Still doesn't work but I think to know why
IP of my Squid proxy-cache server is 10.2.0.180 (where the configuration goes)
We will never use this server as a proxy going outbound
# for the datacenter to use as regular proxy
http_port 3128 ##should I take this out?
Cache_peer 10.2.0.140 no-query name=imgserver-> 10.2.0.140 is the IP of the webserver I am getting the images from, just to make sure you know
Acl imgdomain dstdomain <your-images-server-domain> -->that will be the 10.2.0.140 server, I cannot use domain name since there is no DNS resolution on the test network
Then add the rest of your lines
http_port 80 accel vhost
cache_peer 10.2.0.140 80 0 no-query name=imgserver
acl imgdomains dstdomain <your-images-server-domain>
cache_peer_access imgserver allow imgdomains
cache_peer_access imgserver deny all
http_access allow imgdomains
and this
Acl mylan src 127.0.0.1
http_reply_access allow mylan
http_reply_access allow all
Thanks for all your help
-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Thursday, September 18, 2008 12:46 AM
To: Gustavo Lazarte
Cc: Amos Jeffries;squid-users_at_squid-cache.org
Subject: RE: [squid-users] Fedora
> What I had in the 2.4 version was a Cache-image server. The load balancer
> will receive request from clients and send the image request to the
> Squid-cache server and content to the webserver. So this unit will be set
> up in a datacenter to help unload some of the incoming traffic. The
> Squid-cache server should receive the port 80- traffic and then request
> the images from a webserver
> And keep them for future request. Right now it looks like the squid server
> does not even receive port 80 traffic. I look that I need to enable
> something the config
>
Ah that explains some of the issues. Put this config at the top of your
squid.conf (with <your-images-server-domain> changed to the domain name
being requested for the images):
# for the datacenter to use as regular proxy
http_port 3128
# for the image server reverse-proxy
http_port 80 accel vhost
cache_peer 10.2.0.140 80 0 no-query name=imgserver
acl imgdomains dstdomain <your-images-server-domain>
cache_peer_access imgserver allow imgdomains
cache_peer_access imgserver deny all
http_access allow imgdomains
# other acl and access controls for normal use go down here.
That will let squid process the different modes properly. 2.6+ can have
multiple ports of different types running no problem.
The datacenter requests (and any attacks on port 80) will be handled
normally through your other security settings. But the requests for stuff
on the images domain names will be passed to the real web server where
they come from.
Amos
>
> Thanks
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Tuesday, September 16, 2008 9:04 PM
> To: Gustavo Lazarte
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Fedora
>
> Gustavo Lazarte wrote:
>> The service is up but is not getting any content from the destination
>> server. Is there a line I need to change to make it forward traffic to
>> my target server?
>>
>
> What type of proxy are you trying to setup?
> Your config is for a standard proxy.
>
> Amos
>
>> Thanks
>>
>>
>> -----Original Message-----
>> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
>> Sent: Tuesday, September 16, 2008 7:38 AM
>> To: Gustavo Lazarte
>> Cc: squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] Fedora
>>
>> Gustavo Lazarte wrote:
>>> I upgraded and now when I am trying to use my squid server to send
>>> traffic to the site 10.2.0.140 the squid server IP is 10.2.0.150.
>>>
>>> I also get the Warning cannot write the log file Permission denied.
>>>
>>> Then I try the /usr/local/squid/sbin/squid I get cannot write cache.log
>>> Permission denied. I use the user nobody for
>>> cache_effective_user
>>
>> Ah, well, you need to set read+write permission on the log file
>> directory squid is trying to use and the logs inside it.
>>
>>> /usr/local/squid/sbin/squid -z runs correctly
>>>
>>
>> Thats good. At least the storage area won't have more of these problems
>> when squid does start.
>>
>> Amos
>>
>>> Thanks
>>>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
>>> Sent: Saturday, September 13, 2008 11:39 AM
>>> To: Gustavo Lazarte
>>> Cc: squid-users_at_squid-cache.org
>>> Subject: Re: [squid-users] Fedora
>>>
>>> Gustavo Lazarte wrote:
>>>> I got the service working. Now my old configuration from version 2.4
>>>> is not working on 3.0 Stable 2.
>>> Please do not use 3.0.stable2 under any circumstances. It does not
>>> perform authentication in any meaningful manner.
>>>
>>> For you should use something 3.0.stable7+
>>>
>>> 3.0.stable9 is just out with the most current stability fixes..
>>>
>>>> In theory the traffic was coming from a load balancer and hit the
>>>> Proxy server. The proxy server then will request 10.2.0.140 for the
>>>> content.
>>>>
>>>> When I try to start the service with my old configuration is having
>>>> problems with the following lines, is the syntax different?
>>>>
>>>> acl all src 0.0.0.0/0.0.0.0 ***warning***
>>>> | acl manager proto cache_object
>>>> | acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst
>>>> | 127.0.0.0/8 acl ssl_ports ports 443 563 acl safe_port port 80 acl
>>>> | safe_port ....
>>>> | acl connect method connect
>>>> | acl mylan src 127.0.0.1 ***Fatal Error***
>>>> | acl mysites 10.2.0.140 *** Fatal Error***
>>>> |
>>>> | http_access allow manager localhost
>>>> | http_access deny manager
>>>> | http_access deny !safe_port
>>>> | http_access deny to_localhost
>>>> | http_access allow mysites
>>>> | http_access deny all
>>>> |
>>>> | http_reply_access allow MYLAN ***Fatal Error***
>>>> | http_reply_access allow all
>>>>
>>>> Even with the default config I am not able to telnet to port 80 on the
>>>> squid server.
>>> Correct. If squid cannot read it's config it wont be able to start
>>> operating.
>>>
>>> Use a newer version, and please indicate what the warning messages are.
>>> My informed guess is listed below
>>>
>>> acl all src ...
>>> ** fully built-in now. no need to specify.
>>>
>>> acl mylan src 127.0.0.1
>>> ** weird, check that line for extra text or invisible binary
>>> characters. same for the other src one.
>>>
>>> http_reply_access allow MYLAN
>>> http_reply_access allow all
>>>
>>> ** earlier failure of src ACL above may cause this
>>> ** only the allow all is needed.
>>>
>>> Amos
>>>
>>>
>>
>>
>
>
> --
> Please use Squid 2.7.STABLE4 or 3.0.STABLE9
>
>
>
Received on Thu Sep 18 2008 - 19:56:39 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 19 2008 - 12:00:02 MDT