mån 2006-04-10 klockan 10:41 -0400 skrev Sketch:
> Hi,
>
> I'm currently researching squid's ability to have traffic destined for
> specific IPs redirected to specific http_accel_hosts.
>
> Is there any way to accomplish this without running multiple instances of squid?
Yes, there is several.
Do you run Host header based virtual domains on these IPs, or just a
single site on each?
Is the backend servers well aware of their official Internet names, or
like IIS and always assumes what is sent to them in the Host header?
Traditional Squid-2.5 way with a single site per IP:
set "httpd_accel_host virtual", "httpd_accel_uses_host_header off". This
makes Squid pick up the IP address where it accepted the request and use
this in the reconstructed URL. Then have a redirector rewrite these IPs
into the actual IP addresses.
Traditional Squid-2.5 way with Host header based virtual support:
set "httpd_accel_host virtual", "httpd_accel_uses_host_header on". Use a
redirector to rewrite both the IP addresses and the official (as seen on
the Internet) host names into the appropriate backend server names.
More efficient method:
set "httpd_accel_host virtual", "never_direct allow all" and optionally
"httpd_accel_uses_host_header on". Define a cache_peer per backend and
use cache_peer_access to select which requests gets sent to which
server. In theory you could use the myip acl in cache_peer_access here
but I'd stronly recommend not to and instead use dstdomain/dst acls
(there is a risk of cache pollution otherwise by sending the requests to
the wrong IP)
The last method unfortunately doesn't work with all web servers. If you
have trouble from this look into the "rproxy" patch available from
devel.squid-cache.org addressing these issues and more..
Efficient method if all clients sends proper Host header:
set "httpd_accel_host your.main.site", "httpd_accel_uses_host_header",
then in /etc/hosts (or equivalent file referenced from squid.conf) add
each of the accelerated sites with their proper backend IPs. Set up
http_access to only allow request to (dst) the backend IPs.
The http_access thing also applies to the traditional Squid-2.5 methods
using redirectors mentioned above.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT