[squid-users] Squid round-robin to 2 Apache's from PARAM KRISH on 2013-02-04 (squid-users)

From: PARAM KRISH <mkparam_at_gmail.com>
Date: Mon, 4 Feb 2013 12:52:35 +0530

Hello Squid Users

I am in need of some help. I believe this must have been done by some
already but i could not just get the right document to understand
well.

Setup :

Squid v3.2.3 on a RHEL 6 64-bit VM (say server1)
Apache's 2.2.15 on RHEL6 64-bit VM's (running in server1 and in server2).

Requirement:

1. All http traffic should automatically redirect to https without a
change in the url (except http -> https )
2. I have two URL's A.B.C.D and A.C.D both pointing to the server1 IP
must work well.
3. When Apache in server1 dies, all traffic should work well with
Apache in server2. All traffic must use Squid for
ReverseProxy/Cacheing

What i have done so far ?

1. Apache V-hosts (8080 & 443 ) : 8080 V-hosts does RewriteRule to https
2. Squid listens in 80 and 3123 (for ssl) having these entries in its config.

https_port 3128 accel cert=/usr/local/apache2/conf/folder/certnew.cer
key=/usr/local/apache2/conf/folder/a.b.c.d.key defaultsite=a.b.c.d
vhost

http_port 80 accel defaultsite=a.b.c.d vhost

cache_peer server1.b.c.d parent 8080 0 originserver round-robin
cache_peer server2.b.c.d parent 8080 0 originserver round-robin

What i understand is, requests coming to Port 80 (Squid) forwarded to
either of Apache's 8080 where it gets rewritten to 443, processed.

This works well when both Apache's are running fine. When i bring down
Apache1, It breaks. Apache2 up/down does not make a difference as i
noticed though they are effectively used when both in running state as
i noticed from their logs. So it looks like they do effective
load-balancing in normal state, but cant take Apache1 from its
critical path.

Can you guys help me understand how i set this up ? I'm not sure the
http->https redirect must be done by Apache or the Squid or using any
redirector.pl within Squid. Which works best/faster ?

Any help or reference doc / config would be much appreciated. I dont
have a requirement for people directly coming to server1 or server2 to
either of its 8080/443 ports. All traffic to be routed through the
domain url's "a.b.c.d" or "a.c.d" ONLY.

Thanks a lot.
Received on Mon Feb 04 2013 - 07:22:42 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 05 2013 - 12:00:03 MST