Re: [squid-users] Q: http accel from Matt Kehler on 2002-11-20 (squid-users)

From: Matt Kehler <mkehler@dont-contact.us>
Date: Wed, 20 Nov 2002 14:14:45 -0600

Thank-you Henrik. The sites CAN be header based virtual domains
AFAIK...does this change the squid config at all? Also..what order does
Squid resolve DNS names in? Does it look to /etc/hosts first...I didn't
think it did?

Either way..this may be a problem due to the fact that SSL requires
Squid 2.5x to do what we want. Our policy is to install boxes as per
defaults..ie, we use the Squid that Redhat 7.3 installs..and only use
Redhats up2date feature to upgrade. This way we can have multiple
people admin the same box..and the amount of documenation is greatly
decreased as it is all Redhat defaults. Anyways..I'll try it without
the SSL for now..

thanks
Matt

>>> Henrik Nordstrom <hno@squid-cache.org> 11/20/02 12:34PM >>>
ons 2002-11-20 klockan 18.01 skrev Matt Kehler:

> - configure Squid to act as http accelerator to TWO websites in our
> DMZ. One is http only, the other is http AND https

Do these web sites need to be full IP based websites, or can they be
Host: header based virtual domains?

> - keep Squid as our http proxy for all users.
>
> This SEEMS simple..but I don't have a test box right now. First of
> all..I believe I need to have ' httpd_accel_with_proxy on ' ..so
Squid
> will act as a proxy AND a accelerator. Correct?

Correct. Generally recommended anyway for HTTP compliance.

The only issue to look out for is to set up your http_access rules
properly to not allow the world to use your server as proxy, but still
be able to use it as accelerator for your accelerated servers.

> httpd_accel_host www.mydomain.com
>
> and thats it? I assume I do not need to add httpd_accel_port 80 as
it
> is default.

Yes, and make suer that www.mydomain.com is known to Squid with the IP
address of your real server.

> Then..to add another to http://webaccess.mydomain.com and
> https://webaccess.mydomain.com , I simply add another line as
>
> httpd_accel_host webaccess.mydomain.com

Unfortunately this is not as simple, but if you can accept Host: based
virtual servers then adding

httpd_accel_uses_host_header on

will do the trick.

> And since now I am accelerating port 80 AND 443...how do I do this?
or
> just add
>
> httpd_accel_port 0

For SSL acceleration you will need Squid-2.5 compiled with SSL
support,
and your backend server needs to be accepting requests using HTTP.

Squid will manage the SSL encryption/decryption.

Regards
Henrik
Received on Thu Nov 21 2002 - 09:29:54 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:21 MST