I want to set up a squid3 accelerator to act as a bandwidth extender for
multiple virtual websites on multiple hosts on multiple networks.
[browsers]<-->[Internet]<-->[1-accel-2]<-->[nat]<-->[routing]<-->[private
wans]<-->[networks]<-->[origin hosts]<-->[Internet]
As the origin hosts are also accessible directly from the Internet, nat
forces the query response to return over the private wans instead of the
Internet. This will also have firewalls at appropriate points.
The origin hosts are a mixture of physical hosts (fqdns/ip) and both name
based and ip based virtual hosts.
I have had all of this working in a test environment except for setting up
the virtual hosts in Squid3 (3.0-PRE2-20030730). I don't quite understand
the configuration file, I think. Here is the way that I read it:
# define listening ports
#-----------------------
http_port ifc1.ip:80 ; listen for queries on outside interace
https_port ifc1.ip:443 cert=path-to-server.crt key=path-to-server.key
defaultsite=www.accelhost.tld protocol=http ; listen for ssl queries on
outside interface
# define origin servers
#----------------------
cache_peer origin-host1-ip parent 80 0 no-query originserver
name=www.originhost1domain.tld ; virtual name-based host
cache_peer origin-host1-ip parent 80 0 no-query originserver
name=www.originhost2domain.tld ; virtual name-based host
# possibly use forceddomain=wwwvh.originhost2domain.tld?
cache_peer origin-host3-ip parent 80 0 no-query originserver
name=www.originhost3domain.tld ; physical or ip-based virtual host
# set up restricted originserver access
# -------------------------------------
acl http proto http
cache_peer_access www.originhost1domain.tld allow http
cache_peer_access www.originhost2domain.tld allow http
cache_peer_access www.originhost3domain.tld allow http
never_direct allow all
#
And, how I think it works:
1. Queries arrive at accel due to dns or dns-round-robin,
www.originhost1domain.tld IN A ifc1.ip
2. Squid maps www.originhost1domain.tld to origin-host1-ip and forwards
query to origin-host1-ip with Host Header set to www.originhost1domain.tld
The originserver will then respond if:
a. It is a physical server located at origin-host1-ip
b. It is an ip-based virtual host with origin-host1-ip
c. It is a name-based virtual host with name www.originhost1domain.tld
located at origin-host1-ip
Presumably the forceddomain option to cache_peer could be used to map from
www.originhost1domain.tld to wwwvh.originhost1domain.tld, if required.
Do I have a correct understanding? Are there any other directives required
that I have missed? Do you see any pitfalls? Any help, warnings or tips
would be much appreciated.
Thanks.
-- Jim Flowers<jflowers@ezo.net>Received on Thu Aug 07 2003 - 08:42:51 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:45 MST