Reverse Proxy with Squid

From RSWiki
Revision as of 21:31, 18 August 2007 by Robert (talk | contribs) (New page: == Introduction == If like me your ISP provides you with a single static IP address you may think that you are limited to running one web server. Or at the very best using NAT to ports oth...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction

If like me your ISP provides you with a single static IP address you may think that you are limited to running one web server. Or at the very best using NAT to ports other than port 80 on other servers. There are many reasons why you would wish to use more than one webserver. For example you may wish to have Apache serving one site and Microsoft IIS 6.0 serving another or even JBoss, Tomcat or some other application server.

Background

For my scenario I wished to run Apache and PHP. Indeed it is this combination on which this very site is running. In addition to this I also wished to run another site on IIS 6.0. I have various domain names belonging to myself and friends that are hosted on my primary webserver. These use Apaches built in Virtual Hosts directive however one site that I was asked to host required Microsofts IIS. I explored the many options that were available and concluded that using Squid as a reverse proxy would be my best option.

Equipment

My scenario uses three individual servers.

The reverse proxy - running Ubuntu 6.06
The Apache Web server - runnin Ubuntu 6.06
The IIS server - running Windows Server 2003

Configuring the Proxy

I used a base install of Ubuntu 6.06 and manually compiled the most recent version of Squid which as of this time of writing is Squid 2.4-Stable14. The only configure flag that I used was --prefix=/usr

Once Squid was compiled and installed I now had the following directory structure:

/usr/etc/squid.conf - Squid configuration file
/usr/var/logs - log file locations
/usr/var/cache - location of the cache itself.

Editing squid.conf

The supplied squid.conf is over 4000 lines long. Most of this is documentation added in the comments. For my purposes I created a new squid.conf from scratch.

By default Squid is configured to listen on TCP port 3128. As we wish to use Squid as a web server we need to tell it to listen on port 80 instead. So the first line of our new squid.conf is as follows:

http_port 80 accel defaultsite=www.sweetnam.eu vhost

The default site to be served is www.sweetnam.eu and we will use vhost directives to configure the other servers.

The next lines in the configuration are merely Squids default:

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

access_log /usr/var/logs/access.log
cache_log /usr/var/logs/cache.log
cache_store_log /usr/var/logs/store.log

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     

The next lines are where we begin to configure the two seperate servers.