On Thu, 2 Sep 2004, R. Benjamin Kessler wrote:
> I'd like to have something like the following:
>
> public site1 xx.yy.133.201
> public site2 xx.yy.133.202
> public site3 xx.yy.133.203
>
> all serviced by proxy1
>
> internal site1 192.168.133.201
> internal site2 192.168.133.202
> internal site3 192.168.133.203
>
> Do I have to run three different instances of squid to do this?
No, but you you need one https_port specification per certificate, each
bound to their public IP.
> If they're all xxx.foo.com can I use a singel "wild card" SSL
> certificate?
Then you can run them all on a single public IP address.
squid.conf:
https_port ...
https_port ...
https_port ...
httpd_accel_host your.primary.website
httpd_accel_port 80
httpd_accel_with_proxy on
acl port80 port 80
never_direct allow all
cache_peer server1 parent 80 0 no-query
acl site1 dstdomain www.site1.com
http_access allow site1 port80
cache_peer_access server1 allow site1
cache_peer server2 parent 80 0 no-query
acl site2 dstdomain www.site2.com
http_access allow site2 port80
cache_peer_access server2 allow site2
[etc].
Alternatively you can take out the cache_peer, cahce_peer_access and
never_direct lines and place the IP addresses of the web server for each
accelerated web server into /etc/hosts.
Regards
Henrik
Received on Thu Sep 02 2004 - 17:36:13 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:01 MDT