§
On Mon, Mar 9, 2009 at 1:53 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> Pavel Georgiev wrote:
>>
>> On Mon, Mar 9, 2009 at 1:24 AM, Amos Jeffries <squid3_at_treenet.co.nz>
>> wrote:
>>>>
>>>> I'm trying to get squid to work as a reverse proxy in front of a
>>>> single web server which runs domain virtualhosts:
>>>>
>>>> http_port in:80 vhost
>>>> cache_peer out parent 80 0 originserver
>>>> 'in' is my input address, 'out' is the address of of the web server.
>>>>
>>>> The problem that I have is that each requests takes a considerable
>>>> time to process (in which time squid is trying to resolve the Host:
>>>> hostname and since I dont have a dns on the squid box, resolve never
>>>> succeeds). Eventually the page is served, it just waits through some
>>>> timeout on every request. Adding my vhosts to /etc/hosts on the squid
>>>> box solves the issue.
>>>>
>>>> Can I have an accelerator for a single backend server with vhosts,
>>>> without the need to resolve the Host: header (or if not possible, how
>>>> to effectivly workaround it, adding all vhosts to /etc/hosts is not an
>>>> option)?
>>>
>>> The recommended reverse-proxy accelerator setup does not require DNS in
>>> any form.
>>>
>>> http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
>>>
>>> It is possible to direct "cache_peer_access blah allow all" to the web
>>> server if you only have one backend and all domains go to it. Just note
>>> that this removes any false-domain restrictions squid might otherwise
>>> provide, and only works with a single back-end.
>>>
>>> Amos
>>>
>>
>> The provided example suggest using 'http_port ... defaultsite=...'
>> which ends up rewriting the Host: header in the request to the backend
>> server (which would not work with vhosts),
>
> No. defaultsite= adds a new Host: header if none was provided. Upgrading the
> broken request to HTTP-compliance. Any other behavior is a bug in your
> Squid.
>
>> and as soon as I change
>> that to 'http_port ... vhost' and add the 'cache_peer access ... allow
>> all' l get the dns timeouts.
>
> Ah, maybe 'all' (AKA 0.0.0.0/0) is doing the rDNS to find an IP to test
> against emptiness. Sorry, I'm so used to Internet connected machines having
> access to DNS its hard to think around it.
>
>>
>> So is it possible to have vhosts for a single backend server without dns?
>
> Um, give this a try:
> acl anyHost dstdomain .
> cache_peer_access X allow anyHost
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
> Current Beta Squid 3.1.0.6
>
Adding dafaultsite=... rewrites the Host: header even when a valid
Host: header is present in the request.
Adding vhost to the http_port still requires DNS for resolving the
hostname from the host header and the dstdomain . workaround did not
help. I`ll try a newer version to see if that helps. Let me know if
you have any ather ideas how to make this work as I`d rather stick
with the current version that comes with the distro.
Received on Tue Mar 10 2009 - 17:50:45 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 11 2009 - 12:00:02 MDT