[squid-users] Complex reverse proxy issues

From: <jbeadles@dont-contact.us>
Date: Thu, 24 Jun 2004 07:46:49 -0500

I'm a total newbie to squid, and am having to relearn Unix for this
project. Reading through the msgs on this list, I've run into a road
block while planning my squid implementation. I have a fairly complex
problem with a reverse proxy application. I need to set up a reverse
proxy system that allows users in our network to see http servers in
other networks across the public internet. Initially this does not
seem to be so complex, and in fact I have some parts of this working.
 Details of the implementation are as follows:

Users will need reverse proxy access to many http servers, most on
port 80, some on port 8080 - Users of the system do not need
encryption (no SSL for the clients) - The origin http servers will be
on private networks across the public internet - The many, different
owners of the origin servers will insist on encrypting the traffic
between the reverse proxy and the origin http servers - The many
different owners may insist on different types of encryption (some
may accept SSL, others may require SSH or other) - It would be
preferable to give each owner their own SSL cert if required

In short, it would look like this:

user(80) <---> (squid)(80) <-- (SSL) ----------> (www1)
                               (8080) <-- (SSL) ----------> (www2)
                               (80) <-- (SSH(http)) ---> (www3)
                               (8080) <-- (SSH(http)) ---> (www4)

Currently, I have made squid work as a reverse proxy to many hosts
with some running on either port by using a perl redirector script.
But I can't see any way to accomplish this with one Squid instance.
Given that all outbound squid connections may need separate SSL certs
and some outbound connections will need SSH or other protocols, it's
looking like I will be better off just having a separate Squid
instance, each with its' own squid.conf, for each outbound
connection. I'm assuming that I would have to give each instance
its' own IP, but I can do that.

Comments, corrections? I have no idea how I would run multiple
instances of Squid on a server, each with a different squid.conf. Any
comments?
Received on Thu Jun 24 2004 - 06:43:30 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:03 MDT