[olug] rndc named dhcpd et al.

Obi-Wan obiwan at jedi.com
Wed Jan 30 19:47:30 UTC 2008


>> like for example: i want setup (in my local, non-public named 
>> configuration) a domain like "boobarbaxola.com" and so that when i 
>> request "boobarbaxola.com" via squid, squid's dns look up puts the 
>> request to the my local httpd server running on like 192.168.23.2 ... or 
>> something similiar.
> 
> That sounds like the reverse HTTP proxy setup that I just created this
> month at work.  I'll try to remember to send you the relevent portions
> of our config file when I'm at work tomorrow.

Here's the diff betweeen my working squid.conf and the stock one from
RHEL5.  The proxy only operates on port 443.  It also listens on port
80, but redirects all HTTP requests to their HTTPS equivalent.  In our
setup, squid listens on a different external IP for each internal server,
but that's because of the HTTPS certs.  For HTTP-only, you could use
a single IP.

------------------------- Achilles tendon - cut here -------------------------
[root at revproxy squid]# diff squid.conf{,.default}
18,19d17
< # For docs on configuring an SSL reverse proxy, see
< # http://wiki.squid-cache.org/ConfigExamples/SSL_Reverse_Proxy_with_Wild_Card_Certifiate?highlight=%28reverse%29
75c73
< http_port 80 vhost
---
> http_port 3128
166d163
< https_port 443 cert=/etc/squid/server.crt key=/etc/squid/server.pem vhost
231d227
< icp_port 0
564,567d559
< cache_peer 172.26.6.159 parent 443 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=cmaxx-app-peer
< cache_peer 172.22.66.208 parent 80 0 no-query originserver name=ocsapp-peer
< cache_peer 172.22.66.206 parent 80 0 no-query originserver name=ocsinf-peer
780d771
< maximum_object_size 0 KB
1443d1429
< url_rewrite_program /usr/local/bin/rewrite-http
2516,2525d2501
< # Reverse proxy back-end server IP's
< acl sites_cmaxx-app dstdomain emr.bryanlgh.org cmaxx-app.bryanlgh.org
< acl sites_ocsapp dstdomain ocsapp.bryanlgh.org
< acl sites_ocsinf dstdomain ocsinf.bryanlgh.org
< # These are the IP's (as queried by the squid server) for the URL's being hit (listed in sites_*)
< acl webserver dst 172.26.6.159 192.168.2.65 172.22.66.208 172.22.66.206
< http_access allow webserver
< miss_access allow webserver
2663,2665d2638
< cache_peer_access cmaxx-app-peer allow sites_cmaxx-app
< cache_peer_access ocsapp-peer allow sites_ocsapp
< cache_peer_access ocsinf-peer allow sites_ocsinf
------------------------- Achilles tendon - cut here -------------------------

------------------------- Achilles tendon - cut here -------------------------
% cat /usr/local/bin/rewrite-http
#!/usr/bin/perl
#
# URL rewriter for squid to convert HTTP requests to HTTPS.
# Return an HTTP permanent redirect back to the browser.
# http://wiki.squid-cache.org/SquidFaq/SquidRedirectors
#

$| = 1;
while (<>) {
        s/^http:/301:https:/;           # replace "http" with "https"
        print;
}
------------------------- Achilles tendon - cut here -------------------------


-- 
Ben "Obi-Wan" Hollingsworth                             obiwan at jedi.com
   The stuff of earth competes for the allegiance I owe only to the
     Giver of all good things, so if I stand, let me stand on the
       promise that You will pull me through.  -- Rich Mullins



More information about the OLUG mailing list