Hi,
Although you can't have apache and squid listening on port 80 on the same
IP, you can have them both running on port 80 on the same machine. Just do
this:
Change your apache config to:
"Listen 127.0.0.1:80"
Change your squid config to:
"cache_peer 127.0.0.1 parent 80 0 no-query originserver"
"http_port 1.2.3.4:80 accel vhost"
Where 1.2.3.4 is, put your public IP.
-Al
On Thu, 25 Mar 2010, Adam_at_Gmail wrote:
> Date: Thu, 25 Mar 2010 16:30:33 -0000
> From: "Adam_at_Gmail" <adbasque_at_googlemail.com>
> To: Ron Wheeler <rwheeler_at_artifact-software.com>
> Cc: Amos Jeffries <squid3_at_treenet.co.nz>, squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Help with accelerated site
>
> Hi All,
> Thank you guys for your help
> I have tried your suggestions,
> Yes Ron I know that two programmes can't both listen on the same port at the
> same time
> but I thought the Apache was essential for the Proxy server, so thanks for
> the suggestion,
> I am including bits of my config here, because now I am getting "Access
> Denied" even from a local network:
> Can you guys please take a look at it and see if you can spot what's causing
> the access denied.
> note I have tried to allow everything and removed all the "deny" directives
> and yet it's still denies any access from my local network.
> That is why I get so confused with Squid, I don't understand it's logic to be
> perfectly honest, and let me remind you that this config used to work just
> fine at least it used to allow access to the internet to all the clients on
> my local network.
>
>
> #############################
> # Other Access Controls
> #############################
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> acl our_networks dst 192.168.1.0/32
> acl our_sites dstdomain www.mysite.org
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> # acl localnet src 192.168.0.0/32 # RFC1918 possible internal network
> acl localnet src 192.168.1.0/32 #Local Network
> acl myaccelport port 80
>
> # acl FTP proto FTP
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> #http_access deny manager
> # http_access deny !Safe_ports
> http_access allow localnet
> #http_access deny all
> # http_access allow intranet
> # http_access deny all
> http_access allow our_networks
>
> icp_access allow localnet
> #icp_access deny all
> htcp_access allow localnet
> #htcp_access deny all
> http_acceess allow CONNECT
> #http_access deny all
> hosts_file /etc/hosts
> visible_hostname proxy
>
> http_port 3128
>
> hierarchy_stoplist cgi-bin ?
>
> cache_effective_user squid
> access_log /usr/local/squid/var/logs/access.log squid
> cache_log /usr/local/squid/var/logs/cache.log
> cache_store_log /usr/local/squid/var/logs/store.log
> pid_filename /usr/local/squid/var/logs/squid.pid
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> icp_port 3130
> htcp_port 4827
> # allow_underscore on
>
> coredump_dir /usr/local/squid/var/cache
>
>
> Can anyone see what's wrong with this config and if possible to point it out
> to me, your help would be much appreciated
>
> Thanking you in advance
> Regards
> Adam
>
> ----- Original Message ----- From: "Ron Wheeler"
> <rwheeler_at_artifact-software.com>
> To: "Adam_at_Gmail" <adbasque_at_googlemail.com>
> Cc: "Amos Jeffries" <squid3_at_treenet.co.nz>; <squid-users_at_squid-cache.org>
> Sent: Thursday, March 25, 2010 1:58 AM
> Subject: Re: [squid-users] Help with accelerated site
>
>
>> Adam_at_Gmail wrote:
>>> Hello there,
>>> Thanks for the reply Ron and Amos
>>>
>>>
>>> Maybe my original e-mail wasn't clear a bit confusing I am sorry if I
>>> confused you
>>>
>>> I have squid running on Machine A with let's say local ip 192.168.1.4
>>> the backend server is running on machine B and ip address 192.168.1.3
>>>
>>> Now, instead of getting the website that is located on Machine B
>>> 192.168.1.3 which is listening on port 81 not 80.
>>> I am getting the default Apache Page on the Proxy server Machine which is
>>> 192.168.1.4
>>>
>>> And I do have the vhost in my configuration
>>> Well there are two apaches running on the two machines, the proxy machine
>>> and the web-server machine, except the web-server apache listens on port
>>> 81, logically (technically) speaking it should work, but for some reason
>>> it doesn't.
>>> I hope it makes more sense to you what I am trying to describe here
>>
>> Very helpful.
>> You can not have apache listening for port 80 on 192.168.1.4 and Squid
>> trying to do the same thing.
>> Only one process can have port 80.
>> You will very likely find a note in the squid logs that says something to
>> the effect that squid can not bind to port 80.
>> If you shutdown apache on 192.168.1.4 and restart squid, your proxy will
>> work (if the rest of the configuration is correct)
>> If you then try to start apache on 192.168.1.4 it will certainly complain
>> loudly about port 80 not being free.
>>
>> If you want to use Apache on both 192.168.1.4 and 192.168.1.3 you need to
>> set the apache on 192.168.1.4 to listen on port 81 and set squid to proxy
>> to the apache on 192.168.1.4 and use apache's proxy and vhost features to
>> reach 192.168.1.5 which can be set to listen on port 80.
>> This will support
>> browser=>Squid on 192.168.1.4 ==> Apache on 192.168.1.4:81 (vhost)
>> ==>Apache 192.168.1.3:80
>> That is a pretty common approach.
>>
>> Ron
>>
>>
>>>
>>> Thank you all for your help
>>> Regards
>>> Adam
>>>
>>> ----- Original Message ----- From: "Amos Jeffries" <squid3_at_treenet.co.nz>
>>> To: <squid-users_at_squid-cache.org>
>>> Sent: Thursday, March 25, 2010 1:01 AM
>>> Subject: Re: [squid-users] Help with accelerated site
>>>
>>>
>>>> On Wed, 24 Mar 2010 19:48:27 -0400, Ron Wheeler
>>>> <rwheeler_at_artifact-software.com> wrote:
>>>>> What is squid proxying?
>>>>> Usually the normal behaviour is exactly what you are getting since squid
>>>>
>>>>> normally proxies Apache on 80.
>>>>> Browser ==> Squid on 80==>proxied to Apache on port 81.
>>>>>
>>>>>
>>>>> If Squid is not proxying Apache, then it looks like you have Apache
>>>>> running on 80.
>>>>>
>>>>> If you are trying to redirect port 80 to another program that is not
>>>>> Apache, then you need to get Apache off port 80.
>>>>> You can not have 2 programs listening to port 80.
>>>>>
>>>>> If Apache is running and owns port 80, Squid will not start.
>>>>>
>>>>> If this is the case, You likely have errors in the logs to this effect.
>>>>>
>>>>> Shut down Apache and and restart Squid.
>>>>>
>>>>> Try to start Apache and now it should howl with anger (or log in anger)
>>>>> at not getting port 80.
>>>>>
>>>>>
>>>>> Ron
>>>>>
>>>>> Adam_at_Gmail wrote:
>>>>>> Hello All,
>>>>>>
>>>>>> I have followed this configuration, but when I try and access the
>>>>>> website from outside my network
>>>>>> All I get is the default page of the apache on the machine where the
>>>>>> Squid proxy is installed
>>>>>>
>>>>>> Here is the link:
>>>>>>
>>>>>> http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
>>>>>>
>>>>>> here is the configuration I followed
>>>>>>
>>>>>> http_port 80 accel defaultsite=your.main.website.name(changed my port
>>>>>> to 81 my backend server listens on port 81)I havehttp_port 81 accel
>>>>>> defaultsite=www.my.website.org vhostand then used thiscache_peer
>>>>>> ip.of.webserver parent 80 0 no-query originserver
>>>>>> name=myAccelcache_peer 192.168.1.5 parent 81 0 no query originserver
>>>>>> name=myAccel(myAccel I have put a name)and then acl our_sites
>>>>>> dstdomain my.website.org
>>>>>> http_access allow our_sites
>>>>>> cache_peer_access myAccel allow our_sites
>>>>>> cache_peer_access myAccel deny all Anybody with any suggestions
>>>>>> please?Any help would be appreciated thank youRegardsAdam
>>>>>>
>>>>
>>>> Sorry, took me a while to un-mangle that original email text.
>>>>
>>>> You are missing the "vhost" option on https_port 80. All traffic Squid
>>>> receives on port 80 will go to Apache's default virtual host.
>>>>
>>>> Amos
>>>>
>>>
>>>
>>
>
Received on Fri Mar 26 2010 - 01:24:12 MDT
This archive was generated by hypermail 2.2.0 : Fri Mar 26 2010 - 12:00:06 MDT