On Mon, 10 Nov 2003, Robin Bowes wrote:
> I run a web server on my broadband connection at home. I run NAT on my gateway router and have a small internal network.
> I currently have all my web services hosted on a single box because of the 1-2-1 nature of NAT.
> I maintain my own internal DNS service which is different to the publicly visible DNS information (hosted at dyndns.org).
>
> Here's what I would like to do:
>
> Internet --- router --- proxy --+-- web1.robinbowes.com
> (squid) |
> +-- web2.robinbowes.com
This is one of the standard Squid configurations ;-)
The concept is called "reverse proxy" or "HTTP accelerator".
> Can squid do this?
Yes.
> Is there any special sort of set up I need to consider?
The setup differs from that of a Internet proxy in several aspects
* Access controls is based on what destinations may be reached how, not
who may use the proxy.
* Squid needs to be configured to run in accelerator mode
See the Squid FAQ and squid.conf.default.
> I also am considering implementing some sort of outgoing access control
> - pah, kids! Would I be able to use the same instance of squid for this
> or would I be better considering a separate instance?
While this is fully possible I would recommend using two instances of
Squid, one per purpose. Remember to give each a unique visible_hostname
(apart from different log files, cache etc). The reason to this is that it
is very easy to make a mistake in a combined configuration accidently
giving the whole world rights to proxy anywhere and you surely do not want
this to happen.
Regards
Henrik
Received on Mon Nov 10 2003 - 18:05:37 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:13 MST