Matthew Morgan wrote:
Matthew Morgan wrote:
On Fri, Nov 6, 2009 at 10:03 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx>
wrote:
Matthew Morgan wrote:
Matthew Morgan wrote:
Are there any known issues with squid 3.x and apt-get update on
Ubuntu?
On 2.7 everything worked fine, but on 3.0-stable19 and
3.0-stable20, I get
random 404 responses when doing apt-get update. I tried starting
with a
fresh cache, but no dice. Here's my squid.conf:
Quick note: the errors are not always 404's. Sometimes they are like:
Err http://us.archive.ubuntu.com jaunty Release.gpg
The HTTP server sent an invalid reply header [IP: 91.189.88.45 80]
You may be encountering the remains of bug #7. Or some upstream
provider
with bug #2624 (fixed in 3.0.stable20).
If you can track down what that invalid reply header is and whether its
coming into Squid from the web server would be a great help.
I'll fix the other problems with my config that you saw, and if this
doesn't go away I'll do some tracking and let you know. Thanks!
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
Current Beta Squid 3.1.0.14
It looks like for some reason the .bz2 extensions is getting dropped
off some of the urls. With squid-2.7 (which works), there are many
requests like the following:
http://us.archive.ubuntu.com/ubuntu/dists/jaunty-security/main/binary-i386/Packages.bz2
With 3.x, a few of them look like this:
http://us.archive.ubuntu.com/ubuntu/dists/jaunty-security/main/binary-i386/Packages
They're identical, but somewhere the file extension is getting ripped
off...but only on some of them. Do you know of a way to find out
where this is happening? I don't exactly grok squid yet, so I don't
think I'm equipped to divine the answer from the source code.
Apparently I only get the dropped .bz2 extensions when using squid
transparently, which is how our network is set up. If I manually
specify http_proxy on my workstation to point to squid directly, I don't
have any problems with apt-get update. Has anyone ever heard of this?
Here's my updated squid config (this is 3.0-STABLE20, btw).
visible_hostname proxy
http_port 192.168.2.1:3128 transparent
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl snmppublic snmp_community public
acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl localnet src 192.168.2.0/24
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localnet
http_access allow manager localhost
http_access deny manager
http_access allow purge localnet
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
hierarchy_stoplist cgi-bin ?
cache_dir diskd /usr/local/squid/var/cache 15000 16 256
maximum_object_size 819200 KB
access_log /usr/local/squid/var/logs/access.log squid
pid_filename /var/run/squid.pid
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 10080 100%
43200 reload-into-ims override-expire
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080
100% 43200 reload-into-ims override-expire
refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100%
43200 reload-into-ims override-expire
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf)
4320 100% 43200 reload-into-ims override-expire
refresh_pattern updates.superantispyware.com/sas_processlist.* 1440
100% 1441 ignore-reload override-lastmod override-expire
refresh_pattern http://mbam-cdn.malwarebytes.org/.* 1440 100% 1441
ignore-reload override-lastmod override-expire
refresh_pattern http://download682.avast.com/.* 1440 100% 1441
ignore-reload override-lastmod override-expire
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user proxy
cache_effective_group proxy
snmp_port 3401
snmp_access allow snmppublic localnet
snmp_access allow localnet
snmp_access allow localhost
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
hosts_file /etc/hosts
coredump_dir /usr/local/squid/var/cache