On Thu, 2 Sep 2004, R. Benjamin Kessler wrote:
I'd like to have something like the following:
public site1 xx.yy.133.201 public site2 xx.yy.133.202 public site3 xx.yy.133.203
all serviced by proxy1
internal site1 192.168.133.201 internal site2 192.168.133.202 internal site3 192.168.133.203
Do I have to run three different instances of squid to do this?
No, but you you need one https_port specification per certificate, each bound to their public IP.
If they're all xxx.foo.com can I use a singel "wild card" SSL certificate?
Then you can run them all on a single public IP address.
squid.conf:
https_port ... https_port ... https_port ...
httpd_accel_host your.primary.website httpd_accel_port 80 httpd_accel_with_proxy on
acl port80 port 80
never_direct allow all
cache_peer server1 parent 80 0 no-query acl site1 dstdomain www.site1.com http_access allow site1 port80 cache_peer_access server1 allow site1
cache_peer server2 parent 80 0 no-query acl site2 dstdomain www.site2.com http_access allow site2 port80 cache_peer_access server2 allow site2
[etc].
Alternatively you can take out the cache_peer, cahce_peer_access and never_direct lines and place the IP addresses of the web server for each accelerated web server into /etc/hosts.
Regards Henrik
