Re: [squid-users] Squid reverse with two web servers in different TCP ports from Amos Jeffries on 2010-02-16 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 17 Feb 2010 12:46:25 +1300

On Tue, 16 Feb 2010 20:02:34 -0300, "Alejandro Facultad"
<alejandro_facultad_at_yahoo.com.ar> wrote:
> Dear all, I have Squid 2.7 configured with reverse mode. I have two web
> sites:
>
> OWA (webmail): 10.2.2.1 in port 80
> Intranet: 10.2.2.2 in port 44000
>
> Squid with OWA is working perfectly, but when I add to the squid.conf
the
> lines for Intranet, the Intranet site does not respond (requests don't
> reach
> the Squid box apparently).
>
> This is my config, taking into account Squid has the IP 10.1.1.1 and
it's
> listen in port 80:
>
> http_port 10.1.1.1:80 accel defaultsite=www.owa.gb
>
> cache_peer 10.2.2.1 parent 80 0 no-query originserver login=PASS
> name=owaServer
>
> cache_peer 10.2.2.2 parent 44000 0 no-query originserver name=intRanet
>
> acl OWA dstdomain www.owa.gb
> acl Inet dstdomain www.intranet.gb
>
> cache_peer_access owaServer allow OWA
> cache_peer_access intRanet allow Inet
>

You should also prevent requests crossing over between these two peers
explicitly.

cache_peer_access owaServer deny all
cache_peer_access intRanet deny all

> never_direct allow OWA
> never_direct allow Inet
>
> http_access allow OWA
> http_access allow Inet
>
> http_access deny all
>
> miss_access allow OWA
> miss_access allow Inet
> miss_access deny all
>
> In the testing PC, both www.owa.gb and www.intranet.gb point to 10.1.1.1

> (Squid IP), and all the routing is OK.
>
> After that, I have logs from OWA access but I haven't any log from
> intranet
> access at all in the /var/log/squid/access log file.
>
> Can you tell me why Squid doesn't work with my second web site on port
> 44000
> ???

You will need to add "vhost" to the existing http_port line to handle
multiple domains now regardless of what else the fix requires.

Also check:

* Does the LAN DNS point at Squid?

* Do the LAN clients know that its now normal port 80 to access the
internal site?
You can avoid transition problems by temporarily adding:
http_port 10.1.1.1:44000 accel vhost defaultsite=www.intranet.gb

* Now that you are serving both websites do you still want www.owa.gb to
be the default one visited? (defaultsite=)

Amos
Received on Tue Feb 16 2010 - 23:46:31 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 17 2010 - 12:00:05 MST