Re: [squid-users] httpd_accel and caching from Henrik Nordstrom on 2003-04-29 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 29 Apr 2003 18:31:49 +0200

tis 2003-04-29 klockan 18.02 skrev David LePage:
> I am using squid-2.5.STABLE2.NT-CVS on Windows 2000 server.
>
> When I do a straight http to squid's reverse proxy, it takes about 45
> seconds for the page to load, so it seems somehow on the Apache side it is
> adding an additional minute of processing time.
>
> I tried disabling the persistant connections and sending the Cache Control
> header, and it didn't seem to make a difference. Hm. Any other ideas? The
> squid reverse proxy sits about 5 feet away on a 100MB connection to the
> Exchange/OWA server.

Sorry, I am not very familiar with using Apache as reverse proxy. I am
kind of a Squid guy..

What you can try is to only use Squid. The SSL update patch for
Squid-2.5 has support for the needed "Front-End-Https: on" header used
by OWA when there is a "SSL accelerator". (the SSL update patch includes
most of the SSL capabilities of the upcoming Squid-3.0 release).

The SSL update patch can be found from http://devel.squid-cache.org/

Configuration notes:

0. Download the Squid sources and apply the SSL update patch.

1. Set up Squid to listen for SSL requests by

configure ... --enable-ssl

https_port in squid.conf. You should be able to use the same
certificate and key as used for Apache today.

2. Set up Squid to accelerate all requests to your OWA server as a cache
peer to Squid, using the X-Front-End-Https header.

   httpd_accel_host official.internet.name.of.your.owa
   httpd_accel_port 80
   httpd_accel_uses_host_header off
   cache_peer your.owa.server parent 80 0 no-query front-end-https=on
   never_direct allow all

3. Set up access controls to only allow access to OWA

   acl owa dstdomain official.internet.name.of.your.owa
   acl port80 port 80
   http_access allow owa port80
   http_access deny all

Note: I have not tried this with OWA in Squid-2.5. Only in something
which more resembles Squid-3. If OWA complains about the request in the
above setup then you may need to use Squid-3.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Tue Apr 29 2003 - 10:31:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:35 MST