Hello, everyone. I'm trying to set up a load balanced cluster of *normal* squid proxy servers (neither reverse, nor transparent). Balancing is done by ipvs controlled by ldirectord, ipip tunneling is used.
Most of pages load normally, but some (ex. gmail login, serverfault.com login with OpenID, several other sides with redirects) experience problems. When I try (for example) to log in to gmail, I enter login & password and after a while get just a blank page. At the same time, many sites, that use 301-redirects work OK (for example "http://yandex.ru"; redirects to "http://www.yandex.ru"; using 301-redirect). When working through any of the cluster nodes directly, no problems appear, so the issue is not in Squid itself. Added later: It seems, the problem is floating. Sometimes it doesn't allow log in, sometimes, log out, sometimes even doesn't load login page. I'm stuck... Suggestion that the problem is with balancing requests sent to different servers during login was incorrect. According to Squid' s access.log, all requests go to one server, leaving only one squid server in ipvs in the configuration doesn't solve the problem either. So, the question is what is wrong in my configuration? Any ideas on additional methods of troubleshooting? Could anyone send me a working configuration (and software versions) of cluster of similar type? Currently I'm using squid v. 3.1.7 (built from sources), kernel 2.6.32-xen (SLES 11 SP1 distro), ipvsadm 1.2.1 (built from sources), ldirectord v. 1.0.3 (also from sources). I also tried squid 2.7, gmail login worked, but Gtalk chat was not available. Here are some configs: ======= ldirectord.cf ======= ldirectord.cf: # Global Directives checktimeout=5 checkinterval=5 autoreload=no logfile="/var/log/ldirectord.log" quiescent=no cleanstop=yes # Virtual Server for HTTP_PROXY virtual=10.128.0.109:8080 fallback=127.0.0.1:80 real=10.128.1.43:8080 ipip 200 real=10.128.0.106:8080 ipip 300 service=http_proxy request="http://www.google.com/index.html"; receive="Google Search" scheduler=sh # persistent=60 protocol=tcp checktype=negotiate ======= EOF ldirectord.cf ======= ======= squid.conf ======= http_port 10.128.0.106:8080 # "real" IP of the node http_port 10.128.0.109:8080 # "Virtual" IP of the cluster on tunl0 interface http_port 127.0.0.1:8080 cache_mem 300 MB cache_dir ufs /opt/squid/var/cache 500 16 256 cache_effective_user squid cache_effective_group squid visible_hostname AQUA-node cachemgr_passwd SquidCM all access_log /opt/squid/var/logs/access.log logfile_rotate 5 # ICQ connect (experimental) acl ICQ_ADDR dst 64.12.0.0/16 205.188.0.0/16 acl ICQ_PORT port 5190 443 acl CONNECT method CONNECT acl ICQ_PROTO proto HTTPS acl ICQ_DOMAIN dstdomain .icq.com .aol.com .aim.com always_direct allow ICQ_DOMAIN ICQ_PORT CONNECT always_direct allow ICQ_ADDR ICQ_PORT CONNECT acl allnet_temp src 10.0.0.0/8 http_access allow allnet_temp http_access deny all ======= EOF squid.conf ======= Example: (loged in gmail, closing tab, changing proxy sennings in browser, opening gmail.com in new tab) (Url in browser: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue= <and so on>") ======= access.log ======= 1286531980.273 228 10.0.0.232 TCP_MISS/302 1069 GET http://mail.google.com/mail/ - DIRECT/74.125.79.83 text/html 1286531990.392 10101 10.0.0.232 TCP_MISS/200 133 CONNECT www.google.com:443 - DIRECT/74.125.87.104 - ======= EOF access.log ======= Another example: (loged out from gmail, cleared cache&cookies, switched proxy in browser, loged in gmail normally (chat not working), couldn' logout ("Please, wait" on screen), closed tab, trying to access gmail again, blank page) ======= access.log ======= 1286532375.042 108 10.0.0.232 TCP_MISS/302 1069 GET http://mail.google.com/mail/ - DIRECT/74.125.79.19 text/html ======= EOF access.log ======= If any additional information is needed, just let me know. P.S. Sorry for such a long letter. -- HUB _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
