Re: [squid-users] httpd_accel_uses_host_header and Virtual Hosts problem

On 2001-03-13, at 12:48, Raúl Ortiz-Boyero wrote :

|Hi there,
|Sorry if somebody has posted this problem before but I have checked the FAQ
|and the searchable archive and I cannot find any relevant information
|regarding the problem I'm experiencing.
|I'm trying to use Squid Version 2.3.STABLE4 in order to accelerate several
|back-end virtual Apache-SSL webservers running on the same local machine.
|Squid is listening on port 80 and Apache runs on port 8090. My basic problem
|is that this is not working at all! All works perfectly ok when I accelerate
|one host but stops working when I activate the directive
|'httpd_accel_uses_host_header', which I understand is necessary in order to
|get the virtual hosts stuff working. I need to pass the host part of the
|HTTP header to Apache so it knows where to go to look for the DocumentRoot
|for each of the Virtual Hosts running.
|
|The main bits of my squid.conf look like this:
|
|http_port 80
|httpd_accel_host virtual
|httpd_accel_port 8090
|httpd_accel_with_proxy off on
|httpd_accel_uses_host_header on
|
|
|acl acceleratedHost dst 127.0.0.1/255.255.255.255
|acl acceleratedPort port 8090
|acl all src 0.0.0.0/0.0.0.0
|# my test PC has an IP of 192.168.0.93/255.255.255.0
|acl myNet src 192.168.0.0/255.255.0.0
|# we also don't want requests for localhost passed on to a peer
|always_direct allow acceleratedHost
|# Allow requests when they are to the accelerated machine AND to the
|# right port
|http_access allow acceleratedHost acceleratedPort
|http_access allow myNet
|http_access deny all
|
|
|The documentation mentions that you must combine
|'httpd_accel_uses_host_header' with strict source-address checks, so you
|cannot use this option to accelerate multiple backend servers (although this
|is certain to change in a later version of Squid). Does this mean that what
|I'm trying to do will never work? If so, please let me know so I can start
|evaluating other alternatives.
|

If this is a namebased virtual host (same ip)
you have to remove the
"httpd_accel_host virtual"
option.

this is only valid on ip based virtual hosts.

but you'll get the same problem as me : in some of the apache response
(redirect from /directory to /directory/, for exemple), apache will say that it
is running on the 8090 port, and netscape or lynx will try to access your site
on this port. which breaks the squid advantage, and is probably not allowed by
your firewall.

bye

xavier
Received on Tue Mar 13 2001 - 10:31:47 MST