Re: [SLUG] squid reverse proxy almost working - but only ever hitting default site
Hi Martin, All, thanks. I realized that vhost was missing and put it in. squid still fails. internally the ip addresses are as follows... 10.1.2.249 www.pamphlets.org.au 10.1.2.250 www.icafe.com.au 10.1.2.252 squid.icafe.com.au If I have the config as below, I only ever get www.icafe.com.au from external no matter what url I put in. If I take out the three cache_peer lines I get nothing but the error from external... this request could not be forwarded to the origin server or to any parent caches... the pertinent config lines below... (ie changes from default squid version 3.0) http_port 80 accel defaultsite=www.icafe.com.au vhost cache_peer 10.1.2.250 parent 80 0 no-query originserver name=myAccel acl our_sites dstdomain www.icafe.com.au www.pamphlets.org.au *.pamphlets.org.au *.icafe.com.au http_access allow our_sites cache_peer_access myAccel allow our_sites cache_peer_access myAccel deny all I only have one squid box called squid. icafe and pamphlets are only http servers. Why does the below line cache_peer 10.1.2.250 parent 80 0 no-query originserver name=myAccel correctly only return the www.icafe.com.au site? It is not a cache parent. any ideas anyone? Thanks. Ben Another idea is to setup apache to reverse proxy by port number... Anyone done this? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] squid reverse proxy almost working - but only ever hitting default site
Hi Martin, just a straight copy and paste of your suggestion into a new default squid.conf file under the following line... #INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS acl our_sites dstdomain www.icafe.com.au www.pamphlets.org.au *.pamphlets.org.au *.icafe.com.au acl icafe dstdomain www.icafe.com.au *.icafe.com.au acl pamphlets dstdomain www.pamphlets.org.au *.pamphlets.org.au http_access allow our_sites cache_peer_access icafe_peer allow icafe cache_peer_access pamphlets_peer allow pamphlets http_port 80 accel defaultsite=www.icafe.com.au vhost cache_peer 10.1.2.250 parent 80 0 no-query originserver name=icafe_peer cache_peer 10.1.2.249 parent 80 0 no-query originserver name=pamphlets_peer when starting squid I get this... 2009/08/27 11:08:34| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2009/08/27 11:08:34| squid.conf, line 648: No cache_peer 'icafe_peer' 2009/08/27 11:08:34| squid.conf, line 649: No cache_peer 'pamphlets_peer' 2009/08/27 11:08:34| Initializing https proxy context Starting squid: . [ OK ] cache.log 2009/08/27 11:14:15| temporary disabling (Not Found) digest from 10.1.2.250 2009/08/27 11:15:15| temporary disabling (Not Found) digest from 10.1.2.249 when I browse the sites from external (i've updated the sites so that there is a slight change on each) www.icafe.com.au gives the correct updated site after a shift-reload of the browser www.pamphlets.org.au gives a very old www.icafe.com.au site even after deleting and clearing the browser. I'm trying to figure where it is getting this old version from. What does no cache_peer mean here? Thanks Ben. Martin Barry wrote: $quoted_author = Ben Donohue ; http_port 80 accel defaultsite=www.icafe.com.au vhost cache_peer 10.1.2.250 parent 80 0 no-query originserver name=myAccel acl our_sites dstdomain www.icafe.com.au www.pamphlets.org.au *.pamphlets.org.au *.icafe.com.au http_access allow our_sites cache_peer_access myAccel allow our_sites cache_peer_access myAccel deny all Can you try this? acl our_sites dstdomain www.icafe.com.au www.pamphlets.org.au *.pamphlets.org.au *.icafe.com.au acl icafe dstdomain www.icafe.com.au *.icafe.com.au acl pamphlets dstdomain www.pamphlets.org.au *.pamphlets.org.au http_access allow our_sites cache_peer_access icafe_peer allow icafe cache_peer_access pamphlets_peer allow pamphlets http_port 80 accel defaultsite=www.icafe.com.au vhost cache_peer 10.1.2.250 parent 80 0 no-query originserver name=icafe_peer cache_peer 10.1.2.249 parent 80 0 no-query originserver name=pamphlets_peer cheers Marty -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] squid reverse proxy almost working - but only ever hitting default site
Hi Martin, Mate you are a genius! All working now. I just moved the lines as you suggested. Nothing else and both sites working. I'm going to run up a third site and add it in to the mix. Then carefully doco how this is done. I definitely owe you at least a beer. Thanks again. Ben Martin Barry wrote: $quoted_author = Ben Donohue ; 2009/08/27 11:08:34| squid.conf, line 648: No cache_peer 'icafe_peer' 2009/08/27 11:08:34| squid.conf, line 649: No cache_peer 'pamphlets_peer' Ah, I think you need to move the cache_peer lines above the cache_peer_access ones. www.pamphlets.org.au gives a very old www.icafe.com.au site even after deleting and clearing the browser. I'm trying to figure where it is getting this old version from. Check using tcpdump that requests for www.pamphlets.org.au are going to the .249 server? Check how things are being handled on the .249 server? Logs? Config? cheers Martin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] squid reverse proxy almost working - but only ever hitting default site
Hi all, Just to get squid reverse proxy 2.6 working with two sites for now... it seems to be working in that the access.log is registering hits but only for the default site. Default site is www.icafe.com.au other site is www.pamphlets.org.au If I bypass squid, I can port forward port 80 to both sites ok. DNS is working ok to both sites both internally and externally. So the problem must be with the squid config. The firewall is port forwarding port 80 to port 3128 on squid. Below is the squid.conf changes from default, # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS http_port 3128 accel defaultsite=www.icafe.com.au cache_peer 10.1.2.250 parent 80 0 no-query originserver name=myAccel acl our_sites dstdomain .*.icafe.com.au .*.pamphlets.org.au www.icafe.com.au www.pamphlets.org.au http_access allow our_sites cache_peer_access myAccel allow our_sites cache_peer_access myAccel deny all Below is cache.log after a shutdown and restart of squid 2009/08/26 10:22:54| Preparing for shutdown after 0 requests 2009/08/26 10:22:54| Waiting 30 seconds for active connections to finish 2009/08/26 10:22:54| FD 13 Closing HTTP connection 2009/08/26 10:22:54| Shutting down... 2009/08/26 10:22:54| FD 14 Closing ICP connection 2009/08/26 10:22:54| Closing unlinkd pipe on FD 11 2009/08/26 10:22:54| storeDirWriteCleanLogs: Starting... 2009/08/26 10:22:54| Finished. Wrote 1 entries. 2009/08/26 10:22:54| Took 0.0 seconds ( 961.5 entries/sec). CPU Usage: 0.086 seconds = 0.047 user + 0.039 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena:2508 KB Ordinary blocks: 2413 KB 4 blks Small blocks: 0 KB 5 blks Holding blocks: 244 KB 1 blks Free Small blocks: 0 KB Free Ordinary blocks: 94 KB Total in use:2657 KB 97% Total free:94 KB 3% 2009/08/26 10:22:54| Squid Cache (Version 2.6.STABLE21): Exiting normally. 2009/08/26 10:22:56| Starting Squid Cache version 2.6.STABLE21 for i686-redhat-linux-gnu... 2009/08/26 10:22:56| Process ID 24377 2009/08/26 10:22:56| With 1024 file descriptors available 2009/08/26 10:22:56| Using epoll for the IO loop 2009/08/26 10:22:56| DNS Socket created at 0.0.0.0, port 38979, FD 6 2009/08/26 10:22:56| Adding domain icafe.com.au from /etc/resolv.conf 2009/08/26 10:22:56| Adding nameserver 10.1.2.247 from /etc/resolv.conf 2009/08/26 10:22:56| Adding nameserver 10.1.2.253 from /etc/resolv.conf 2009/08/26 10:22:56| Adding nameserver 172.16.1.1 from /etc/resolv.conf 2009/08/26 10:22:56| Adding nameserver 203.12.160.35 from /etc/resolv.conf 2009/08/26 10:22:56| Adding nameserver 203.12.160.36 from /etc/resolv.conf 2009/08/26 10:22:56| User-Agent logging is disabled. 2009/08/26 10:22:56| Referer logging is disabled. 2009/08/26 10:22:56| Unlinkd pipe opened on FD 11 2009/08/26 10:22:56| Swap maxSize 102400 + 8192 KB, estimated 0 objects 2009/08/26 10:22:56| Target number of buckets: 425 2009/08/26 10:22:56| Using 8192 Store buckets 2009/08/26 10:22:56| Max Mem size: 8192 KB 2009/08/26 10:22:56| Max Swap size: 102400 KB 2009/08/26 10:22:56| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2009/08/26 10:22:56| Rebuilding storage in /var/spool/squid (CLEAN) 2009/08/26 10:22:56| Using Least Load store dir selection 2009/08/26 10:22:56| Set Current Directory to /var/spool/squid 2009/08/26 10:22:56| Loaded Icons. 2009/08/26 10:22:57| Accepting accelerated HTTP connections at 0.0.0.0, port 3128, FD 13. 2009/08/26 10:22:57| Accepting ICP messages at 0.0.0.0, port 3130, FD 14. 2009/08/26 10:22:57| WCCP Disabled. 2009/08/26 10:22:57| Configuring Parent 10.1.2.250/80/0 2009/08/26 10:22:57| Ready to serve requests. 2009/08/26 10:22:57| Done reading /var/spool/squid swaplog (1 entries) 2009/08/26 10:22:57| Finished rebuilding storage from disk. 2009/08/26 10:22:57| 1 Entries scanned 2009/08/26 10:22:57| 0 Invalid entries. 2009/08/26 10:22:57| 0 With invalid flags. 2009/08/26 10:22:57| 1 Objects loaded. 2009/08/26 10:22:57| 0 Objects expired. 2009/08/26 10:22:57| 0 Objects cancelled. 2009/08/26 10:22:57| 0 Duplicate URLs purged. 2009/08/26 10:22:57| 0 Swapfile clashes avoided. 2009/08/26 10:22:57| Took 0.3 seconds ( 3.2 objects/sec). 2009/08/26 10:22:57| Beginning Validation Procedure 2009/08/26 10:22:57| Completed Validation Procedure 2009/08/26 10:22:57| Validated 1 Entries 2009/08/26 10:22:57| store_swap_size = 4k 2009/08/26 10:22:57| storeLateRelease: released 0 objects access.log after restart and trying from external for www.icafe.com.au 1251246323.410 55 172.16.1.1 TCP_REFRESH_MISS/200 1401 GET http://www.icafe.com.au/ - FIRST_UP_PARENT/myAccel text/html access.log after restart and trying from external for www.pamphlets.org.au 1251246531.510 21 172.16.1.1
