Squid Reverse Proxy

From OptionC

Introduction

This was set up as a way to test getting multiple domU web servers with multiple domain names served from a dom0 behind a firewall on a network that only had only external IP address. I make no claims that this is secure, or even the best wayl. It is certainly more conventional to just use Apache's virtual hosting, and serve all of the web sites off of the same box or virtual machine, but if you're testing Xen, what's the fun in that?

If you've spent a lot of time on Google trying to figure out how to do this, seeing these scanty instructions will probably make you want to scream. My apologies - my notes on this aren't up-to-snuff. The next time I go through this process I'll try to flesh them out. This applies to Debian/Sarge, which had version 2.5.9 of Squid (http://www.squid-cache.org/) at this writing.

HOWTO

apt-get install squid

Edit /etc/squid/squid.conf to make the following changes (there are any number of reasons why you _shouldn't_ set your Squid port to 80. I didn't listen to them):

http_port 80
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_uses_host_header on

Quote from the config file: "If you want to use Squid as both a local httpd accelerator and as a proxy, change this to 'on'. Note however your proxy users may have trouble to reach the accelerated domains unless their browsers are configured not to use this proxy for those domains (for example via the no_proxy browser configuration setting)." Since I don't have proxy users, I left this as "off", but if you do, uncomment this line and change off to on.

# httpd_accel_with_proxy off

Restart squid:

/etc/init.d/squid restart

Add entries to /etc/hosts for all the domain names:

local.ip.add.ress FQDN

For example:

192.168.168.100   www.mywebsite.blah mywebsite.blah
192.168.168.101   www.someotherwebsite.blah someotherwebsite.blah

Change your firewall to direct all http traffic to your squid/proxy server IP address.

Change the DNS entries (where you have your domain names registered) to point mywebsite.blah and someotherwebsite.blah to the external IP address. Wait up to 96 hours. Test.

Recommended Reading

• Transparent Proxying with Squid (http://www.linuxdevcenter.com/pub/a/linux/2001/10/25/transparent_proxy.html)