Attached is what I get in my cache.log file
When I try http://10.2.0.180/images/icon/test.jpg I am not getting
The image from http://10.2.0.140/images/icon/test.jpg
I get a page cannot be displayed message.
Thanks for your help I think we are getting closer
Gustavo -----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: Thursday, September 18, 2008 11:52 PM
To: Gustavo Lazarte
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re: Fedora
Gustavo Lazarte wrote:
> Still doesn't work but I think to know why
>
> IP of my Squid proxy-cache server is 10.2.0.180 (where the configuration goes)
> We will never use this server as a proxy going outbound
>
> # for the datacenter to use as regular proxy
> http_port 3128 ##should I take this out?
maybe, that was only three for the datacenter you said wanted to use it
as a regular proxy.
>
> Cache_peer 10.2.0.140 no-query name=imgserver-> 10.2.0.140 is the IP of the webserver I am getting the images from, just to make sure you know
>
Yes.
> Acl imgdomain dstdomain <your-images-server-domain> -->that will be the 10.2.0.140 server, I cannot use domain name since there is no DNS resolution on the test network
>
Okay, dstdomain is a text match. against whatever the URL and Host:
header contains in requests.
Sounds like you need it to be "10.2.0.140" to test with:
http://10.2.0.140/my-image.gif
or set:
http_port ... defaultsite=<images-serverdomain-name>
> Then add the rest of your lines
> http_port 80 accel vhost
> cache_peer 10.2.0.140 80 0 no-query name=imgserver
> acl imgdomains dstdomain <your-images-server-domain>
> cache_peer_access imgserver allow imgdomains
> cache_peer_access imgserver deny all
> http_access allow imgdomains
>
> and this
>
> Acl mylan src 127.0.0.1
> http_reply_access allow mylan
> http_reply_access allow all
>
>
> Thanks for all your help
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
> Sent: Thursday, September 18, 2008 12:46 AM
> To: Gustavo Lazarte
> Cc: Amos Jeffries;squid-users@xxxxxxxxxxxxxxx
> Subject: RE: Fedora
>
>> What I had in the 2.4 version was a Cache-image server. The load balancer
>> will receive request from clients and send the image request to the
>> Squid-cache server and content to the webserver. So this unit will be set
>> up in a datacenter to help unload some of the incoming traffic. The
>> Squid-cache server should receive the port 80- traffic and then request
>> the images from a webserver
>> And keep them for future request. Right now it looks like the squid server
>> does not even receive port 80 traffic. I look that I need to enable
>> something the config
>>
>
> Ah that explains some of the issues. Put this config at the top of your
> squid.conf (with <your-images-server-domain> changed to the domain name
> being requested for the images):
>
> # for the datacenter to use as regular proxy
> http_port 3128
>
> # for the image server reverse-proxy
> http_port 80 accel vhost
> cache_peer 10.2.0.140 80 0 no-query name=imgserver
> acl imgdomains dstdomain <your-images-server-domain>
> cache_peer_access imgserver allow imgdomains
> cache_peer_access imgserver deny all
> http_access allow imgdomains
>
> # other acl and access controls for normal use go down here.
>
>
> That will let squid process the different modes properly. 2.6+ can have
> multiple ports of different types running no problem.
>
> The datacenter requests (and any attacks on port 80) will be handled
> normally through your other security settings. But the requests for stuff
> on the images domain names will be passed to the real web server where
> they come from.
>
> Amos
>
>> Thanks
>>
>> -----Original Message-----
>> From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
>> Sent: Tuesday, September 16, 2008 9:04 PM
>> To: Gustavo Lazarte
>> Cc: squid-users@xxxxxxxxxxxxxxx
>> Subject: Re: Fedora
>>
>> Gustavo Lazarte wrote:
>>> The service is up but is not getting any content from the destination
>>> server. Is there a line I need to change to make it forward traffic to
>>> my target server?
>>>
>> What type of proxy are you trying to setup?
>> Your config is for a standard proxy.
>>
>> Amos
>>
>>> Thanks
>>>
>>>
>>> -----Original Message-----
>>> From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
>>> Sent: Tuesday, September 16, 2008 7:38 AM
>>> To: Gustavo Lazarte
>>> Cc: squid-users@xxxxxxxxxxxxxxx
>>> Subject: Re: Fedora
>>>
>>> Gustavo Lazarte wrote:
>>>> I upgraded and now when I am trying to use my squid server to send
>>>> traffic to the site 10.2.0.140 the squid server IP is 10.2.0.150.
>>>>
>>>> I also get the Warning cannot write the log file Permission denied.
>>>>
>>>> Then I try the /usr/local/squid/sbin/squid I get cannot write cache.log
>>>> Permission denied. I use the user nobody for
>>>> cache_effective_user
>>> Ah, well, you need to set read+write permission on the log file
>>> directory squid is trying to use and the logs inside it.
>>>
>>>> /usr/local/squid/sbin/squid -z runs correctly
>>>>
>>> Thats good. At least the storage area won't have more of these problems
>>> when squid does start.
>>>
>>> Amos
>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
>>>> Sent: Saturday, September 13, 2008 11:39 AM
>>>> To: Gustavo Lazarte
>>>> Cc: squid-users@xxxxxxxxxxxxxxx
>>>> Subject: Re: Fedora
>>>>
>>>> Gustavo Lazarte wrote:
>>>>> I got the service working. Now my old configuration from version 2.4
>>>>> is not working on 3.0 Stable 2.
>>>> Please do not use 3.0.stable2 under any circumstances. It does not
>>>> perform authentication in any meaningful manner.
>>>>
>>>> For you should use something 3.0.stable7+
>>>>
>>>> 3.0.stable9 is just out with the most current stability fixes..
>>>>
>>>>> In theory the traffic was coming from a load balancer and hit the
>>>>> Proxy server. The proxy server then will request 10.2.0.140 for the
>>>>> content.
>>>>>
>>>>> When I try to start the service with my old configuration is having
>>>>> problems with the following lines, is the syntax different?
>>>>>
>>>>> acl all src 0.0.0.0/0.0.0.0 ***warning***
>>>>> | acl manager proto cache_object
>>>>> | acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst
>>>>> | 127.0.0.0/8 acl ssl_ports ports 443 563 acl safe_port port 80 acl
>>>>> | safe_port ....
>>>>> | acl connect method connect
>>>>> | acl mylan src 127.0.0.1 ***Fatal Error***
>>>>> | acl mysites 10.2.0.140 *** Fatal Error***
>>>>> |
>>>>> | http_access allow manager localhost
>>>>> | http_access deny manager
>>>>> | http_access deny !safe_port
>>>>> | http_access deny to_localhost
>>>>> | http_access allow mysites
>>>>> | http_access deny all
>>>>> |
>>>>> | http_reply_access allow MYLAN ***Fatal Error***
>>>>> | http_reply_access allow all
>>>>>
>>>>> Even with the default config I am not able to telnet to port 80 on the
>>>>> squid server.
>>>> Correct. If squid cannot read it's config it wont be able to start
>>>> operating.
>>>>
>>>> Use a newer version, and please indicate what the warning messages are.
>>>> My informed guess is listed below
>>>>
>>>> acl all src ...
>>>> ** fully built-in now. no need to specify.
>>>>
>>>> acl mylan src 127.0.0.1
>>>> ** weird, check that line for extra text or invisible binary
>>>> characters. same for the other src one.
>>>>
>>>> http_reply_access allow MYLAN
>>>> http_reply_access allow all
>>>>
>>>> ** earlier failure of src ACL above may cause this
>>>> ** only the allow all is needed.
>>>>
>>>> Amos
>>>>
>>>>
>>>
>>
>> --
>> Please use Squid 2.7.STABLE4 or 3.0.STABLE9
>>
>>
>>
>
>
>
>
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
2008/09/22 13:58:31| Creating Swap Directories
2008/09/22 13:58:31| /usr/local/squid/var/cache exists
2008/09/22 13:58:31| /usr/local/squid/var/cache/00 exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/00
2008/09/22 13:58:31| /usr/local/squid/var/cache/01 exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/01
2008/09/22 13:58:31| /usr/local/squid/var/cache/02 exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/02
2008/09/22 13:58:31| /usr/local/squid/var/cache/03 exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/03
2008/09/22 13:58:31| /usr/local/squid/var/cache/04 exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/04
2008/09/22 13:58:31| /usr/local/squid/var/cache/05 exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/05
2008/09/22 13:58:31| /usr/local/squid/var/cache/06 exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/06
2008/09/22 13:58:31| /usr/local/squid/var/cache/07 exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/07
2008/09/22 13:58:31| /usr/local/squid/var/cache/08 exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/08
2008/09/22 13:58:31| /usr/local/squid/var/cache/09 exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/09
2008/09/22 13:58:31| /usr/local/squid/var/cache/0A exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/0A
2008/09/22 13:58:31| /usr/local/squid/var/cache/0B exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/0B
2008/09/22 13:58:31| /usr/local/squid/var/cache/0C exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/0C
2008/09/22 13:58:31| /usr/local/squid/var/cache/0D exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/0D
2008/09/22 13:58:31| /usr/local/squid/var/cache/0E exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/0E
2008/09/22 13:58:31| /usr/local/squid/var/cache/0F exists
2008/09/22 13:58:31| Making directories in /usr/local/squid/var/cache/0F
2008/09/22 13:58:34| Starting Squid Cache version 3.0.STABLE8 for i686-pc-linux-gnu...
2008/09/22 13:58:34| Process ID 2535
2008/09/22 13:58:34| With 1024 file descriptors available
2008/09/22 13:58:34| Performing DNS Tests...
2008/09/22 13:58:34| Successful DNS name lookup tests...
2008/09/22 13:58:34| DNS Socket created at 0.0.0.0, port 60268, FD 7
2008/09/22 13:58:34| Adding nameserver ##.##.##.## from /etc/resolv.conf
2008/09/22 13:58:34| Adding nameserver ##.##.##.## from /etc/resolv.conf
2008/09/22 13:58:34| Unlinkd pipe opened on FD 12
2008/09/22 13:58:34| Swap maxSize 102400 KB, estimated 7876 objects
2008/09/22 13:58:34| Target number of buckets: 393
2008/09/22 13:58:34| Using 8192 Store buckets
2008/09/22 13:58:34| Max Mem size: 8192 KB
2008/09/22 13:58:34| Max Swap size: 102400 KB
2008/09/22 13:58:34| Version 1 of swap file with LFS support detected...
2008/09/22 13:58:34| Rebuilding storage in /usr/local/squid/var/cache (DIRTY)
2008/09/22 13:58:34| Using Least Load store dir selection
2008/09/22 13:58:34| Set Current Directory to /usr/local/squid/var/cache
2008/09/22 13:58:34| Loaded Icons.
2008/09/22 13:58:34| Accepting accelerated HTTP connections at 10.2.0.180, port 80, FD 14.
2008/09/22 13:58:34| Accepting HTTP connections at 0.0.0.0, port 3128, FD 15.
2008/09/22 13:58:34| Accepting ICP messages at 0.0.0.0, port 3130, FD 16.
2008/09/22 13:58:34| HTCP Disabled.
2008/09/22 13:58:34| Configuring Parent 10.2.0.140/80/0
2008/09/22 13:58:34| Ready to serve requests.
2008/09/22 13:58:34| Done reading /usr/local/squid/var/cache swaplog (0 entries)
2008/09/22 13:58:34| Finished rebuilding storage from disk.
2008/09/22 13:58:34| 0 Entries scanned
2008/09/22 13:58:34| 0 Invalid entries.
2008/09/22 13:58:34| 0 With invalid flags.
2008/09/22 13:58:34| 0 Objects loaded.
2008/09/22 13:58:34| 0 Objects expired.
2008/09/22 13:58:34| 0 Objects cancelled.
2008/09/22 13:58:34| 0 Duplicate URLs purged.
2008/09/22 13:58:34| 0 Swapfile clashes avoided.
2008/09/22 13:58:34| Took 0.04 seconds ( 0.00 objects/sec).
2008/09/22 13:58:34| Beginning Validation Procedure
2008/09/22 13:58:34| Completed Validation Procedure
2008/09/22 13:58:34| Validated 25 Entries
2008/09/22 13:58:34| store_swap_size = 0
2008/09/22 13:58:35| storeLateRelease: released 0 objects
