[squid-users] Squid ghost image

Not really a squid question persay...

Any recommendations for ghosting a configured server? We are building 6
squid servers and it would be much simpler to ghost the first one and use
that image for the rest. We use a ghost program for our windows servers but
the last time I tried that on linux it wanted to make an image the same size
of the harddrive due to something about it not recognizing unused file
space. We'd be using this ghost image as disaster recovery too, if one of
the boxes failed.

Thanks in advance

Chris Perreault
Webmaster/MCSE

-----Original Message-----
From: Adam Aube [mailto:aaube01@baker.edu]
Sent: Wednesday, July 14, 2004 11:40 AM
To: squid-users@squid-cache.org
Subject: [squid-users] RE: Re: Encrypted traffic with proxy server?

Chris Perreault wrote:

> We've set up a reverse proxy with the --enable-ssl option. Our back
> end webservers are http on port 80. Squid only accepts traffic from
> port 443. The browsers are connecting to the proxy (run in
> accelerator/reverse proxy
> mode) All traffic between internet users and the proxy are ssl. From the
> proxy to our web servers are not ssl.
>
> A proxy is not the same as a reverse proxy, although it is close. One
> solution would be to have 2 squid boxes in a server room, where the
> only sniffing that could be done would have to be done within the
> server room. Configure one has a reverse proxy, sending all traffic to
> the normal proxy.
>
> Student PC --> ssl connection--> squid as reverse proxy in server room
> --> port 80 -->squid as proxy in server room --> internet webservers

Ugh - that's a mess. If you have to use Squid in accelerator mode to get SSL
support (which may be the case with Squid 2.5 - I know it's not with Squid
3), then it would be better just to run an instance of Stunnel (or similar)
on the server, then have it forward requests to Squid over loopback.

Client Browser -> Client Stunnel -> Server Stunnel -> Squid

Adam
Received on Fri Jul 16 2004 - 08:16:20 MDT