Jon Drukman wrote:
I am trying to get Squid3 working in accelerator mode but I'm running
into some beginner mistakes, clearly.
Can someone provide me a minimal config file that would accelerate a
single site, always force requests to have that site in the Host: header
sent to the origin, and obey the Cache-Control: max-age=xxx header
coming back from the origin? Here's what I've got:
http_port 80 accel defaultsite=mysite.com vhost
http_access allow all
icp_port 0
redirect_rewrites_host_header off
cache_peer mysite.com parent 80 0 no-query originserver name=mysite.com
forceddomain=mysite.com
Here you go:
# Listen on port 80,
http_port 80 accel defaultsite=mysite.com vhost
# actual data source is 1.2.3.4
# (IP or domain MUST NOT resolve to squid IP)
cache_peer 1.2.3.4 parent 80 0 no-query originserver name=mySitePeer
# only accept requests for "mysite.com" or "www.mysite.com"
acl mySites dstdomain mysite.com www.mysite.com
cache_peer_access mySitePeer allow mySites
http_access allow mySites
# stop random people abusing me with spam traffic.
allow_direct deny all
http_access deny all
The important bits are that:
- the peer domain or IP does not loop back at squid, or your traffic
dies going in circles.
- the peer name= is unique so it does not get you confused elsewhere
in the config.
- always_direct blocks any kind of traffic going to generally unknown
places.
Other than that, you could use the cache_peer_domain option instead of
cache_peer_access if the domains are few and well known.
But with the paired http_access + cache_peer_access you can setup any
kind of request ACL you like to restrict people to your site.
If I access the cache at it's IP address (http://10.0.2.19/) it does not
send the Host: mysite.com header back to the origin. If I use curl to
inject a Host: header into the request, it does work. I want it to
always inject that Host: header if it's missing.
It should be doing it. Try with the fixed config above. If you still see
no Host: I'll have a closer look at the code.
Right now, the responses from the origin are coming back with the
following headers:
HTTP/1.1 200 OK
Date: Wed, 09 Apr 2008 18:09:24 GMT
Server: Apache/2.2.3 (Unix) PHP/5.2.5
X-Powered-By: PHP/5.2.5
Cache-Control: max-age=15, must-revalidate
Content-Type: text/html; charset=UTF-8
Squid is not obeying the Cache-Control though. It always contacts the
origin on every request.
It should be.
"must-revalidate" means contact the origin and check for new data. Try
just max-age alone.
And check that your server and squid machines are synced properly for
time. If they are out by 15sec that could cause this behavior.
Squid Cache: Version 3.0.STABLE4 on Ubuntu 7.10
-jsd-
Thank you for choosing Squid3.
Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4
