On 11/01/11 12:27, Colin Coe wrote:
> On Sat, Jan 8, 2011 at 8:40 AM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
>> On 29/12/10 15:45, Colin Coe wrote:
>>>
>>> Hi all
>>>
>>> I'm currently redesigning an environment I've inherited. The
>>> environment consists of two main sites with limited replication. Each
>>> site is effectively a replica of the other.
>>>
>>> The environment was built with four proxy servers at each site (so
>>> eight in total) with 2 being forwarding proxies and two being reverse
>>> proxies. I'd like to consolidate these into either a single proxy or
>>> a HA cluster of two proxies at each site, I'm still deciding. The
>>> current platform is RHEL5 (squid 2.6), the new platform will likely be
>>> RHEL6 (squid 3.1.4).
>>>
>>> My squid fu is weak and as both reverse proxies have
>>>
>>> https_port 80 defaultsite=server1.company.com
>>> key=/etc/ssl/server1.company.com.key
>>> cert=/etc/ssl/server1.company.com.crt protocol=http
>>> https_port 443 defaultsite=server1.company.com
>>> key=/etc/ssl/server1.company.com.key
>>> cert=/etc/ssl/server1.company.com.crt protocol=https
>>>
>>> and
>>>
>>> http_port 80 defaultsite=server2.company.com
>>> https_port 443 defaultsite=server2.company.com
>>> key=/etc/ssl/server2.company.com.key
>>> cert=/etc/ssl/server2.company.com.crt protocol=http
>>>
>>> I've no idea if the consolidation is possible or not.
>>>
>>> I've searched the archive and googled but not seen anything to tell me
>>> if I can do this.
>>>
>>> Any ideas?
>>
>> At a minimum add the "accel vhost" options to those http_port and check the
>> rest of the config logics are based on dstdomain.
>> http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting
>>
>> Whether they are combinable after that will depend on the client software
>> visitig. If they are HTTP/1.1 compliant enough to send Host: header you can
>> (most do).
>>
>> The forward-proxy can be merged in easily (with squid-2.6 or later) as long
>> as care is taken to place the forward-proxy config later in the config file
>> than the reverse-proxy config. The difference may be that the forward proxy
>> traffic reduces the caching efficiency overall which the reverse-proxy sees.
>>
>
> I won't be in a position to start testing for at least a few weeks but
> could you clarify if the 'vhost' setting is still required for the
> reverse proxying even if the two sites to be reverse proxied are on
> physically different hosts?
vhost makes Squid use the request Host: header for its decisions on
where to send the request. So to combine the proxies into one Squid you
will need vhost to separate the accel requests to those two backends.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4Received on Tue Jan 11 2011 - 00:54:07 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 11 2011 - 12:00:04 MST