Re: [squid-users] Fwd: Re: HTTP 503 error in squid proxy server

2015-11-08 Thread Amos Jeffries 
On 8/11/2015 2:28 p.m., 聡司蛭田 wrote:
> 
> communication flow is the following.
> 
> Squid Proxy -> IGW ->IGW->ELB-> Server(EC2)
> 

Ah. Okay then you can ignore my message about loops. I had misread your
description as meaning the ELB sent to Squid, not in front of some other
server.

The thing to find out then is why the Squid machine cannot open direct
TCP connections to port 443 on the ELB.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Fwd: Re: HTTP 503 error in squid proxy server

2015-11-07 Thread Amos Jeffries 
>>> On Saturday 07 November 2015 at 09:30:04, 聡司蛭田 wrote:
 Dear

 I have question about HTTPS communication through Squid Proxy Server.

 HTTP 503 error frequency occurs.
 10.xx.xx.xx - - [01/Nov/2015:03:44:33 +0900] "CONNECT
>>> ..xxx.io:443
 HTTP/1.1" 503 0 "-" "Javaa/1.7.0_71" TCP_MISS:DIRECT
 ..xxx.io:443 is ELB (Internet-Facing Load Balancer) DNS name.
>>>

Hold up.

Squid is being instructed to open a TCP connection from itself to
..xxx.io and deliver the contents that follow the CONNECT
message there.


If ..xxx.io is the ELB, what do you expect will happen when
Squid obeys?

The short answer is "Forwarding Loop", eventually the cycle of
ELB->Squid->ELB->Squid ... ends up going through one of the Squid it has
already passed through which kills the loop with a 503.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Fwd: Re: HTTP 503 error in squid proxy server

2015-11-07 Thread Antony Stone 
This reply came to my private address.

Forwarding to the list.

--  Forwarded Message Starts  --

Subject: Re: [squid-users] HTTP 503 error in squid proxy server
Date: Saturday 07 November 2015 10:43:14
From: 聡司蛭田 
To: Antony Stone >

Dear

Thank you for reply.

Squid version is squid-3.1.16-22.

> On Saturday 07 November 2015 at 09:30:04, 聡司蛭田 wrote:
>
> > Dear
> >
> > I have question about HTTPS communication through Squid Proxy Server.
> >
> > HTTP 503 error frequency occurs.
>
> Does it also occur if you point your browser directly at the site, not via
> Squid?

No browser. client Java Application communicate other site by using HTTPS
protcol  through squid proxy server.

> > 10.xx.xx.xx - - [01/Nov/2015:03:44:33 +0900] "CONNECT
> ..xxx.io:443
> > HTTP/1.1" 503 0 "-" "Javaa/1.7.0_71" TCP_MISS:DIRECT
> >
> > ..xxx.io:443 is ELB (Internet-Facing Load Balancer) DNS name.
>
> Do you have access to that machine, to see what its logs show about the
> incoming requests, and the responses it generates?
>
> > Squid cache is disable.
>
> So, what are you using it for?
>
> > My addition squid config is the following.
> >
> > visible_hostname unknown
> > strip_query_terms off
> > acl NOCACHE src all
> > cache deny NOCACHE
>
> Please show all of your squid.conf, omitting comments and blank lines.

My squid config file is attached.

> > What could be considered the cause?
>
> Temporary failure on the content server?

Yes. temporary failure.

--  Forwarded Message Ends  --



squid.conf
Description: Binary data
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Fwd: Re: HTTP 503 error in squid proxy server

2015-11-07 Thread Antony Stone 
On Saturday 07 November 2015 at 12:48:09, Antony Stone wrote:

> This reply came to my private address.
> 
> Forwarding to the list.
> 
> --  Forwarded Message Starts  --
> 
> Subject: Re: [squid-users] HTTP 503 error in squid proxy server
> Date: Saturday 07 November 2015 10:43:14
> From: 聡司蛭田 
> To: Antony Stone >
> 
> Dear
> 
> Thank you for reply.
> 
> Squid version is squid-3.1.16-22.
> 
> > On Saturday 07 November 2015 at 09:30:04, 聡司蛭田 wrote:
> > > Dear
> > > 
> > > I have question about HTTPS communication through Squid Proxy Server.
> > > 
> > > HTTP 503 error frequency occurs.
> > 
> > Does it also occur if you point your browser directly at the site, not
> > via Squid?
> 
> No browser. client Java Application communicate other site by using HTTPS
> protcol  through squid proxy server.

Okay, let me re-phrase my question then:

Do you get the same intermittent problems if you tell the client java 
Application to connect to the site directly without using Squid?

> > > 10.xx.xx.xx - - [01/Nov/2015:03:44:33 +0900] "CONNECT
> > ..xxx.io:443
> > > HTTP/1.1" 503 0 "-" "Javaa/1.7.0_71" TCP_MISS:DIRECT
> > > ..xxx.io:443 is ELB (Internet-Facing Load Balancer) DNS name.
> > 
> > Do you have access to that machine, to see what its logs show about the
> > incoming requests, and the responses it generates?

What is the answer to the above question?

> > > Squid cache is disable.
> > 
> > So, what are you using it for?

?

> > > My addition squid config is the following.
> > > 
> > > visible_hostname unknown
> > > strip_query_terms off
> > > acl NOCACHE src all
> > > cache deny NOCACHE
> > 
> > Please show all of your squid.conf, omitting comments and blank lines.
> 
> My squid config file is attached.
> 
> > > What could be considered the cause?
> > 
> > Temporary failure on the content server?
> 
> Yes. temporary failure.

No, I meant that there could genuinely be a temporary failure on the content 
server, which results in the HTTP/503 error.  Nothing Squid can do about that 
(especially since you're not using it in caching mode - what are you using it 
for?)

> --  Forwarded Message Ends  --

Please send all replies to the list.


Regards,


Antony.

-- 
Software development can be quick, high quality, or low cost.

The customer gets to pick any two out of three.

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users