ons 2002-11-20 klockan 18.01 skrev Matt Kehler:
> - configure Squid to act as http accelerator to TWO websites in our
> DMZ. One is http only, the other is http AND https
Do these web sites need to be full IP based websites, or can they be
Host: header based virtual domains?
> - keep Squid as our http proxy for all users.
>
> This SEEMS simple..but I don't have a test box right now. First of
> all..I believe I need to have ' httpd_accel_with_proxy on ' ..so Squid
> will act as a proxy AND a accelerator. Correct?
Correct. Generally recommended anyway for HTTP compliance.
The only issue to look out for is to set up your http_access rules
properly to not allow the world to use your server as proxy, but still
be able to use it as accelerator for your accelerated servers.
> httpd_accel_host www.mydomain.com
>
> and thats it? I assume I do not need to add httpd_accel_port 80 as it
> is default.
Yes, and make suer that www.mydomain.com is known to Squid with the IP
address of your real server.
> Then..to add another to http://webaccess.mydomain.com and
> https://webaccess.mydomain.com , I simply add another line as
>
> httpd_accel_host webaccess.mydomain.com
Unfortunately this is not as simple, but if you can accept Host: based
virtual servers then adding
httpd_accel_uses_host_header on
will do the trick.
> And since now I am accelerating port 80 AND 443...how do I do this? or
> just add
>
> httpd_accel_port 0
For SSL acceleration you will need Squid-2.5 compiled with SSL support,
and your backend server needs to be accepting requests using HTTP.
Squid will manage the SSL encryption/decryption.
Regards
Henrik
Received on Thu Nov 21 2002 - 09:21:04 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:20 MST