On Sun, 07 Jun 2009 18:35:07 -0400, Jeff Rigby <jrigby@xxxxxxxxxxxxxxxxxxx> wrote: > This has been extremely helpful. I'm using Squid 3.0. Thanks so much > for taking the time to answer my questions. I've taken your advice on > pretty much everything and it seems a lot better. The round-robin for > the parents is definitely working well, though I'm still unsure about > the sibling peers. > > 1 .Sibling Servers: > Now when I request an image that is not available on one of the squid > servers I get: > 619 24.166.71.47 TCP_MISS/200 197662 GET http://dev.static.com/ > test.jpg - TIMEOUT_FIRST_UP_PARENT/dev image/jpeg > > It still loads the image fine, but I'm not sure what > TIMEOUT_FIRST_UP_PARENT means, though it doesn't sound good. > Something bad happened with the selected peer. A timeout occurred trying to contact it. So the first available parent was used instead. The first available parent was the one called 'dev'. > 2. Blocking non-image files > I wasn't really clear in my initial message. I would like to block > serving of any content that is not css, js, jpg, png, gif, and txt > from the Squid servers. When I say block I mean that it should not > query the parent for anything but these defined document types and > instead return a 404 error (even if this content is valid on the > origin server). Then you need n ACL defining those file types. Then: cache_peer_access XX allow aclname cache_peer_access XX deny all to only allow those file types through to the peer. Make sure the ACL is as compact and efficient urlpath_regex as possible, it will be tested several times during each request processing and can't be the more efficient rep_mime_type. > > 3. Force Domain / Cache Peer Domain: > As for forcedomain / cache peer domain I don't see how I can delete > this. Here's how the servers are currently set up: > > We have three main domains (All served on the same load balanced > apache servers); > www.webserver.com > test.webserver.com > dev.webserver.com > > And corresponding static file domains for the images (All domains are > served by the same Squid servers): > www.staticserver.com > test.staticserver.com > dev.staticserver.com > > The web domains are load balanced between three Apache servers. > The static domains are load balanced between three Squid servers > > When someone requests an image from dev.staticserver.com it must query > one of the web servers using dev.webserver.com which is why I thought > I had to use cache_peer_domain and forcedomain. Is this incorrect? Sort of, but no. forcedomain=XX changes the hostname visible by the back-end server to XX. It does nothing to control any given request going past. The domain is ALWAYS changed, regardless of what domain was requested. So requests for www.staticserver.com/fu will become requests for dev.webserver.com/fu as well as requests for dev.staticserver.com/fu . To prevent mistakes in URL mapping you also need cache_peer_domain and cache_peer_access as two alternative ways to restrict what requests each peer handles. To prevent a request going to cache_peer X, you define "cache_peer_access X deny Y" or "cache_peer_domain X dev.staticserver.com" To pass any request to any back-end BUT retain the hostname mapping only part of the domain name in 3.0 you will likely still need a url_rewrite helper. It is a VERY good idea to make the back-end hostnames and paths accept the public names, which will get you around all these troubles and simplify things a lot for you. > > 4. New (and improved) Configuration: > > Just for reference: > Squid 1: 10.155.0.90 > Squid 2: 10.155.0.91 > Squid 3: 10.155.0.92 > Web 1: 10.155.0.101 > Web 2: 10.155.0.102 > Web 3: 10.155.0.103 > > Config (For Squid 1): > visible_hostname img1.staticserver.com > cache_effective_user squid > http_port 80 accel defaultsite=www.staticserver.com vhost > > cache_peer 10.155.0.101 parent 80 0 no-query no-digest no-netdb- > exchange originserver round-robin forceddomain=www.webserver.com > name=prod1 > cache_peer 10.155.0.102 parent 80 0 no-query no-digest no-netdb- > exchange originserver round-robin forceddomain=www.webserver.com > name=prod2 > cache_peer 10.155.0.103 parent 80 0 no-query no-digest no-netdb- > exchange originserver round-robin forceddomain=www.webserver.com > name=prod3 > cache_peer_domain prod1 staticserver.com www.staticserver.com > cache_peer_domain prod2 staticserver.com www.staticserver.com > cache_peer_domain prod3 staticserver.com www.staticserver.com > > cache_peer 10.155.0.101 parent 80 0 no-query originserver no-digest no- > netdb-exchange forceddomain=test.webserver.com name=test > cache_peer_domain test test.staticserver.com > cache_peer 10.155.0.101 parent 80 0 no-query originserver no-digest no- > netdb-exchange forceddomain=dev.webserver.com name=dev > cache_peer_domain dev dev.staticserver.com > > cache_peer 10.155.0.91 sibling 80 3130 allow-miss name=squid2 > cache_peer 10.155.0.92 sibling 80 3130 allow-miss name=squid3 Siblings squid2 and squid3 may be tested to see if they contain the required object... All requests for http://*.staticserver.com/* and http://staticserver.com/* will have hostname altered to match http://www.webserver.com/* and passed to prod1, prod2 or prod3 in a round-robin fashion. If the request was for test.staticserver.com, then peer 'test' is also attempted with a mapping of the hostname to http://test.webserver.com/* if the prod1, prod2 or prod3 lookup fails. If the request was for dev.staticserver.com, then peer 'dev' is also attempted if the prod1, prod2 or prod3 lookup fails (TIMEOUT_FIRST_UP_PARENT indicates this is happening). With a mapping of the hostname to http://dev.webserver.com/* Amos
