Re: [squid-users] multiple ssl sites reverse proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 29 Nov 2011 11:22:12 +1300

 On Mon, 28 Nov 2011 14:51:17 -0500, Daniel Alfonso wrote:
> Any suggestions as to what my config should have in addition to
> below? Single squid server caching/offloading SSL for a single origin
> webserver. Sites on origin server using name based hosting on the IP
> X.X.X.100
>
> Each site uses a unique IP for http(s)
>
> #Config
> https_port X.X.X.1:443 accel cert=/certs/ domain1.crt key=/certs/
> domain1.key cafile=/certs/cacert.crt defaultsite=www.domain1.com
> http_port X.X.X.1:80 accel defaultsite=www.domain1.com
> https_port X.X.X.2:443 accel cert=/certs/ domain2.crt key=/certs/
> domain2.key cafile=/certs/cacert.crt defaultsite=www.domain2.com
> http_port X.X.X.2:80 accel defaultsite=www.domain2.com
> https_port X.X.X.3:443 accel cert=/certs/ domain3.crt key=/certs/
> domain3.key cafile=/certs/cacert.crt defaultsite=www.domain3.com
> http_port X.X.X.3:80 accel defaultsite=www.domain3.com
> cache_peer X.X.X.100 parent 80 0 no-query originserver name=origin
> cache_peer_access origin allow all
> http_access allow all
>
> Thanks for any suggestions/insight.

 Some restrictions on what domains are allowed to DoS, er get passed to,
 the backend server.

   acl localDomains dstdomain www.domain1.com www.domain2.com
 www.domain3.com
   cache_peer_access origin allow localDomains
   cache_peer_access origin deny all
   http_access allow localDomains
   http_access deny all

 And a port for Squid management with the usual ACL controls over what
 can access there.

 Amos
Received on Mon Nov 28 2011 - 22:22:17 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 29 2011 - 12:00:03 MST