I would second this. The default config files can require proxy auth for
the source address (i.e. subnet). This would make it easier for newbs
(like me) to get started as well as helping illustrate how to make it
secure.
Having a recipe book (with samples) does not make it any less secure
than it is today, but sure does make it more approachable to get started.
My 2 cents,
- Jim
On 12/20/09 9:40 PM, John Scharber wrote:
Fully understand, however I still think the comments are valid. A user
should be able to get TS installed an running in a useful configuration with
minimal fuss or knowledge, just Apache HTTPD. In my case, being new to TS
but not proxies or web servers administration or development I took the time
to read the docs build the code and expect that after following some minimal
number of steps have a typical configuration running. So I think from my
experience there could be a couple of tasks added to the project:
1) Define what would be a typical installation or possible provide multiple
sample configuration for different uses
a) Forward
b) Reverse
c) Parent/Sibling
2) Clean up the documentation to clearly explain minimal changes to create a
functional system. So for example a forward proxy may be protected by an
allowed IP range on a private network and a configuration step would bet o
add my own network or select from an alternatives (proxy auth, forward
mapping, etc). This make it clear to a new user what steps that choices
they needed to make.
Totally unrelated, I'm starting to delve into the code a bit deeper and it
would be helpful if I would pick someones brain with regards to the cache
store and event system. Also is I didn't see Connection Collapsing in the
documentation does this feature still work?
Thanks everyone has been very helpful
/jms
##############################################################################
#
# Connection Collapsing
#
##############################################################################
# Adds the ability to collaspe connections going to the orgin server
# see Admin Guide Addendum for more details
CONFIG proxy.config.connection_collapsing.hashtable_enabled INT 0
CONFIG proxy.config.connection_collapsing.rww_wait_time INT 0
CONFIG proxy.config.connection_collapsing.revalidate_window_period INT 0
On Sun, Dec 20, 2009 at 4:15 PM, Eric Balsa<[email protected]> wrote:
Hi John,
See the faq on this subject on the wiki. Having open forward proxies on the
internet is a bad thing.
--Eric
On Dec 20, 2009 3:41 PM, "John Scharber"<[email protected]> wrote:
It think if would reduce the number of posts / amount of time to get TS
working if was configured as a standard forward proxy in the base
configuration, to that end I would suggest the following changes in the
records.config file
CONFIG proxy.config.reverse_proxy.enabled INT 0 // Disable reverse proxy
CONFIG proxy.config.url_remap.remap_required INT 0 //Disable remap required
Also my problem starting traffic server was in the trafficserver script in
the /urs/local/bin directory.
As documented in the Makefile it the pidfile has an erroneous "internal"
directory in the path
# pidfile: /usr/local/var/trafficserver/internal/server.lock
Proper without the "internal" directory in the path
PIDFILE=${PIDFILE:-/usr/local/var/trafficserver/server.lock}
