Re: [squid-users] DNS-based reverse proxy peer selection, 2.5 vs 2.6

From: Amos Jeffries <squid3@dont-contact.us>
Date: Tue, 19 Feb 2008 10:55:24 +1300 (NZDT)

> Hi there,
>
> I'm trying to upgrade our reverse proxy setup from 2.5 to 2.6, and
> understand that the relevant config words have changed, but I'm not sure
> how to emulate our current setup.
>
> In the 2.5 config,
> httpd_accel_host virtual
> and possibly also
> httpd_accel_single_host off
> httpd_accel_uses_host_header on
> mean that web servers are chosen from our internal DNS, without needing
> to be hardcoded as cache_peer lines in the squid.conf, let alone
> cache_peer_access/cache_peer_domain for each vhost (we have dozens).
>
> Is there a way to do this in 2.6?

Yes, with a little trickery in DNS. You need to use DNS-views so that the
public see squid as being an A/AAAA for the domain and squid does not. If
squid ever find itself as a source server for any of the domains its
accelerating you get a forwarding-loop.

Other than that catch; configure squid as a normal 2.6 accelerator with
vhost and defaultsite on the http_port line, omit any cache_peer_*
settings, and set as an open-proxy for the domains you are providing.
An external acl helper may be needed to accurately limit the open-proxy
behaviour to just the hosted domains.

Amos
Received on Mon Feb 18 2008 - 14:55:27 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST