On Mon, 10 Nov 2003, Robin Bowes wrote: > I run a web server on my broadband connection at home. I run NAT on my gateway > router and have a small internal network. > I currently have all my web services hosted on a single box because of the 1-2-1 > nature of NAT. > I maintain my own internal DNS service which is different to the publicly visible > DNS information (hosted at dyndns.org). > > Here's what I would like to do: > > Internet --- router --- proxy --+-- web1.robinbowes.com > (squid) | > +-- web2.robinbowes.com
This is one of the standard Squid configurations ;-) The concept is called "reverse proxy" or "HTTP accelerator". > Can squid do this? Yes. > Is there any special sort of set up I need to consider? The setup differs from that of a Internet proxy in several aspects * Access controls is based on what destinations may be reached how, not who may use the proxy. * Squid needs to be configured to run in accelerator mode See the Squid FAQ and squid.conf.default. > I also am considering implementing some sort of outgoing access control > - pah, kids! Would I be able to use the same instance of squid for this > or would I be better considering a separate instance? While this is fully possible I would recommend using two instances of Squid, one per purpose. Remember to give each a unique visible_hostname (apart from different log files, cache etc). The reason to this is that it is very easy to make a mistake in a combined configuration accidently giving the whole world rights to proxy anywhere and you surely do not want this to happen. Regards Henrik
