Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have got a reverse proxy that is working just fine, it accepts requests on port 443 and port 80 and ONLY sends traffic upstream to port 80 to the apache server listening on localhost.
The site should act differently in some occasions based on whether http or https was requested. So my idea is to setup second http vhost on apache listening to port 8080 and on that vhost I would server the https code. So is it possible to use SQUID to :
Send traffic destined for port 443 to localhost:8080
and
Send traffic destined for port 80 to localhost:80 ?
Any hints/ comments are highly appreciated.
Click here to see the post LQ members have rated as the most helpful post in this thread.
I think the best way is to just indicate it in the cache_peer directive. I've set up a reverse proxy with HTTPS only (redirecting all HTTP to HTTPS) and the backend server had different ports listening. This is how I used it and it worked:
Hi I am not sure I can setup two cache as the apache host is on the same server listening on localhost..but I will try it and post feedback..thanks a lot
Since Apache gives you the possibility to have VirtualHost based on IP, Port, Name or combinations of those I'm pretty sure you'll be able to configure it. If you encounter problems in trying/doing, don't hesitate to post them here.
Hi
I did use your configuration as a starting point, and commented out my config for now. The issue so far is that SQUID is not listening on port 80, to sum ip what I want to achieve
a.com HTTP Request -> SQUID -> HTTP Apache
a.com HTTPS Request -> SSL Handled by SQUID -> HTTP Apache on another Vhost, or simply on another port.
Squid as a reverse proxy listens on the port you indicate it to listen with http_port. What have you set for that variable? Basically what you want is to redirect the http_port Squid is listening on to your localhost on port 80, right? And besides that you want https 443 redirected to the same localhost but on port 8080, which would be a different VirtualHost, right?
The configuration I posted wasn't complete at all, just the necessary stuff I thought will matter. Don't substitute all your config for what I posted since it's not complete. You should compare what I posted with what you've got.
What is confusing me is that I am using the config below for now. And the requests still end up going to :
[SERVER_ADDR] => 127.0.0.1
[SERVER_PORT] => 80
From what I see there is nothing in the squid config that would suggest to SQUID to send any requests to port 80, the cache are setup to send to 443 or 7002
http_port 10.14.1.72:80 vhost protocol=http
https_port 10.14.1.72:443 accel cert=/etc/squid/self_certs/employment-stg.site key=/etc/squid/self_certs/domain defaultsite=siteg.domain vhost protocol=https
forwarded_for on
This is just the basics for the peers, I imagine you know about the different acl rules and how to include them. Also don't forget about the log facility, host file and so. If you want a more complete configuration, let me know and I'll post what I used at a previous job so you can copy (and change) from that.
Hi
I removed the SSL stuff because SQUID was posting a Protocol mismatch error, I am sorry about my following request it is m fault, can you please remove the domain names from your last post where you quoted me ?
Thanks
Hi
I removed the SSL stuff because SQUID was posting a Protocol mismatch error, I am sorry about my following request it is m fault, can you please remove the domain names from your last post where you quoted me ?
Thanks
Hi,
Done, sorry I didn't even notice it when copy/pasting
OK, I am getting closer to what I want to achieve and I can say I have got it halfway working, one question if you do not mind.
Based on you example, there are two caches, based on what exactly does SQUID determine where to which cache to send the incoming request ? I do not see any connection between the vhost definition and the cache.
I just corrected a small mistake I didn't notice before:
Code:
cache_peer 127.0.0.1 parent 80 no-query originserver
acl https proto http
needs to be:
Code:
acl http proto http
I'm not the Squid expert, not at all, but I'm quite positive that the acl just after the cache_peer defines which traffic to send where. After the correction I made you'll notice that for the first cache_peer the protocol is https (proto) and for the second one http which makes up the difference.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.