I host my site from a LAN configured with the following:
Apache 2 w/ Tomcat Servlet Container
OpenSSL
PostgreSQL
SQUID_2.5_STABLE6
The installation is pretty standard with most aps under /usr/local:
Apache - /usr2/local/apache2 on kenshin.pctechnirvana.com (192.168.1.4)
Tomcat - /usr2/local/tomcat on kenshin.pctechnirvana.com
SSL Virtual Host on secure.pctechnirvana.com (192.168.1.5, aliased ip on kenshin)
SQUID - /usr/local/squid on server musashi.pctechnirvana.com ( 192.168.1.1)
The problem is that I can access the site on my intranet via http:.//kenshin.pctechnirvana.com but web clients are getting a Access Denied from SQUID when using
www.pctechnirvana.com ( my internet domain name).
I suspect that the error is actually coming from either Apache or Tomcat, however. I've configured the SQUID proxy to accelerate my kenshin ( web server). Relevant lines from squid.conf are:
---- squid,conf ---
http_port 80
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend to uncomment the following to protect innocent
# web applications running on the proxy server who think that the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost
acl accelHost dst 192.168.1.4/255.255.255.255
acl accelPort port 80
no_cache deny accelHost
http_access allow accelHost accelPort
http_access allow all
http_reply_access allow all
cache_effective_user squid
cache_effective_group squid
dns_nameservers 151.164.30.104 151.164.11.201
httpd_accel_host kenshin.pctechnirvana.com
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy on
-------------------------------------------------------
Squid is started as root and then changes it's owner and group to squid squidadm as specified in the users manual.
For Apache I've set the DocumentRoot to the default /usr2/local/apache2/htdocs for testing purposes. I need to see what user Apache is running as. From a ps --User nobody report I ran, I suspect that Apache is running as the nobody user, and Tomcat is running as root. I'm not really a Linux sysadmin type so can anyone tell me how I can find out for certain.
If you can't find anything wrong with the SQUID acls then I suspect that Apache or Tomcat is having trouble serving contents to internet users because of file system access priviledges. This is why I need to find out what user they are running as. I believe that the httpd.conf directives are OK, but I can supply the http.conf on subsequent posts if there is nothing wrong with the acls above.