Re: Virtual hosts problems

Toby Chamberlain wrote:
>
> Hi there,
>
> I'm trying to set up Squid as an accelerating proxy for a web server
> behind a firewall using virtual hosts, but I keep getting "WARNING:
> Forwarding loop... for 'www.company.com.au' -> proxy.company.com.au

There are many ways you may use when setting up a accelerator for
virtual hosts. The key issue is that Squid needs to use a unique host
name for each site as the objects are cached with the URL as key.

The simple acceleration setup using httpd_accel_host only works if you
have a single server with a single site.

If you have virtual servers based on Host: headers (sharing one IP
address) then you need to enable httpd_accel_uses_host_header, and
things get a little more complicated (but certainly doable).

If you want to accelerate multiple servers with multiple official IP
addresses to support old browsers not sending Host: headers then your
Squid server needs as many IP addresses.

***** Single server, single site *********

httpd_accel_host backend-server.your.domain
httpd_accel_port 80
httpd_accel_uses_host_header off

***** Single server, multiple sites *******

a) Use /etc/hosts to tell Squid how to reach the backend server

/etc/hosts:
10.1.0.1 www.your.domain virtual1.domain virtual2.domain virtual3.domain
...

squid.conf:
httpd_accel_host www.your.domain
httpd_accel_uses_host_header on

b) Use special DNS names, and a redirector that redirects from the
official name to the backend server name. You need one backend name for
each frontend name, so if your server has 10 virtual domains then you
need 10 backend names. The backend server should be configured with the
official name as server name, even thought the address is different.

A simple DNS sheme is to use a special domain like backend.your.domain,
and map the backend addresses of your accelerated domains in this
domain.
www.your.domain.backend.your.domain. IN A 10.1.0.1
virtual1.domain.backend.your.domain. IN A 10.1.0.1
virtual2.domain.backend.your.domain. IN A 10.1.0.1
and so on.

and use a redirector that adds backend.your.domain to every hostname in
the URLs.

squid.conf:

redirect_program /usr/local/squid/backend-redirect.pl
redirect_rewrites_host_header off
httpd_accel_host www.your.domain
httpd_accel_uses_host_header on

backend-redirect.pl:

#!/usr/bin/perl -p
s%http://([^/\s]+)%http://\1.backend.your.domain%;

Note that httpd_accel_host here does not really tell the address of the
backend server, it merely tells which the primary domain is (the server
old browsers not sending Host: headers see).

****** Multiple backend servers, no support for old browsers *****

Like above, but different addresses in the backend domain.

**** Support for old browsers reaching more than one domain (one or more
backend servers) *****

Requires you to set up multiple IP addresses on the Squid box, one for
each domain that old browser must be able to reach.

squid.conf:

redirect_program /usr/local/squid/backend-virtual-redirect.pl
redirect_rewrites_host_header off
httpd_accel_host virutal
httpd_accel_uses_host_header on

backend-virtual-redirect.pl

#!/usr/bin/perl -p
s%http://1.2.3.4%http://www.your.domain%;
s%http://1.2.3.5%http://another.domain%;
s%httpd://1.3.4.6%http://third.domain%;
s%http://([^/\s]+)%http://\1.backend.your.domain%;

Or you could use the backend-redirect.pl redirector, and map the IP
addresses as well in the backend domain.

1.2.3.4.backend.your.domain. IN A 10.1.0.1
....

---
Henrik Nordstrom
Spare time Squid hacker