[squid-users] Re: not getting persistent connections to an ssl backend

From: rob yates <robertyates_at_gmail.com>
Date: Mon, 5 Dec 2011 09:14:40 -0500

Sorry for the bump, could someone let me know if this is supported? If
it's not supported I'll need to look at something other than squid and
am far enough along that I would rather not,

Thanks,

Rob

On Fri, Dec 2, 2011 at 11:48 AM, rob yates <robertyates_at_gmail.com> wrote:
> Hello,
>
> we are trying to set squid up as an SSL reverse proxy in front of SSL.
>  The flow is browser -> ssl -> squid -> ssl -> application.
>
> When we do this we're not seeing persistent connections being used for
> the backend connection.  It appears that squid is starting a new SSL
> connection for every request vs. keeping one open and using it for
> other browser requests.
>
> Is there a way of getting squid configured to maintain and reuse the
> persistent connection for different browser requests, we'd ideally
> like it to maintain the connection for 5 mins.  We're running on squid
> 2.6 and the pertinent bit of squid.conf is below, we're using the
> defaults for everything else.
>
> We're using tcpdump to see that the connection keeps getting
> terminated and reopened with every request.
>
> I am happy to upgrade if that is what is needed.
>
> We have changed the pconn_timeout setting but it has no effect.
>
> Certainly appreciate any help,
>
> Thanks,
>
> Rob
>
> https_port 9.32.153.229:443 cert=/etc/pki/tls/certs/www.
> daily2.crt key=/etc/pki/tls/private/daily2.key accel
> defaultsite=www.daily2.com vhost
> https_port 9.32.153.230:443 cert=/etc/pki/tls/certs/apps.daily2.crt
> key=/etc/pki/tls/private/daily2.key accel defaultsite=apps.daily2.com
> vhost
>
> cache_peer 9.32.154.106 parent 443 0 no-query originserver ssl
> sslflags=DONT_VERIFY_PEER name=f5www login=PASS
> cache_peer 9.32.154.93 parent 443 0 no-query originserver ssl
> sslflags=DONT_VERIFY_PEER name=f5apps login=PASS
>
> acl engage_sites dstdomain www.daily2.com
> http_access allow engage_sites
> cache_peer_access f5www allow engage_sites
>
> acl engage_sites dstdomain apps.daily2.com
> http_access allow engage_sites
> cache_peer_access f5apps allow engage_sites
Received on Mon Dec 05 2011 - 14:14:47 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 06 2011 - 12:00:03 MST