Re: [squid-users] squid 2.6 accelerator mode from Amos Jeffries on 2009-03-09 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 10 Mar 2009 00:53:33 +1300

Pavel Georgiev wrote:
> On Mon, Mar 9, 2009 at 1:24 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>>> I'm trying to get squid to work as a reverse proxy in front of a
>>> single web server which runs domain virtualhosts:
>>>
>>> http_port in:80 vhost
>>> cache_peer out parent 80 0 originserver
>>> 'in' is my input address, 'out' is the address of of the web server.
>>>
>>> The problem that I have is that each requests takes a considerable
>>> time to process (in which time squid is trying to resolve the Host:
>>> hostname and since I dont have a dns on the squid box, resolve never
>>> succeeds). Eventually the page is served, it just waits through some
>>> timeout on every request. Adding my vhosts to /etc/hosts on the squid
>>> box solves the issue.
>>>
>>> Can I have an accelerator for a single backend server with vhosts,
>>> without the need to resolve the Host: header (or if not possible, how
>>> to effectivly workaround it, adding all vhosts to /etc/hosts is not an
>>> option)?
>> The recommended reverse-proxy accelerator setup does not require DNS in
>> any form.
>>
>> http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
>>
>> It is possible to direct "cache_peer_access blah allow all" to the web
>> server if you only have one backend and all domains go to it. Just note
>> that this removes any false-domain restrictions squid might otherwise
>> provide, and only works with a single back-end.
>>
>> Amos
>>
>
> The provided example suggest using 'http_port ... defaultsite=...'
> which ends up rewriting the Host: header in the request to the backend
> server (which would not work with vhosts),

No. defaultsite= adds a new Host: header if none was provided. Upgrading
the broken request to HTTP-compliance. Any other behavior is a bug in
your Squid.

> and as soon as I change
> that to 'http_port ... vhost' and add the 'cache_peer access ... allow
> all' l get the dns timeouts.

Ah, maybe 'all' (AKA 0.0.0.0/0) is doing the rDNS to find an IP to test
against emptiness. Sorry, I'm so used to Internet connected machines
having access to DNS its hard to think around it.

>
> So is it possible to have vhosts for a single backend server without dns?

Um, give this a try:
acl anyHost dstdomain .
cache_peer_access X allow anyHost

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.6

Received on Mon Mar 09 2009 - 11:52:58 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 10 2009 - 12:00:03 MDT