Re: AW: [squid-users] reverse-proxy for multiple domains from Henrik Nordstrom on 2004-02-26 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 26 Feb 2004 13:56:31 +0100 (CET)

On Thu, 26 Feb 2004 martin.mueller@stadt.wolfsburg.de wrote:

> Why httpd_accel_port 0?
>
> cause i read it somewhere i don't remember anymore. i thought the port must
> be zero in connection with the virtual httpd_accel_host.

Enabling httpd_accel_port virtual mode enables port-based virtual hosts.

> do i have to change it to the port of the web-server?

This is required.

These directives control how Squid reconstructs the complete requested URL
on accelerated requests

httpd_accel_uses_host_header tells Squid to use the Host header of the
request if available.

httpd_accel_host tells what host name to use if
httpd_accel_uses_host_header is not enabled or if the request does not
have a Host header.

httpd_accel_port tells what port to use in the reconstructed url. If 0
then the port number of the http_port will be used.

So if you have

http_accel_host virtual
http_accel_port 0
http_accel_uses_host_header off (or request without Host header)

http_port 1.2.3.4:8888

then the URL as seen by Squid will become

http://1.2.3.4:8888/path/to/file

and this is the URL Squid will try to retreive, which most likely is not
what you want unless you are using a redirector to fix up this URL into
something which makes sense.

The recommended accelerator setup for Squid-2.5 is

# Host to assume if there is no Host header
httpd_accel_host your.main.domain.name

# Normal web port
httpd_accel_port 80

# Domain based virtual host support
httpd_accel_uses_host_header on

# Required for RFC compliance
httpd_accel_with_proxy on

Then add the accelerated hostnames to /etc/hosts with the addresses of the
real web servers, and configure Squid access controls to limit what may be
accessed

# Base ACLs
acl all src 0.0.0.0/0
acl port80 port 80
acl http proto http

# Give access only to our accelerated servers
acl ourwebsites dstdomain accelerated.web.name other.accelerated.web.name
http_access allow http port80 ourwebsites

# Deny all other uses
http_access deny all

For Squid-3 the setup is a little different, but Squid-3.0 is not yet
released so more on that later.

Regards
Henrik
Received on Thu Feb 26 2004 - 05:56:35 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST