client can connect directly from the domain. (i mean they can connect > directly in work, but i want to do this (proxy reverse, for when they are > at home...) I dont public yet nothing of this, im trying to do it first > inside my network.
Ah, it might have been helpful for you to mention that in the first place. > >If (as I suspect) the above statements are not true, then your naming is > >the first thing that is wrong. > > Why? Because the name the clients connect to myst resolve to the IP address of Squid, for it work as a reverse proxy. > >The domain name(s) which your clients access should point to the proxy. > >There can be multiple. > > I dont get this. If name.domain.lan points to 10.20.30.40, then a client browser requesting http://name.domain.lan will start talking to machine 10.20.30.40 If you want that to be the real server, that's fine. If you want that machine to be squid acting as a reverse proxy, that's fine too. The point is that the IP address must point to the machine you want the client to connect to. > >Right now your ticket_acl and php_acl are exactly the same. So they are > >telling Squid that both peers are providing identical content (ie both > >are authoritative for anything inside *.mydomain.lan). The first of the > >available peers will be used, unless it starts to overload then the > >second will start receiving the traffic. > > > > > >To send traffic to one of the peers and not the other you need some way > >to distinguish between them. > > > >Normally you would have the ticket.* and php.* domain names both > >pointing at Squid (192.168.1.21) so your ACLs can check for and use the > >domain name to identify which peer is supposed to receive it. > > I create two entries pointing to squid in DNS now. > site1.mydomain.lan > site2.mydomain.lan So, both of those resolve to 192.168.1.21, right? > > The config example you want to follow is > > https://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers > > I read that... but i dont get what im doing wrong. You want to follow the section: Switching on Domains Using cache_peer_access: cache_peer ip.of.server1 parent 80 0 no-query originserver name=server_1 acl sites_server_1 dstdomain www.example.com example.com cache_peer_access server_1 allow sites_server_1 > this is the config now. > > http_port 192.168.1.21:80 accel vhost > > cache_peer 192.168.1.246 parent 80 0 proxy-only name=site1 > cache_peer 192.168.1.223 parent 80 0 proxy-only name=site2 You are missing "originserver" at the very least. Otherwise Squid expects to find another proxy at the IP address. > acl soporte_acl dstdomain ticket.MYDOMAIN.lan > http_access allow soporte_acl > cache_peer_access site1 allow soporte_acl > > acl phplists_acl dstdomain php.MYDOMAIN.lan > http_access allow phplists_acl > cache_peer_access site2 allow phplists_acl > > ------------------------------------------------------------ > > But, i get this error > > " Unable to forward this request at this time." ...when you requested what as a URL? > 1533911112.071 1 192.168.6.20 TCP_MISS/500 4605 GET > http://site1.MYDOMAIN.lan/ - HIER_NONE/- text/html Looks like you entered "site1.mydomain.lan" into your browser. Try "ticket.mydomain.lan" (after correcting the above config problems) instead. > 1533911112.193 0 192.168.6.20 TCP_MEM_HIT_ABORTED/200 4274 GET > http://reverse.MYDOMAIN.lan/squid-internal-static/icons/SN.png - > HIER_NONE/- image/png > 1533911124.117 0 192.168.6.20 TCP_MISS/500 4605 GET > http://site2.MYDOMAIN.lan/ - HIER_NONE/- text/html > 1533911124.217 0 192.168.6.20 TCP_MEM_HIT_ABORTED/200 4274 GET > http://reverse.MYDOMAIN.lan/squid-internal-static/icons/SN.png - > HIER_NONE/- image/png Antony. -- Salad is what food eats. Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list firstname.lastname@example.org http://lists.squid-cache.org/listinfo/squid-users