Pavel Georgiev wrote:
> §
>
> On Mon, Mar 9, 2009 at 1:53 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> Pavel Georgiev wrote:
>>> On Mon, Mar 9, 2009 at 1:24 AM, Amos Jeffries <squid3_at_treenet.co.nz>
>>> wrote:
>>>>> I'm trying to get squid to work as a reverse proxy in front of a
>>>>> single web server which runs domain virtualhosts:
>>>>>
>>>>> http_port in:80 vhost
>>>>> cache_peer out parent 80 0 originserver
>>>>> 'in' is my input address, 'out' is the address of of the web server.
>>>>>
>>>>> The problem that I have is that each requests takes a considerable
>>>>> time to process (in which time squid is trying to resolve the Host:
>>>>> hostname and since I dont have a dns on the squid box, resolve never
>>>>> succeeds). Eventually the page is served, it just waits through some
>>>>> timeout on every request. Adding my vhosts to /etc/hosts on the squid
>>>>> box solves the issue.
>>>>>
>>>>> Can I have an accelerator for a single backend server with vhosts,
>>>>> without the need to resolve the Host: header (or if not possible, how
>>>>> to effectivly workaround it, adding all vhosts to /etc/hosts is not an
>>>>> option)?
>>>> The recommended reverse-proxy accelerator setup does not require DNS in
>>>> any form.
>>>>
>>>> http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
>>>>
>>>> It is possible to direct "cache_peer_access blah allow all" to the web
>>>> server if you only have one backend and all domains go to it. Just note
>>>> that this removes any false-domain restrictions squid might otherwise
>>>> provide, and only works with a single back-end.
>>>>
>>>> Amos
>>>>
>>> The provided example suggest using 'http_port ... defaultsite=...'
>>> which ends up rewriting the Host: header in the request to the backend
>>> server (which would not work with vhosts),
>> No. defaultsite= adds a new Host: header if none was provided. Upgrading the
>> broken request to HTTP-compliance. Any other behavior is a bug in your
>> Squid.
>>
>>> and as soon as I change
>>> that to 'http_port ... vhost' and add the 'cache_peer access ... allow
>>> all' l get the dns timeouts.
>> Ah, maybe 'all' (AKA 0.0.0.0/0) is doing the rDNS to find an IP to test
>> against emptiness. Sorry, I'm so used to Internet connected machines having
>> access to DNS its hard to think around it.
>>
>>> So is it possible to have vhosts for a single backend server without dns?
>> Um, give this a try:
>> acl anyHost dstdomain .
>> cache_peer_access X allow anyHost
>>
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
>> Current Beta Squid 3.1.0.6
>>
>
> Adding dafaultsite=... rewrites the Host: header even when a valid
> Host: header is present in the request.
> Adding vhost to the http_port still requires DNS for resolving the
> hostname from the host header and the dstdomain . workaround did not
> help. I`ll try a newer version to see if that helps. Let me know if
> you have any ather ideas how to make this work as I`d rather stick
> with the current version that comes with the distro.
Oh well. You will have to leave the http_port at the one that works for
you then.
As for the dstdomain. I've strted thinking again and recalled why I use
'all' in DNS-free configs:
in squid.conf it refers to "acl all src all" ==> *src*. The IP told to
squid by the OS when a client connects. You have not redefined it to
'dst' type have you? 'dst' requires DNS, 'src' does not.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6Received on Tue Mar 10 2009 - 17:49:16 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 10 2009 - 12:00:03 MDT