Re: Re: Re: [squid-users] reverse proxy with different ports

2003-09-10 Thread Henrik Nordstrom 
On Wednesday 10 September 2003 03.19, [EMAIL PROTECTED] wrote:
> I've seen access.log.
> When I add vhost in https_port settings, it looks like the virtual
> site name is fully rewritten by squid in the http header.
> Only the protocol type is changed from https:// to http:// .
> So, it doesn't use the port specified in cache_peer...


Correct. cache_peer only tells where to forward the request once 
accepted, not how Squid should read the request.

All details on how Squid should read the request is in the 
http(s)_port settings.


Note: When you have multiple backend servers you need to use 
cache_peer_access to tell Squid how to select between the servers. If 
not Squid will always use the first cache_peer.

Regards
Henrik

Re: Re: Re: [squid-users] reverse proxy with different ports

2003-09-09 Thread laurent . derrien 
I've seen access.log.
When I add vhost in https_port settings, it looks like the virtual site 
name is fully rewritten by squid in the http header.
Only the protocol type is changed from https:// to http:// .
So, it doesn't use the port specified in cache_peer...
cache_peer 192.168.x.x parent800 no-query originserver 
name=host1.mydomain
cache_peer 192.168.x.x parent810 no-query originserver 
name=host2.mydomain

Regards,
Laurent





Henrik Nordstrom <[EMAIL PROTECTED]>
10/09/2003 11:39

 
Pour :  [EMAIL PROTECTED]
cc :[EMAIL PROTECTED]
        Objet : Re: Re: [squid-users] reverse proxy with different ports


On Wednesday 10 September 2003 02.04, [EMAIL PROTECTED] wrote:

> In my case, I use special ports (https://virt_serv_name:2443 and
> http://virt_serv_name:81...) and it looks like the vhost
> instruction in https_port doesn't work with it.

See your access.log. access.log contains the URL as processed by Squid 
according to the http(s)_port settings where the request was 
accepted.

Regards
Henrik

Re: Re: [squid-users] reverse proxy with different ports

2003-09-09 Thread Henrik Nordstrom 
On Wednesday 10 September 2003 02.04, [EMAIL PROTECTED] wrote:

> In my case, I use special ports (https://virt_serv_name:2443 and
> http://virt_serv_name:81...) and it looks like the vhost
> instruction in https_port doesn't work with it.

See your access.log. access.log contains the URL as processed by Squid 
according to the http(s)_port settings where the request was 
accepted.

Regards
Henrik

Re: Re: [squid-users] reverse proxy with different ports

2003-09-09 Thread laurent . derrien 
Well.
I would be much more interested in the first config.
I've tried the following squid.conf successfully :
---
https_port 1443 defaultsite=192.168.x.x:80 protocol=http cert=rproxy.cert
https_port 2443 defaultsite=192.168.x.x:81 protocol=http cert=rproxy.cert
cache_peer 192.168.x.x parent80 0 no-query originserver 
cache_peer 192.168.x.x parent81 0 no-query originserver 
---
So, it works as I want.
However, there is a problem when I add a "clientca=myca.cert" instruction 
to my first https_port declaration : error "Failed to acquire SSL 
certificate 'rproxy2.crt'". There is no error when this instruction is at 
the end of the last https_port declaration !


For the second config, vhost works fine if there is no special ports 
(https:// for the connection to squid and http:// from squid to the origin 
server).
In my case, I use special ports (https://virt_serv_name:2443 and 
http://virt_serv_name:81...) and it looks like the vhost instruction in 
https_port doesn't work with it.

Regards,
Laurent





Henrik Nordstrom <[EMAIL PROTECTED]>
09/09/2003 20:35

 
Pour :  [EMAIL PROTECTED], [EMAIL PROTECTED]
cc : 
Objet : Re: [squid-users] reverse proxy with different ports


On Tuesday 09 September 2003 09.58, [EMAIL PROTECTED] wrote:
> Hello,
>
> I have a question about accel mode special configuration...
> Is it possible to have this configuration with SQUID3-PRE3 :
>
> User -[https on port 1443]-> Reverse Proxy --[http on
> port 80]--> Original server
> User -[https on port 2443]-> Reverse Proxy --[http on
> port 81]--> Original server
>
> Both links through the same Squid ?

Yes.

> Should I write a special redirector ?

With Squid-2.5 a redirector is needed. Squid-3 will do this nicely 
without the help of a redirector.


> If it's too hard, I could work with this other configuration :
>
> User -[https on port 1443 to virtual server name1]->
> Reverse Proxy --[http on port 80]--> Original server
> User -[https on port 1443 to virtual server name2]->
> Reverse Proxy --[http on port 81]--> Original server

Same problem basic problem..

> https_port 1443 defaultsite=original-site cert=rproxy.cert

This will make the URLs accepted by Squid look like 
https://original-site/path/to/requested/document

your acls need to match this.

If you want the https_port to support virtual domains then you need to 
use the vhost directive, which will make the URLs read like
  https://requested-domain-name/path/to/requested/document

and again your acls need to match this.

When using the vhost directive the defaultsite= option just specified 
the host name to assume if no host name was given in the request sent 
by the client.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]