subject:"\[squid\-users\] Reverse Proxy that listens and forwards to multiple ports to the same backend server"

Re: [squid-users] Reverse Proxy that listens and forwards to multiple ports to the same backend server

2009-08-12 Thread Henrik Nordstrom

ons 2009-08-12 klockan 10:03 -0700 skrev Andy Litzinger:
> Hi all,
>   I'm banging my head on what I think should be a simple config.  I want 
> squid to receive requests on port 80 and forward them on to the origin server 
> on port 80.  I also want squid to receive requests on port 8081 and forward 
> requests to the same origin server on port 8081.
> 
> I have a Load Balancer (BigIP) sitting in front of my Squid server and the 
> origin server Squid points to is also actually a VIP on the LB that sits in 
> front of a pool of real origin servers.
> 
> The goal is simple proxy- I'm not caching anything (that is working fine).
> 
> Clients connect to http/https://my.test.com
> This resolves in my DNS to 192.168.94.225, a VIP hosted on the LB that 
> forwards traffic on to Squid.
> The origin server VIP for the content is 192.168.94.226
> 
> 
> This is what the flows should look like focusing only on the destination TCP 
> port as it goes through each device:
> Desired HTTP request flow:
> Request port 80 ---> LB ---> request port 80 ---> Squid ---> request port 80 
> ---> origin VIP on LB > request port 8080 ---> server listening on port 
> 8080
> 
> Desired HTTPS request flow:
> Request port 443 ---> LB (SSL offload) ---> request port 8081 ---> Squid ---> 
> request port 8081 ---> Origin VIP on LB > request port 8081 ---> server 
> listening on port 8081
> 
> 
> What I see happening for the HTTPS requests is that the request arrives 
> properly at the squid server on port 8081, but squid forwards the request to 
> the Origin VIP on port 80 instead of 8081.
> 
> Here is the config I'm trying:
> 
> http_port 80 accel defaultsite=my.test.com
> http_port 8081 accel defaultsite=my.test.com

You probably want defaultside=my.test.com:8081 above... the port
handling in accelerator mode is a little odd sometimes with port seen as
part of the site name.


Regards
Henrik

[squid-users] Reverse Proxy that listens and forwards to multiple ports to the same backend server

2009-08-12 Thread Andy Litzinger

Hi all,
  I'm banging my head on what I think should be a simple config.  I want squid 
to receive requests on port 80 and forward them on to the origin server on port 
80.  I also want squid to receive requests on port 8081 and forward requests to 
the same origin server on port 8081.

I have a Load Balancer (BigIP) sitting in front of my Squid server and the 
origin server Squid points to is also actually a VIP on the LB that sits in 
front of a pool of real origin servers.

The goal is simple proxy- I'm not caching anything (that is working fine).

Clients connect to http/https://my.test.com
This resolves in my DNS to 192.168.94.225, a VIP hosted on the LB that forwards 
traffic on to Squid.
The origin server VIP for the content is 192.168.94.226


This is what the flows should look like focusing only on the destination TCP 
port as it goes through each device:
Desired HTTP request flow:
Request port 80 ---> LB ---> request port 80 ---> Squid ---> request port 80 
---> origin VIP on LB > request port 8080 ---> server listening on port 8080

Desired HTTPS request flow:
Request port 443 ---> LB (SSL offload) ---> request port 8081 ---> Squid ---> 
request port 8081 ---> Origin VIP on LB > request port 8081 ---> server 
listening on port 8081


What I see happening for the HTTPS requests is that the request arrives 
properly at the squid server on port 8081, but squid forwards the request to 
the Origin VIP on port 80 instead of 8081.

Here is the config I'm trying:

http_port 80 accel defaultsite=my.test.com
http_port 8081 accel defaultsite=my.test.com
icp_port 0
htcp_port 0
snmp_port 3401

debug_options ALL,1 33,2

cache_peer 192.168.94.226 parent 80 0 no-query no-digest originserver 
name=my_test
cache_peer 192.168.94.226 parent 8081 0 no-query no-digest originserver 
name=my_test_ssl

acl our_http_port port 80
acl our_ssl_port port 8081
acl my_test_dom dstdomain my.test.com

cache_peer_access my_test_ssl allow our_ssl_port my_test_dom
cache_peer_access my_test_ssl deny all

cache_peer_access my_test allow our_http_port my_test_dom
cache_peer_access my_test deny all

# acl to block caching
acl our_sites dstdomain .test.com
# acl listing the IP of each vip
acl vips dst 192.168.94.225
acl acceleratedPort port 80 8081

# we do NOT want the responses to
# any requests to be cached.
cache deny our_sites
# Allow requests to make it through to the VIPs
# but only on the expected ports
http_access allow vips acceleratedPort
http_access deny all
http_reply_access allow all

cache_effective_user squid
cache_effective_group squid
visible_hostname testproxy.test.com
unique_hostname testsquid01

client_db off
uri_whitespace allow
strip_query_terms off
relaxed_header_parser on
minimum_expiry_time 30 seconds

request_header_access Accept-Encoding deny all

any suggestions?

Thanks!
 Andy

Re: [squid-users] Reverse Proxy that listens and forwards to multiple ports to the same backend server

[squid-users] Reverse Proxy that listens and forwards to multiple ports to the same backend server

2 matches

Site Navigation

Mail list logo

Footer information