Reverse cache proxy using squid proxy

→ Are you a new visitor? Please visit the page guidance for new visitors ←

Reverse cache proxy using squid proxy

If you came here looking for a reverse cache proxy, then you probably already heard of squid proxy. As it name is, this is entirely designed as a proxy, however this does not mean it can’t be used as a reverse proxy or frontend proxy. Reverse proxy is a type of proxy that is installed in front of a client for one server or multiple servers. All resources that are being downloaded from the backend servers are being seen as being downloaded from the reverse cache proxy. This is mostly used to reduce the load on the backend servers by serving cached content directly from the reverse proxy cache server.

How do you setup a reverse cache proxy?

In most reverse cache proxy applications, be it nginx, varnish, squid or any other software, the basic setup is not exactly that hard to understand. However optimizing the reverse proxy cache for your needs is a different matter. A basic squid reverse proxy installation would look similar to:

Break down of the above now. Firs line we are saying to listen on port 80, in squid acceleration mode and our main site is main-domain.com. Vhost is not allowed, we only server one domain in this setup.

Next is the cache_peer, this is really important, we are saying the backend server is on server ip 127.0.0.1 on port 80, ICP port is set to 0 as we don’t use multiple backend server in this setup and we disable ICP requests by using no-query. originserver is used to make the reverse proxy act as the real/origin server, this is used mostly as an accelerator when it needs to act as a web server. The last one is the name of your cache peer, this is useful when you use multiple cache_peer option and you want to allow specific requests to either cache peer.

Then we have the ACL requsts, squid uses access control lists (ACLs) for allowing access to specific sections, in this case, we creat the access list specific to requests that have their destination set as our main domain main-domain-name.com. By default http_access denies all requests to pass to our squid reverse cache proxy that have not been specifically allowed, so we use http_access allow your_site_acl to allow access to our ACL that we created. The same for cache_peer_access, we specifically allow access to our ACL.

Then everything is done, you just need to make sure your configuration is set correctly and you can restart squid.

Reverse cache proxy virtual host based?

Now what if we have a virtual host configuration and we want to use the reverse proxy cache in this situation. Well the basic setup can be used almost the same, but with a few adjustment. Also if you know the website domains, you can use the above settings, but change the first line to:

Else, if you you wish to allow all access to your squid cache proxy use the bellow setting:

Please do keep in mind, the last line is NOT really added, you should already have the line somewhere bellow in your squid configuration file:

That needs to be changed to allow all access. Then everything will work as expected, virtual host settings have been set. You then make sure setup is properly set and restart your squid cache reverse proxy.

  • Wat

    Apparently not as obvious as it seems: Lets say I just need to get this working with a single webpage- http://www.my-domain.com/

    I have BUNGLED on this line:
    http_port 82 accel defaultsite=http://www.my-domain.com/ no-vhost

    I’m guessing thats because I am not properly substituting out “main-domain-name.com”. What exactly am I supposed to do there?

    • That is correct, you need to replace that with only the domain name, not the url

      Don’t forget to test it first, then restart:

    • Wat

      turns out version 3 really really hates no-vhost

      • Hmm it should be working, if you let me know what environment you have, I can test this later tonight and let you know if anything is different…

Request an article ←