Run Squid as a reverse caching proxy on port 80 and proxy the requests

experimental/webtry/DESIGN.md

 Design
 ======
 
 
 Overview
 --------
 Allows trying out Skia code in the browser.
 
 
 Security
@@ skipping 14 matching lines @@
 for example runtime is limited to 5s of CPU.
 
 User submitted code is also restricted in the following ways:
   * Limited to 10K of code total.
   * No preprocessor use is allowed (no lines can begin with #includes).
 
 
 Architecture
 ------------
 
-
 The server runs on GCE, and consists of a Go Web Server that calls out to the
 c++ compiler and executes code in a chroot jail. See the diagram below:
 
     +–––––––––––––+
     |             |
     |  Browser    |
     |             |
     +––––––+––––––+
            |
     +––––––+––––––+
@@ skipping 150 matching lines @@
     gcutil  --project=google.com:skia-buildbots   setinstancemetadata skia-webtry-b --metadata=password:'[mysql client webtry password]' --fingerprint=[some fingerprint]
 
 To retrieve the password from the running instance just GET the right URL from
 the metadata server:
 
     curl "http://metadata/computeMetadata/v1/instance/attributes/password" -H "X-Google-Metadata-Request: True"
 
 N.B. If you need to change the MySQL password that webtry uses, you must change
 it both in MySQL and the value stored in the metadata server.
 
+Squid
+-----
+
+Squid is configured to run on port 80 and run as an accelerator for the actual
+Go program which is running on port 8000. The config for the squid proxy is
+held in sys/webtry_squid, which is copied into place during installation and
+squid is kept running via monit.
+
 Workspaces
 ----------
 
 Workspaces are implemented by the workspace and workspacetry tables. The
 workspace table keeps the unique list of all workspaces. The workspacetry table
 keeps track of all the tries that have occured in a workspace. Right now the
 hidden column of workspacetry is not used, it's for future functionality.
 
 Installation
 ------------
 See the README file.