I've been battling with this for a few days now and I'm ready to give up. So I'm gonna give this a last shot.

In my apartment I've got 3 computer acting as servers. Here's my setup.

Gateway (Debian, Squid3(80,8080), Shorewall)
eth0
192.168.0.1
eth1
79.136.x.x

webserver1.com (Ubuntu, Apache2(80), Tomcat6(8080))
eth0
192.168.0.45

webserver2.com (Debian, Apache2(80))
eth0
192.168.0.55

Both webserver1.com and webserver2.com points to 79.136.x.x

What I want is to have squid to relay requests to *.webserver1.com:80 to 192.168.0.45:80, requests to *.webserver1.com:8080 to 192.168.0.45:8080 and lastly requests to *.webserver2.com:80 to 192.168.0.55:80.

I thought this would be the simplest thing. I kinda do know my way around documentation and google, but it seems I'm out of luck. I've tried a very simple conf that I thought would do something similar to what I want to do.


acl all src 0.0.0.0/0
acl webserver1_com dstdomain .webserver1.com
acl webserver2_com dstdomain .webserver2.com
acl p80 port 80
acl p8080 port 8080

http_access allow all

http_port 80 vhost defaultsite=webserver1.com
http_port 8080 vhost defaultsite=webserver1.com

cache_peer 192.168.0.45 parent 80 0 no-query originserver name=webserver1_80 login=PASS
cache_peer_access webserver1_80 allow webserver1_com
cache_peer_access webserver1_80 deny !p80

cache_peer 192.168.0.45 parent 8080 0 no-query originserver name=webserver1_8080 login=PASS
cache_peer_access webserver1_8080 allow webserver1_com
cache_peer_access webserver1_8080 deny !p8080

cache_peer 192.168.0.55 parent 80 0 no-query originserver name=webserver2_80 login=PASS
cache_peer_access webserver2_80 allow webserver1_com
cache_peer_access webserver2_80 deny !p80

cache deny all

This does not seem to work one bit, I get webserver1.com:80 for webserver1.com:80/8080 and webserver2.com:80, but I get webserver1:8080 for webserver2.com:8080. Could someone point me in the right direction? I guess I'm doing something wrong with the acl but this seems like it should be simple.

Thanks for reading thing far
//Andreas

why not use portforwarding ?

Maybe take a look at iptables. That can for sure do the job.

Another idea could be manipulating the name resolution via /etc/hosts.

Well, I got squid so I wouldn't need portforward for this and yeah, I'm using name resolution now but I don't want to and it's making me f**king furious as I think it should be so simple...

Hi,

I have reverse proxy working like a charm for multiple subdomains, http and https, under the same domain.com name, for example site1.domain.com, site2.domain.com and directing them to different peers based on the domain name in the http header. If it can help you I'll post the config I have, but not sure how to adapt it to work for two domain names on the same Squid. Just let me know if it would help you.

Kind regards,

Eric

Thanks but it's okay.. I've done it that way, but I would like to know why my acl's doesn't work as I expect with ports..

Hi,

I cannot help you out on that one, I've looked at your post and compared with my config, but don't see anything wrong in your config. But then again, I'm not an experienced Squid user. I hope someone can help you find an answer.

Kind regards,

Eric