Quote:
Originally Posted by haariseshu
Dear Friends, In the squid proxy if we are using multiple web server behind the proxy means how to make my squid to listen both the servers. If u r having any idea regarding this pls share. and any doubt regarding DNS, NTP, RADIUS products are welcome.....
Thank you,
HARI.
|
Your English needs a little work; the answer to your question depends on what you're actually asking - so I'll answer both possible interpretations.
If you mean you have two different servers hosting two different domains, put the two different servers in your /etc/hosts:
192.168.88.1 www.domain1.net
192.168.88.2 www.domain2.net
then set up your squid acls in squid.conf to allow connections to both domains:
acl all src 0.0.0.0/0.0.0.0
acl localserv dst 192.168.88.0/255.255.255.0
http_access deny !Safe_ports
http_access allow localserv Safe_ports
If you mean to have one domain spread across two *different* hosts, the classic methods involve DNS tricks such as multiple A entries in your DNS server configuration. Unfortunately these will typically fail in a proxy configuration as squid will helpfully cache its DNS lookup results and hit the same server repeatedly. (This might be made to work with local DNS on a forced DNS server, but I'm not placing any bets.)
For a general treatment of solving this problem, check the Linix HOWTOs about clustering and high availability. The fact that you have a proxy server added to the equation doesn't change matters much.
One way of doing this is via use of ipvsadm with non-persistent connections. I won't go into *great* detail here as my familiarity with ipvsadm is limited; essentially you need to set up a *non-persistent* cluster on the proxy server pointing to the members of your cluster.
I believe the following will work, but you should read upon ipvsadm (and more generally on Linux clustering) so you know what you're doing. In particular you may prefer a different cluster selection algorithm than wlc.
ipvsadm -A -t 127.0.0.1:http -s wlc
ipvsadm -a -t 127.0.0.1:http -r 192.168.88.1 -w 1
ipvsadm -a -t 127.0.0.1:http -r 192.168.88.2 -w 1
This setup requires that you *not* be running any services on 127.0.0.1:http (including on *:http) as such connections will take priority. In particular, squid *itself* must *not* be listening on the IP specified by the "-t" argument. "netstat -an" will tell you what ports are being listened on, or "lsof -i :80" will list programs and ports.
With this setup your DNS resolution (via /etc/hosts or your DNS server) resolves to localhost, or at least to the IP specified in the "-t" argument for ipvsadm. It's also possible to use the ipvsadm heartbeat functionality to give yourself some failover redundancy.
Your squid acls would look pretty much the same as in the first interpretation, by the way.
If someone knowing ipvsadm better than I do wants to correct that material, please feel free. I've only used ipvsadm myself in a persistent context. In particular it *may* be necessary to have ipvsadm running on a separate box to avoid port conflicts... but that's the sort of application for which virtualisation presents an ideal solution. :-)
...Ronny