Squid Reverse Proxy
This was set up as a way to test getting multiple domU web servers with multiple domain names served from a dom0 behind a firewall on a network that only had only external IP address. I make no claims that this is secure, or even the best wayl. It is certainly more conventional to just use Apache's virtual hosting, and serve all of the web sites off of the same box or virtual machine, but if you're testing Xen, what's the fun in that?
If you've spent a lot of time on Google trying to figure out how to do this, seeing these scanty instructions will probably make you want to scream. My apologies - my notes on this aren't up-to-snuff. The next time I go through this process I'll try to flesh them out. This applies to Debian/Sarge, which had version 2.5.9 of Squid (http://www.squid-cache.org/) at this writing.
apt-get install squid
Edit /etc/squid/squid.conf to make the following changes (there are any number of reasons why you _shouldn't_ set your Squid port to 80. I didn't listen to them):
http_port 80 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_uses_host_header on
Quote from the config file: "If you want to use Squid as both a local httpd accelerator and as a proxy, change this to 'on'. Note however your proxy users may have trouble to reach the accelerated domains unless their browsers are configured not to use this proxy for those domains (for example via the no_proxy browser configuration setting)." Since I don't have proxy users, I left this as "off", but if you do, uncomment this line and change off to on.
# httpd_accel_with_proxy off
Add entries to /etc/hosts for all the domain names:
192.168.168.100 www.mywebsite.blah mywebsite.blah 192.168.168.101 www.someotherwebsite.blah someotherwebsite.blah
Change your firewall to direct all http traffic to your squid/proxy server IP address.
Change the DNS entries (where you have your domain names registered) to point mywebsite.blah and someotherwebsite.blah to the external IP address. Wait up to 96 hours. Test.
- Transparent Proxying with Squid (http://www.linuxdevcenter.com/pub/a/linux/2001/10/25/transparent_proxy.html)