Config for Squid

Corin · July 15, 2019, 1:34pm

Hi,

@ home i try to add squid as reverse proxy.

i used this documentation for the start.
https://wiki.univention.de/index.php/Cool_Solution_-_Squid_as_Reverse_SSL_Proxy

what i have to do now?

this is my network:
Internet
-> Squid
-> Webserver 1 (Wordpress and Nextcloud) (subdomain1.domain.com)
-> Webserver 2 (Rocketchat) (subdomain2.domain.com)

at the moment wordpress is available. Nextcloud dont work now (Login fails, dav clients dont work)
How i add Rocketchat with another webserver?

My config:

#reverse SSL proxy
https_port 443 cert=/etc/univention/letsencrypt/signed_chain.crt key=/etc/univention/letsencrypt/domain.key accel defaultsite=central.c-lab.one vhost
cache_peer 10.0.0.10 parent 443 0 no-query proxy-only originserver ssl sslflags=DONT_VERIFY_PEER name=central.c-lab.one

in the documentation i dont understand, what i have to do now. only copy this and paste it with other Links? Nextcloud may be special, cause its on central.c-lab.one with /nextcloud/?

i hope you can help me.

best regards, and may the force be with you.

Corin · July 15, 2019, 5:21pm

Ok i did it!

This tutorial was the soluten.

See ya

Corin · July 18, 2019, 9:05am

Ok i need help again.

i use the rocketchat and out of the local network you can login, but you dont get messages, channels, no updatepackages, if anybody wrote.

i tried “proxy-only” and removed some rules, but it wont work fine.

Internet - router - firewall - reverse proxy - webserver 1 + webserver 2(rocketchat)

Without the reverse proxy all run fine.

any ideas or solutions?

squid conf

#reverse SSL proxy
http_port 80 accel defaultsite=webserver1 vhost
https_port 443 cert=/etc/univention/letsencrypt/signed_chain.crt key=/etc/univention/letsencrypt/domain.key accel defaultsite=webserver1 vhost

cache_peer 10.0.0.10 parent 443 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER login=PASS name=webserver1
cache_peer 10.0.0.12 parent 443 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER login=PASS proxy-only name=webserver2

acl sites_webserver1 dstdomain webserver1
acl sites_webserver2 dstdomain webserver2
acl sites_MB10-RP dstdomain webserver1

cache_peer_access webserver1 allow sites_webserver1
cache_peer_access webserver2 allow sites_webserver2
cache_peer_access MB10-RP allow sites_webserver1

acl our_sites dstdomain webserver1 webserver2
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https

http_access allow manager localhost
http_access deny !Safe_ports
http_access allow our_sites
http_access deny all

reply_header_access Via deny all
reply_header_access X-Forwarded-for deny all
reply_header_access X-Cache deny all

cache_mgr email

cache_mem 800 MB
cache_swap_low 50
cache_swap_high 80
cache_effective_user proxy
cache_effective_group proxy
cache_dir diskd /etc/squid/cache 20000 100 200
minimum_object_size 0 KB
maximum_object_size 150 MB
maximum_object_size_in_memory 2 MB
store_avg_object_size 1 MB
request_body_max_size 120 MB
ipcache_size 2048
ipcache_low 90
ipcache_high 95
fqdncache_size 2048
cache_log /var/log/squid/debug.log
log_mime_hdrs on