This has been extremely helpful. I'm using Squid 3.0. Thanks so much
for taking the time to answer my questions. I've taken your advice on
pretty much everything and it seems a lot better. The round-robin for
the parents is definitely working well, though I'm still unsure about
the sibling peers.
1 .Sibling Servers:
Now when I request an image that is not available on one of the squid
servers I get:
619 24.166.71.47 TCP_MISS/200 197662 GET http://dev.static.com/
test.jpg - TIMEOUT_FIRST_UP_PARENT/dev image/jpeg
It still loads the image fine, but I'm not sure what
TIMEOUT_FIRST_UP_PARENT means, though it doesn't sound good.
2. Blocking non-image files
I wasn't really clear in my initial message. I would like to block
serving of any content that is not css, js, jpg, png, gif, and txt
from the Squid servers. When I say block I mean that it should not
query the parent for anything but these defined document types and
instead return a 404 error (even if this content is valid on the
origin server).
3. Force Domain / Cache Peer Domain:
As for forcedomain / cache peer domain I don't see how I can delete
this. Here's how the servers are currently set up:
We have three main domains (All served on the same load balanced
apache servers);
www.webserver.com
test.webserver.com
dev.webserver.com
And corresponding static file domains for the images (All domains are
served by the same Squid servers):
www.staticserver.com
test.staticserver.com
dev.staticserver.com
The web domains are load balanced between three Apache servers.
The static domains are load balanced between three Squid servers
When someone requests an image from dev.staticserver.com it must query
one of the web servers using dev.webserver.com which is why I thought
I had to use cache_peer_domain and forcedomain. Is this incorrect?
4. New (and improved) Configuration:
Just for reference:
Squid 1: 10.155.0.90
Squid 2: 10.155.0.91
Squid 3: 10.155.0.92
Web 1: 10.155.0.101
Web 2: 10.155.0.102
Web 3: 10.155.0.103
Config (For Squid 1):
visible_hostname img1.staticserver.com
cache_effective_user squid
http_port 80 accel defaultsite=www.staticserver.com vhost
cache_peer 10.155.0.101 parent 80 0 no-query no-digest no-netdb-
exchange originserver round-robin forceddomain=www.webserver.com
name=prod1
cache_peer 10.155.0.102 parent 80 0 no-query no-digest no-netdb-
exchange originserver round-robin forceddomain=www.webserver.com
name=prod2
cache_peer 10.155.0.103 parent 80 0 no-query no-digest no-netdb-
exchange originserver round-robin forceddomain=www.webserver.com
name=prod3
cache_peer_domain prod1 staticserver.com www.staticserver.com
cache_peer_domain prod2 staticserver.com www.staticserver.com
cache_peer_domain prod3 staticserver.com www.staticserver.com
cache_peer 10.155.0.101 parent 80 0 no-query originserver no-digest no-
netdb-exchange forceddomain=test.webserver.com name=test
cache_peer_domain test test.staticserver.com
cache_peer 10.155.0.101 parent 80 0 no-query originserver no-digest no-
netdb-exchange forceddomain=dev.webserver.com name=dev
cache_peer_domain dev dev.staticserver.com
cache_peer 10.155.0.91 sibling 80 3130 allow-miss name=squid2
cache_peer 10.155.0.92 sibling 80 3130 allow-miss name=squid3
#ICP
icp_port 3130
#headers
reply_header_access Cache-Control deny all
header_replace Cache-Control max-age=1209600
refresh_pattern . 0 50% 1209600 ignore-no-cache override-expire
override-lastmod reload-into-ims ignore-reload ignore-no-store ignore-
private
reload_into_ims on
# Basic ACLs
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl mydomain dstdomain .webserver.com .staticserver.com localhost
acl localnet src 10.0.0.0/16
acl Safe_ports port 80 # http
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access allow mydomain
http_access deny all
icp_access allow localnet
icp_access deny all
