Re: [squid-users] Need help with Squid reverse proxy with mirrored parents please! from Amos Jeffries on 2013-03-27 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 28 Mar 2013 12:59:41 +1300

On 28/03/2013 12:28 p.m., Alex Stahl wrote:
> Hiya Squid Users - So I'm trying to configure Squid as a reverse
> proxy, listening on port 80, in front of two web servers. One web
> server runs on the localhost and listens on port 81 and contains a
> subset of all website content. Then the second web server is a remote
> box, listening on port 80, with a full set of all content.
>
> What I'd like Squid to do is act as a single front-end for these
> servers. A request comes in, and if it's a cache miss, it should
> first ask the localhost web server if it can satisfy the request. If
> so, it serves it up. If not, it should forward it on to the second
> web server.

Which squid vesion? the presence or absence of vhost settings depends on it.

> Following the guide here:
> http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers,
> I've come up with the following config:
>
> http_port 80 accel defaultsite=localhost

Problem #1 Use the public FQDN name in defaultsite=.
The above config will make some URLs handled by Squid all be
http://localhost/... which is NOT a good thing when those URLs are sent
out to the client.

> cache_peer localhost parent 81 0 originserver name=local
> cache_peer example.com parent 80 0 originserver name=remote
> acl request dstdomain localhost
> cache_peer_access local allow request
> cache_peer_access remote allow request
>
> (I have other ACLs unrelated to this config, such as allowing http
> requests on port 80).
>
> The problem I run into is that a miss on the localhost web server (an
> HTTP 404) isn't properly forwarded on to the remote server - squid
> only ever tries a single parent. If I remove the localhost peer, the
> request is properly forwarded, and I get back the expected HTTP 200.
>
> What am I missing in my config to make it do that?

404 means "does not exist". How is Squid to know that the localhost peer
was lying and some other peer does have the object?

* Fix the "defaultsite=localhost" problem
* Add "vhost" to your http_port line to make Squid aware of what domains
requests are for.
* alter your "request" ACL into different ACLs which match against
requests destined to each server. Such that only the server where the
request can come from is contacted.

Amos
Received on Wed Mar 27 2013 - 23:59:48 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 28 2013 - 12:00:08 MDT