AW: AW: AW: [squid-users] reverse-proxy for multiple domains

From: <>
Date: Fri, 27 Feb 2004 10:44:15 +0100

i guess the requested URL is my problem too. let's say the user should use to get to the calendar-server (port 81) and to
get to the mail-server (port 80).

would the configuration look like this:

build squid with ./configure --disable-internal-dns

http_port 80
http_port 81

http_access allow all # to make it short and simple for this example

httpd_accel_host XXXXXXXXXXXXX # what here? the
httpd_accel_port 0
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

/etc/hosts # at the reverse proxy server

as i sad, the requested URL is my problem. i don't know wich URL i have to
request from a client und by which criteria the reverse-proxy desides which
web-server to use.
does the hosts entries must also be mad on the clients, so they don't ask
the general DNS-server what ip is behind


> -----Ursprüngliche Nachricht-----
> Von: Henrik Nordstrom []
> Gesendet: Donnerstag, 26. Februar 2004 21:50
> An: Tim Neto
> Cc: Henrik Nordstrom;;
> Betreff: Re: AW: AW: [squid-users] reverse-proxy for multiple domains
> On Thu, 26 Feb 2004, Tim Neto wrote:
> > 1 Squid firewall machine.   Internet:  
> Intranet:
> >     2 Internal Web Servers.
> >              E-Mail server:
> >              Calendar server:
> What I am missing from this is how you want the two servers
> to look like
> to the users of the reverse proxy. What URLs should the users
> request to
> end up in the respective server?
> > I can if need be re-align the Calendar server to port 80, but...
> If you want users to externally request the Calendar server
> as if it ran
> on port 80 you should re-align it to actually run on port 80.
> The use of port 81 for public web servers is not recommended.
> Public web
> servers should run on port 80 for http:// or 443 for
https://, nothing

The use of different ports in the public URL than what the actual server
runs on is also not recommended, as this often causes problems where the
internal port leaks out to the browsers, often as part of plain normal

> So far I have tried the virtual
>                httpd_accel_host virtual

this is not what you want to use, as explained earlier. You only want this
directive if you want to provide IP based accelerator setups, and the use
of this directive absolutely REQUIRES a redirector helper to fix up the
URLs accordingly.

In all other accelerator setups httpd_accel_host SHOULD be set to your
main domain name to support prehistoric HTTP/1.0 clients not sending Host

>                httpd_accel_port 80

ok, but you must then use a redirector to rewrite the port to 81 on
requests for the calendar server.

The other alternative is to use two http_port directives and virtual
accelerator port

http_port 80
http_port 81
httpd_accel_port 0

this will use whatever http_port the request was accepted on as port
number in the requested URL.

>                httpd_accel_single_host off
>                httpd_accel_with_proxy on
>                httpd_accel_uses_host_header on


Received on Fri Feb 27 2004 - 02:44:28 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST