Anton Melser wrote:
>
> Thanks Chris, I definitely changed the port (the live sites, which I
> put in my hosts file so not to cause too much trouble...), and could
> access with no problems the non localhost sites. I tried both setting
> a hostname and a ip with the ports
Using an IP will be more explicit, and therefore is what I would
recommend. Use the hostname for the defaultsite argument to http_port.
> - no luck, and had apache2
> listening on 127.0.0.7:80 and *.81.
> I had a very long look at the article mentioned (and you need the
> right keywords to get to it!) but doing both local and distant reverse
> proxying wasn't mentioned.
But should just be a matter of putting two of the FAQs ((5 and 6) or (9
and 6)*) together.
Assuming:
* The external IP of the Squid server is 4.5.6.
* Local apache is listening on 127.0.0.7:80 (and possibly *:81) and is
hosting local.my.domain
* The remote host's IP is 1.2.3.4 and is hosting remote.my.domain
the following should do what you want...
# Define the HTTP port
http_port 4.5.6.7:80 accel defaultsite=local.my.domain
# Specify the local and remote peers
cache_peer 127.0.0.7 parent 80 0 no-query originserver name=local
cache_peer 1.2.3.4 parent 80 0 no-query originserver name=remote
#Define ACLs to direct traffic to the correct servers
# Local
acl sites_local dstdomain local.my.domain
cache_peer_access local allow sites_local
# Remote
acl sites_remote dstdomain remote.my.domain
cache_peer_access remote allow sites_remote
# Make sure that access to your accelerated sites is allowed
acl mysites dstdomain .my.domain
http_access allow mysites
# Deny everything else
http_access deny all
> I followed the instructions on that page for one of my attempts (with
> both squid and apache listening on 80 but one localhost and one
> external) but alas exactly the same results.
A forwarding loop? That would indicate to me that your cache_peer line
was not adjusted to reflect the originserver listening on localhost. No
forwarding loop, but an access denied? Check your ACLs in Apache, and
make sure that localhost can access pages. Otherwise verify you have
not uncommented the http_access deny to_localhost line in your
squid.conf. It's present and commented by default.
> I have seen in various places about compiling without internal dns but
> the vast bulk of the literature is on <=2.5, and 2.6 seems pretty
> different (particularly for http acceleration), and I didn't know
> whether this was desirable or necessary.
In a forwarding setup, where you are setting your cache_peers by IP, it
should be mostly* irrelevant. In a normal proxy setup, you probably
don't want to disable the internal DNS.
> Anyway, I will try a couple
> of things with /etc/hosts, and a few things, but I think it may be due
> to some resolution issues.
Again, given the setup above (all peers are designated using IP
addresses) DNS has a negligible effect on an acceleration setup.
> Thanks for your input,
> Anton
Chris
* If someone surfs to your site by IP, a dstdomain ACL will try a
reverse DNS lookup.
Received on Wed May 16 2007 - 16:43:35 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT