And, just to confirm.. if I change public.server.fqdn to that my blog (macmule.com).. I can curl down a file from that via squid-cache fine:
curl -D - https://local.server.fqdn/AutoCasperNBI-AppCast.xml -o /dev/null % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0HTTP/1.1 200 OK Date: Fri, 12 Jul 2024 11:04:24 GMT Server: Apache Last-Modified: Sat, 04 May 2019 13:21:20 GMT ETag: "69d9d-75b7-5880fbe2c1400" Accept-Ranges: bytes Content-Length: 30135 Vary: Accept-Encoding Content-Type: application/xml Age: 21285 Cache-Status: local.server;hit;detail=match Via: 1.1 local.server (squid/6.6) Connection: keep-alive 100 30135 100 30135 0 0 96335 0 --:--:-- --:--:-- --:--:-- 96277 So the issue seems to be caching content that requires authentication, hence saying the issues seems to be what is stated at: https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication The question here is, can squid cache items that require authentication to access? Regards, Ben. From: Ben Toms <b...@macmule.com> Date: Friday, 12 July 2024 at 17:56 To: Alex Rousskov <rouss...@measurement-factory.com>, squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org> Subject: Re: [squid-users] TCP_MISS_ABORTED/502 So, with the below config: https_port 443 accel protocol=HTTPS tls-cert=/usr/local/squid/client.pem tls-key=/usr/local/squid/client.key cache_peer public.server.fqdn parent 443 0 no-query originserver no-digest no-netdb-exchange tls login=PASSTHRU name=myAccel forceddomain=public.server.fqdn acl our_sites dstdomain local.server.fqdn http_access allow our_sites cache_peer_access myAccel allow our_sites cache_peer_access myAccel deny all cache_dir ufs /usr/local/squid/var/cache 100000 16 256 cache_mem 500 MB maximum_object_size_in_memory 50000 KB refresh_pattern . 0 20% 4320 debug_options 11,2 I can see the below in /var/log/squid/cache.log ---------- 2024/07/12 16:49:57.056 kid1| 11,2| http.cc(1263) readReply: conn12 local=client.ip:56670 remote=public.ip.of.public.server:443 FIRSTUP_PARENT FD 14 flags=1: read failure: (0) No error. 2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(273) sendStartOfMessage: HTTP Client conn9 local=client.ip:443 remote=local.server.ip:59158 FD 13 flags=1 2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(274) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 502 Bad Gateway Server: squid/6.6 Mime-Version: 1.0 Date: Fri, 12 Jul 2024 16:49:57 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3629 X-Squid-Error: ERR_READ_ERROR 0 Vary: Accept-Language Content-Language: en Cache-Status: local.server;detail=mismatch Via: 1.1 local.server (squid/6.6) Connection: keep-alive ---------- The apache server still shows a 200 for the request: [12/Jul/2024:17:49:57 +0100] "GET /path/to/file HTTP/1.1" 200 10465 "-" "curl/8.7.1" And this is when testing via: curl -D - https://local.server.fqdn/path/to/file -H "Authorization: Basic base64auth" -o /dev/null Regards, Ben. From: Alex Rousskov <rouss...@measurement-factory.com> Date: Friday, 12 July 2024 at 17:36 To: Ben Toms <b...@macmule.com>, squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org> Subject: Re: [squid-users] TCP_MISS_ABORTED/502 On 2024-07-12 12:14, Ben Toms wrote: > Which log should those be found? cache.log (if they are present) > Can’t see “HTTP Server RESPONSE” in the access.log or cache.log. Sigh. This is one of the reasons I avoid asking folks to study logs themselves, even ALL,2 logs... If that line is not in cache.log, then child Squid probably did not receive a response from parent Squid, or could not parse that response. A full debugging log should give us more information. Alex. > *From: *squid-users <squid-users-boun...@lists.squid-cache.org> on > behalf of Alex Rousskov <rouss...@measurement-factory.com> > *Date: *Friday, 12 July 2024 at 17:11 > *To: *squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org> > *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502 > > On 2024-07-12 11:38, Ben Toms wrote: >> Think I made the changes Alex requested: >> >> 12/Jul/2024:15:36:31 +0000.640 local.server.ip TCP_MISS_ABORTED/502 3974 >> GET https://local.server.fqdn/path/to/file > <https://local.server.fqdn/path/to/file> - >> FIRSTUP_PARENT/public.ip.of.public.server text/html >> ERR_READ_ERROR/WITH_SERVER > > Thank you for using Squid v6 for this test. > > Unfortunately, due to Squid logging bugs, ERR_READ_ERROR/WITH_SERVER > does not always mean what it says. For example, parent Squid could have > closed the child-parent connection prematurely, but there could be other > reasons. A full debugging log should give us more information. > > >> 2024/07/12 14:57:08.678 kid1| 11,2| Stream.cc(274) sendStartOfMessage: >> HTTP Client REPLY: > > This is a child proxy response to the client. We need parent response to > the child proxy. Look for "HTTP Server RESPONSE" lines instead. > > > HTH, > > Alex. > > > >> --------- >> >> HTTP/1.1 502 Bad Gateway >> >> Server: squid/6.6 >> >> Mime-Version: 1.0 >> >> Date: Fri, 12 Jul 2024 14:57:08 GMT >> >> Content-Type: text/html;charset=utf-8 >> >> Content-Length: 3629 >> >> X-Squid-Error: ERR_READ_ERROR 0 >> >> Vary: Accept-Language >> >> Content-Language: en >> >> Cache-Status: squid.host;detail=mismatch >> >> Via: 1.1 squid.host (squid/6.6) >> >> Connection: keep-alive >> >> ---------- >> >> Regards, >> >> Ben. >> >> *From: *squid-users <squid-users-boun...@lists.squid-cache.org> on >> behalf of Amos Jeffries <squ...@treenet.co.nz> >> *Date: *Friday, 12 July 2024 at 15:22 >> *To: *squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org> >> *Subject: *Re: [squid-users] TCP_MISS_ABORTED/502 >> >> >> On 13/07/24 01:52, Alex Rousskov wrote: >>> On 2024-07-12 08:06, Ben Toms wrote: >>>> Seems that my issue is similar to - >>>> https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication >>>> >>>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication> >>>> >>>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication >>>> >>>> <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>> >>> >>> You are facing up to two problems: >>> >>> 1. Some authenticated responses are not cachable by Squid. Please share >>> HTTP headers of the response in question. >>> >> >> FYI, those can be obtained by configuring squid.conf with >> >> debug_options 11,2 >> >> >> Cheers >> Amos >> >> >>> 2. TCP_MISS_ABORTED/502 errors may delete a being-cached response. These >>> can be bogus errors (essentially Squid logging bugs) or real ones (e.g., >>> due to communication bugs, misconfiguration, or compatibility problems). >>> I recommend adding %err_code/%err_detail to your logformat and sharing >>> the corresponding access.log lines (obfuscated as needed). >>> >>> Sharing (privately if needed) a pointer to compressed ALL,9 cache.log >>> while reproducing the issue using a single transaction may help us >>> resolve all the unknowns: >>> >>> https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction >>> >>> <https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction> >>> >>> <https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction >>> >>> <https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction>> >>> >>> >>> HTH, >>> >>> Alex. >>> >>> >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> https://lists.squid-cache.org/listinfo/squid-users > <https://lists.squid-cache.org/listinfo/squid-users> >> <https://lists.squid-cache.org/listinfo/squid-users > <https://lists.squid-cache.org/listinfo/squid-users>> >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> https://lists.squid-cache.org/listinfo/squid-users > <https://lists.squid-cache.org/listinfo/squid-users> > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > https://lists.squid-cache.org/listinfo/squid-users > <https://lists.squid-cache.org/listinfo/squid-users> >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users