Re: [squid-users] RE: large config file issues?

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Mon, 29 Aug 2011 21:38:23 +0200

Basically the following per site:

https_port unique-ip:443 name=site_a cert=/path/to/cert.pem accel defaultsite=sitename.a
acl sites_a dstdomain sitename.a
cache_peer ip.of.web.server parent 443 0 name=server_a ssl no-query originserer
cache_peer_access server_a allos sites_a

But simplifications are possible if

* If there is wildcard certificates involved, enabling more than one
site per public ip:port defined by https_port (add vhost in such case)

* If using HTTP to the web servers terminating SSL in Squid. You can
then use host based vhosting on the web server to run many more sites
off the same ip:port which limits the number of cache_peer you need in
Squid.

* Alternatively if using wildcard certificates on the backend web
server, or ignoring certificate validation completely, enabling host
based vhosting on the backend web server while still using ssl. (using
the same protocol all the way makes some web server applications
happier)

mån 2011-08-29 klockan 11:26 -0400 skrev Daniel Alfonso:
> Any help would be largely appreciated.
>
> Need advice on what my config file should look like for 250+ Different SSL Secured Sites
>
> Thank you :)
> ________________________________________
> From: Daniel Alfonso
> Sent: Tuesday, August 23, 2011 1:51 PM
> To: squid-users_at_squid-cache.org
> Subject: large config file issues?
>
> Hello, Squid noob here...
>
> I have about 250 or so different sites that I want to setup in SSL reverse proxy mode
> I have a unique ip bound per site and the 250+ ips are responding on the interface
> I am using the following template to build my config and running into parsing issues (lines may wrap in email)
>
> "
> http_port SQUIDSERVERIP:80 accel defaultsite=www.DOMAIN
> https_port SQUIDSERVERIP:443 accel cert=/certs/DOMAIN.crt key=/certs/DOMAIN.key cafile=/certs/gd_bundle.crt defaultsite=www.DOMAIN
> cache_peer ORIGINSERVERIP parent 80 0 no-query originserver name=SITENAMEaccel
> acl SITENAMEacl dstdomain www.DOMAIN
> acl SITENAMEacl dstdomain DOMAIN
> cache_peer_access SITENAMEaccel allow SITENAMEacl
> http_access allow SITENAMEacl
> "
>
> 1 or 2 sites work ok, but at 1700+ lines full config does not work. I get random parse errors which leads me to believe I'm not building this config as efficiently as I could
>
> Any help would be greatly appreciated.
>
> Daniel Alfonso
> System Administrator
Received on Mon Aug 29 2011 - 19:38:27 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 30 2011 - 12:00:02 MDT