Re: [squid-users] Multiple site example from Amos Jeffries on 2008-11-14 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 15 Nov 2008 14:42:18 +1300

Gregori Parker wrote:
> You only need one http_port statement with one defaultsite...define
> multiple cache_peer parents, like so, and make sure you're acl's are
> straight (this is the tricky aspect of reverse-proxy imo, getting the
> security right)
>
>
> http_port 80 accel defaultsite=bananas.mysite.com vhost
> cache_peer 10.10.10.1 parent 80 0 no-query no-digest originserver
> name=mysite1
> cache_peer 10.10.10.2 parent 80 0 no-query no-digest originserver
> name=mysite2
> cache_peer 10.10.10.3 parent 80 0 no-query no-digest originserver
> name=mysite3
> cache_peer_domain mysite1 apples.mysite.com
> cache_peer_domain mysite2 oranges.mysite.com
> cache_peer_domain mysite3 bananas.mysite.com
>
> acl my_site1 dstdomain apples.mysite.com
> acl my_site2 dstdomain oranges.mysite.com
> acl my_site3 dstdomain bananas.mysite.com
> acl myaccelport port 80
>
> cache allow my_site1
> cache allow my_site2
> cache allow my_site3
>
> http_access allow my_site1 myaccelport
> http_access allow my_site2 myaccelport
> http_access allow my_site3 myaccelport
>

To keep the security straight and easy I prefer setting the ACL earlier
and re-using the exact same condition like so:

  cache_peer .... namePeerN
  acl aclname dstdomain fubar.example.com
  http_access allow aclname
  cache_peer_access peerN allow aclname
  cache_peer_access peerN deny aclname

That keeps each domain handling config separate and easily checked.
No fiddling around with ports or multiple lists of domains in simple setups.

Amos

>
> Personally, I use a load balancer to direct traffic to Squid, and have
> the hostnames redefined in /etc/hosts to get traffic to the backend
> servers
>
> Hope that helps, YMMV
>
> - Gregori
>
> -----Original Message-----
> From: Ramon Moreno [mailto:rammor1_at_gmail.com]
> Sent: Friday, November 14, 2008 1:24 PM
> To: Henrik Nordstrom
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Multiple site example
>
> Henrik,
>
> Thanks for the quick reply.
>
> So I think this answers the cache peer question.
>
> The other is what do I specify for the http_port section.
>
> Currently I only am doing acceleration for one site:
> http_port 80 accel defaultsite=bananas.mysite.com
>
> How do I configure this parameter for 3 sites while using the same
> port? I am guessing, but would it be something like this:
> http_port 80 accel defaultsite=bananas.mysite.com vhost
> http_port 80 accel defaultsite=apples.mysite.com vhost
> http_port 80 accel defaultsite=oranges.mysite.com vhost
>
>
>
>
> On Fri, Nov 14, 2008 at 1:12 PM, Henrik Nordstrom
> <henrik_at_henriknordstrom.net> wrote:
>> On fre, 2008-11-14 at 12:19 -0800, Ramon Moreno wrote:
>>
>>> I know how to accelerate for one site based on the faq, however not
>>> too sure how to do multiple.
>> It's also in the FAQ..
>>
>> Squid FAQ Reverse Proxy - Sending different requests to different
> backend web servers
> http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-7bd155a1a9919bda8
> ff10ca7d3831458866b72eb
>> Regards
>> Henrik
>>

-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
   Current Beta Squid 3.1.0.2

Received on Sat Nov 15 2008 - 01:42:25 MST

This archive was generated by hypermail 2.2.0 : Sat Nov 15 2008 - 12:00:02 MST