On Wed, 06 Apr 2011 08:40:32 +1200, Mike Bordignon (GMI) wrote:
> Hello
>
> I'm using squid 3.1.6 on Debian Squeeze. I run two instances of squid
> - on port 3128 and 3129. The instance on port 3128 services my LAN
> clients, authenticating via Kerberos/negotiate. The other instance
> acts as a transparent proxy (via a DNAT rule on a router).
>
> I have two questions.
>
> a) Is this the best way of achieving a transparent proxy, to run
> another instance of squid, or can I successfully combine both
> instances into one?
You can combine them both in any squid-2.6 or later.
Just place the http_port lines from each into one config file.
> b) Should I have the two instances/caches peer with each other using
> cache_peer ?
You may want it for failover or load leveling etc.
It is not necessary for handling the different types of traffic.
> c) Can squid proxy SSL requests transparently ?
>
Yes. But only for one definition of "transparent": the HTTP RFC
definition.
/pedant
It will not handle NAT intercepted SSL.
Amos
Received on Wed Apr 06 2011 - 00:06:20 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 06 2011 - 12:00:03 MDT