On 17.01.2012 11:21, Roman Gelfand wrote:
> fair enough.
>
> How would you, then, implement the following...
>
> I would like to forward https://xyz.mydomain.com/server1 to
> http://server1.mydomain.com and https://xyz.mydomain.com/server2 to
> http://server2.mydomain.com. Please, keep in mind, the target
> server
> is apache and it has servername tag which depends on header.
The "/server1" and "/server2" bits will get complex to strip and re-add
properly.
At first glance you probably want something like this in Apache:
server 1 config:
<VirtualHost xyz.domain.com:80>
...
RewriteEngine On
RewriteBase /server1
Alias /server1 /some/file/path
</VirtualHost>
server 2 config:
<VirtualHost xyz.domain.com:443>
...
RewriteEngine On
RewriteBase /server2
Alias /server2 /some/file/path
</VirtualHost>
HOWEVER, I notice the http:// and https:// difference. A small
alteration to the Squid config should work with a simpler Apache setup:
squid.conf:
http_port 80 accel vhost ...
https_port 443 accel vhost ...
acl site dstdomain xyz.mydomain.com
cache_peer server1.mydomain.com 80 0 originserver name=httpServer
acl HTTP proto HTTP
cache_peer_access httpServer HTTP site
cache_peer_access httpServer deny all
cache_peer server2.mydomain.com 80 0 originserver name=secureServer
acl HTTPS proto HTTPS
cache_peer_access secureServer HTTPS site
cache_peer_access secureServer deny all
server 1 config:
<VirtualHost xyz.domain.com:80>
DocumentRoot /http/file/path
</VirtualHost>
server 2 config:
<VirtualHost xyz.domain.com:443>
DocumentRoot /secure/file/path
</VirtualHost>
The https:// traffic should be exiting Squid with Host header of
"xyz.domain.com:443" anyway for the VirtualHost to pick up on, since the
receiving https_port 443 is not the default port for http:// which it is
being converted to on outgoing to Apache.
You could also add "ssl sslflags=DONT_VERIFY_PEER" on secureServer to
use self-signed certificates which keep the traffic secure between the
Apache and Squid without triggering any errors or other problems. It
also has the nice side effect of ensuring Apache is aware of the port
and security differences in the traffic.
Amos
Received on Tue Jan 17 2012 - 01:31:02 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 17 2012 - 12:00:03 MST