sön 2006-07-16 klockan 21:24 +0200 skrev gwaa:
> Hello List,
> I try to setup with SQUID3:
> HTTP[internet:80]<-->[80:NATfirewall:3128]-->[SQUID3:80]<->[80:multiples web
> servers: IN LAN]
ok.
> HTTPS[internet:443]<-->[443:NATfirewall:10443]-->[SQUID3:443]<-->[443:multiple
> web servers IN LAN]
ok, kind of... running a SSL domain based virtual host requires the use
of a wildcard certificate which most CA:s either won't give you or
charge you a ridiculous sum for..
> Just to try HTTP accelerator mode, i insert in /usr/local/squid/etc/squid.conf
>
> http_access allow our_networks
> http_access allow all
> http_port 3128 accel vhost vport=80
Should read
http_port 80 vhost defaultside=your.main.site
https_port 443 vhost defaultsite=your.main.site key=/path/to/ssl_key.pem cert=/path/to/ssl_cert.pem
> acl http proto http
> acl port3128 port 3128
Why port 3128?
> acl domains_server1 dstdomain .domaine1.com .domain2.com
ok.
> cache_peer 192.168.2.2 parent 3128 0 no-query originserver name=www-servers
Kind of.. should be one per web server, or none.. and ports and options
need to match what the server uses. 3128 does not look right..
> cache_peer_access www-servers allow domains_server1
Ok, except that it should consider if it's http or https...
> http_access allow http port3128 domains_server1
Ok, assuming the port3128 ACL gets redefined proper.
> always_direct allow domains_server1
Don't..
Or if you do that, don't define any cache_peers. But the cache_peer
based request forwarding is generally more flexible, especially if you
want to add redundancy to some web servers etc.
> But i always have this error:
> While trying to retrieve the URL: http://www.domain1.com/
> The following error was encountered:
> Access Denied.
Your current http_access rule is the culpit.. vport=80 makes the
reconstructed URLs all use port 80, while your http_access rule looks
for port 3128...
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT