Skip to content

date: 2009-07-07 18:27:31+00:00

Squid as a reverse proxy howto

categories: - Howto - Linux - Proxy

The setup :

We run a virtualization server on a server in a datacenter (for example Proxmox VE), we only have 1 public IP available. We run web servers on 2 different virtual machines inside that VM host. We want both web servers to be accessible through the public IP on port 80.

We will use the Squid Proxy to act as a "reverse proxy" ( Squid will relay the requests to the destination depending on the hostname requested.

The machines :

Virtualization server (VM host)/Squid server : Public IP - bridged LAN IP VM1 : bridged LAN IP - Hostname VM2 : bridged LAN IP - Hostname

On your client computer (optional if you already have domains) :

Edit /etc/hosts and add :

On VM1 and VM2 :

apt-get install lighttpd (or whatever web server you like)

Edit /var/www/index.ligtthpd.html and replace the content of the file by "VM1" on VM1 and "VM2" on VM2.

On the VM host :

If Apache listens on port tcp/80, disable it by editing /etc/apache2/ports.conf and removing or commenting "Listen 80".

Install Squid :

apt-get install squid

Edit /etc/squid/squid.conf and find the http_port section, and add "http_port 80 vhost vport" :

http_port 3128 http_port 80 vhost vport

Then add the following section :

cache_peer parent 80 0 no-query originserver name=server1 cache_peer_domain server1 cache_peer parent 80 0 no-query originserver name=server2 cache_peer_domain server2

And then add the following ACL for our domains :

acl valid_domains dstdomain acl valid_domains dstdomain

Allow requests to our domains by adding "http_access allow valid_domains" just before the "deny all" rule (at the end of ACL's) :

http_access allow valid_domains http_access deny all

Restart Squid :

/etc/init.d/squid restart

Back on your computer :

Make a request on or .org, you should either see VM1 or VM2 displayed in your browser depending on the hostname requested.