Re: Fedora

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

Gustavo Lazarte wrote:
> Still doesn't work but I think to know why
>
> IP of my Squid proxy-cache server is 10.2.0.180 (where the configuration goes)
> We will never use this server as a proxy going outbound
>
>   # for the datacenter to use as regular proxy
>   http_port 3128 ##should I take this out?

maybe, that was only three for the datacenter you said wanted to use it 
as a regular proxy.

> Cache_peer 10.2.0.140 no-query name=imgserver-> 10.2.0.140 is the IP of the webserver I am getting the images from, just to make sure you know

Yes.


> Acl imgdomain dstdomain <your-images-server-domain> -->that will be the 10.2.0.140 server, I cannot use domain name since there is no DNS resolution on the test network

Okay, dstdomain is a text match. against whatever the URL and Host: 
header contains in requests.

Sounds like you need it to be "10.2.0.140" to test with:
  http://10.2.0.140/my-image.gif

or set:
  http_port ... defaultsite=<images-serverdomain-name>


> Then add the rest of your lines 
> http_port 80 accel vhost 
> cache_peer 10.2.0.140 80 0 no-query name=imgserver
>   acl imgdomains dstdomain <your-images-server-domain>
>   cache_peer_access imgserver allow imgdomains
>   cache_peer_access imgserver deny all
>   http_access allow imgdomains
>
> and this
>
> Acl mylan src 127.0.0.1
> http_reply_access allow mylan
> http_reply_access allow all
>
>
> Thanks for all your help 
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
> Sent: Thursday, September 18, 2008 12:46 AM
> To: Gustavo Lazarte
> Cc: Amos Jeffries;squid-users@xxxxxxxxxxxxxxx
> Subject: RE:  Fedora
>
> > What I had in the 2.4 version was a Cache-image server. The load balancer
> > will receive request from clients and send the image request to the
> > Squid-cache server and content to the webserver. So this unit will be set
> > up in a datacenter to help unload some of the incoming traffic. The
> > Squid-cache server should receive the port 80- traffic and then request
> > the images from a webserver
> > And keep them for future request. Right now it looks like the squid server
> > does not even receive port 80 traffic. I look that I need to enable
> > something the config
>
> Ah that explains some of the issues. Put this config at the top of your
> squid.conf (with <your-images-server-domain> changed to the domain name
> being requested for the images):
>
>   # for the datacenter to use as regular proxy
>   http_port 3128
>
>   # for the image server reverse-proxy
>   http_port 80 accel vhost
>   cache_peer 10.2.0.140 80 0 no-query name=imgserver
>   acl imgdomains dstdomain <your-images-server-domain>
>   cache_peer_access imgserver allow imgdomains
>   cache_peer_access imgserver deny all
>   http_access allow imgdomains
>
>   # other acl and access controls for normal use go down here.
>
>
> That will let squid process the different modes properly. 2.6+ can have
> multiple ports of different types running no problem.
>
> The datacenter requests (and any attacks on port 80) will be handled
> normally through your other security settings. But the requests for stuff
> on the images domain names will be passed to the real web server where
> they come from.
>
> Amos
>
> > Thanks
> >
> > -----Original Message-----
> > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
> > Sent: Tuesday, September 16, 2008 9:04 PM
> > To: Gustavo Lazarte
> > Cc: squid-users@xxxxxxxxxxxxxxx
> > Subject: Re:  Fedora
> >
> > Gustavo Lazarte wrote:
> > > The service is up but is not getting any content from the destination
> > > server. Is there a line I need to change to make it forward traffic to
> > > my target server?
> > What type of proxy are you trying to setup?
> > Your config is for a standard proxy.
> >
> > Amos
> >
> > > Thanks
> > >
> > >
> > > -----Original Message-----
> > > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
> > > Sent: Tuesday, September 16, 2008 7:38 AM
> > > To: Gustavo Lazarte
> > > Cc: squid-users@xxxxxxxxxxxxxxx
> > > Subject: Re:  Fedora
> > >
> > > Gustavo Lazarte wrote:
> > > > I upgraded and now when I am trying to use my squid server to send
> > > > traffic to the site 10.2.0.140 the squid server IP is 10.2.0.150.
> > > >
> > > > I also get the Warning cannot write the log file Permission denied.
> > > >
> > > > Then I try the /usr/local/squid/sbin/squid I get cannot write cache.log
> > > > Permission denied. I use the user nobody for
> > > > cache_effective_user
> > > Ah, well, you need to set read+write permission on the log file
> > > directory squid is trying to use and the logs inside it.
> > >
> > > > /usr/local/squid/sbin/squid -z runs correctly
> > > Thats good. At least the storage area won't have more of these problems
> > > when squid does start.
> > >
> > > Amos
> > >
> > > > Thanks
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
> > > > Sent: Saturday, September 13, 2008 11:39 AM
> > > > To: Gustavo Lazarte
> > > > Cc: squid-users@xxxxxxxxxxxxxxx
> > > > Subject: Re:  Fedora
> > > >
> > > > Gustavo Lazarte wrote:
> > > > > I got the service working. Now my old configuration from version 2.4
> > > > > is not working on 3.0 Stable 2.
> > > > Please do not use 3.0.stable2 under any circumstances. It does not
> > > > perform authentication in any meaningful manner.
> > > >
> > > > For you should use something 3.0.stable7+
> > > >
> > > > 3.0.stable9 is just out with the most current stability fixes..
> > > >
> > > > > In theory the traffic was coming from a load balancer and hit the
> > > > > Proxy server. The proxy server then will request 10.2.0.140 for the
> > > > > content.
> > > > >
> > > > > When I try to start the service with my old configuration is having
> > > > > problems with the following lines, is the syntax different?
> > > > >
> > > > > acl all src 0.0.0.0/0.0.0.0 ***warning***
> > > > > | acl manager proto cache_object
> > > > > | acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst
> > > > > | 127.0.0.0/8 acl ssl_ports ports 443 563 acl safe_port port 80 acl
> > > > > | safe_port ....
> > > > > | acl connect method connect
> > > > > | acl mylan src 127.0.0.1 ***Fatal Error***
> > > > > | acl mysites 10.2.0.140 *** Fatal Error***
> > > > > |
> > > > > | http_access allow manager localhost
> > > > > | http_access deny manager
> > > > > | http_access deny !safe_port
> > > > > | http_access deny to_localhost
> > > > > | http_access allow mysites
> > > > > | http_access deny all
> > > > > |
> > > > > | http_reply_access allow MYLAN ***Fatal Error***
> > > > > | http_reply_access allow all
> > > > >
> > > > > Even with the default config I am not able to telnet to port 80 on the
> > > > > squid server.
> > > > Correct. If squid cannot read it's config it wont be able to start
> > > > operating.
> > > >
> > > > Use a newer version, and please indicate what the warning messages are.
> > > > My informed guess is listed below
> > > >
> > > >   acl all src ...
> > > > ** fully built-in now. no need to specify.
> > > >
> > > > acl mylan src 127.0.0.1
> > > >   ** weird, check that line for extra text or invisible binary
> > > > characters. same for the other src one.
> > > >
> > > > http_reply_access allow MYLAN
> > > > http_reply_access allow all
> > > >
> > > > ** earlier failure of src ACL above may cause this
> > > > ** only the allow all is needed.
> > > >
> > > > Amos
> >
> > --
> > Please use Squid 2.7.STABLE4 or 3.0.STABLE9


--
Please use Squid 2.7.STABLE4 or 3.0.STABLE9