Hey,
I am trying to establish a caching squid proxy - 5.5 openssl - ( to be used
with our CI/CD system and cache npm modules (we configure http_proxy in our npm
configuration).
I've created a configuration with ssl bump-ing and aggressive npm module
caching. When a client starts fetching the modules through proxy, everything
works fine however quite soon the connections start stalling and all end up
timeouting.
The logs show that clients did issue a CONNECT, however the connections are
stuck (and eventually timeout) and netstat is showing exactly 10 connections in
SYN_SENT state towards npm registry. I am kinda puzzled, where this number
comes from.
I am wondering whether npm registry starts throttling me or I am hitting some
networking issue or squid misconfiguration.
Does anyone has any idea what could be the issue? (or if someone is using squid
for npm module caching, are you willing to share your working squid.conf ;))?
Big thank you in advance, br, Jernej
The "relevant" parts of my configurations are:
acl intermediate_fetching transaction_initiator certificate-fetching
http_access allow intermediate_fetching
http_port 80 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=20MB
tls-cert=/etc/squid/certs/squid-self-signed.crt
tls-key=/etc/squid/certs/squid-self-signed.key
cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS
options=NO_TLSv1,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
tls-dh=prime256v1:/etc/squid/certs/squid-self-signed_dhparam.pem
disable-pmtu-discovery=transparent
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/spool/squid/ssl_db
-M 20MB
sslcrtd_children 8
ssl_bump server-first all
sslproxy_cert_error deny all
forwarded_for delete
via off
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
# dns
positive_dns_ttl 31 seconds
negative_dns_ttl 30 seconds
httpd_suppress_version_string on
connect_timeout 10 seconds
squid -v: https://pastebin.com/KRywK3rN <https://pastebin.com/KRywK3rN>
Full config: https://pastebin.com/xsgS5J38 <https://pastebin.com/xsgS5J38>
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
