TWiki> Sandbox/SandboxArchive Web>CarlosAguadoSandbox>SquidReverseProxy (2020-08-20, TWikiAdminUser) EditAttachPDF

How to install squid in reverse-proxy mode

This is a simple config file to be used as a template: 

http_port 80 transparent

sslproxy_client_certificate /etc/ssl/pem/cernvm.pem
sslproxy_client_key /etc/ssl/private/cernvm.key

acl all src 0.0.0.0/0.0.0.0
acl inHttp port 80
acl inHttps port 443
acl fromFrontend dstdomain cernvm.cern.ch
cache_peer 137.138.170.216    parent    80  0  no-query originserver name=rbuilder login=PASS
acl rbuilder_doms dstdomain rbuilder.cern.ch cernvm.cern.ch cernvm-test.cern.ch cernvm-devel.cern.ch
cache_peer_access rbuilder allow rbuilder_doms inHttp

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

cache_mem 32 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 524288 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024

cache_replacement_policy heap LFUDA
memory_replacement_policy lru
cache_dir aufs /var/spool/squid 8192 16 256

logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" ref:"%{Referer}>h" ua:"%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log off
mime_table /etc/squid/mime.conf
log_mime_hdrs off

pid_filename /var/run/squid.pid
debug_options ALL,1
check_hostnames on
hosts_file /etc/hosts

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT
acl CERN src 128.141.0.0/255.255.0.0
acl CERN src 128.142.0.0/255.255.0.0
acl CERN src 137.138.0.0/255.255.0.0

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny to_localhost

acl cernvm_cluster dstdomain cernvm.cern.ch rbuilder.cern.ch cernvm-test.cern.ch cernvm-devel.cern.ch
http_access allow cernvm_cluster
http_access allow CONNECT cernvm_cluster SSL_ports
http_access allow localhost
http_access deny all

icp_access allow all
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

cache_mgr cernvm.administrator@cern.ch
mail_from cernvm.administrator@cern.ch

httpd_suppress_version_string on
visible_hostname cernvm.cern.ch

icp_port 0

error_map http://cernvm.cern.ch/error/triggered.html.var 403 404
forwarded_for on
coredump_dir /var/spool/squid

-- CarlosAguado - 13 May 2008

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2020-08-20 - TWikiAdminUser
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Sandbox/SandboxArchive All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback