Re: [squid-users] reverse proxy config

From: Erich Titl <erich.titl_at_think.ch>
Date: Sat, 18 Feb 2012 17:38:57 -0500

Hi Amos

Am 18.02.2012 02:29, schrieb Amos Jeffries:
> On 18/02/2012 3:09 a.m., Erich Titl wrote:
>> Hi Folks
>> cache_peer_access pfaeffikon-ssl allow sites_server_104
>
> Note: cache_peer_access and cache_peer_domain are alternative metods of
> deciding whether to service the request there. You can drop one of them.
>
>> http_access allow sites_server_104
>> ####################################################################################
>>
>>
>> Here is an excerpt of the cache.log file
>>
>> 2012/02/17 14:47:07 kid1| Accepting HTTP Socket connections at
>> local=[::]:8080 remote=[::] FD 15 flags=9
>> 2012/02/17 14:47:07 kid1| Accepting reverse-proxy HTTPS Socket
>> connections at local=[::]:443 remote=[::] FD 16 flags=9
>> 2012/02/17 14:47:07 kid1| Configuring Parent
>> pfaeffikon.gever.asp.ruf.ch/8083/0
>> 2012/02/17 14:47:07 kid1| Configuring Parent
>>
>> To me it looks like the cache peer is not accessed correcly.
>
> Maybe. That config says the peer will only service
> http://m278.asp.ruf.ch:443/* URLs. And does so without encryption on the
> squid<->peer link.
>
>>
>> The goal is to terminate https requests on the proxy and forwarding the
>> requests for pfaeffikon.gever.asp.ruf.ch to a peer called
>> m278.asp.ruf.ch on port 8083
>>
>> I see the requests arriving at the squid host, but it appears that it
>> does not use the host specified in the peer parameters but uses the name
>> of the original request host.
>
> Yes. Exactly so. The client is asking for
> https://pfaeffikon.gever.asp.ruf.ch/. Squid will attempt to service that
> request.
>
> You have told Squid to only accept requests for the domain m278.asp.ruf.ch.
>
> Amos
>

Of course you were right, I needed to understand the syntax a bit
better. I had the settings the wrong way around.

Thanks

Erich
Received on Sat Feb 18 2012 - 22:39:01 MST

This archive was generated by hypermail 2.2.0 : Sun Feb 19 2012 - 12:00:04 MST