Search squid archive

Reverce proxy setup with neighboor support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello all,

I figured the easiest way to describe what I am trying to do is to...
draw it. First of all pardon my ignorance since I am relatively new to
squid. Any help will be much appreciated.


The Problem:

Dec  9 17:42:35 cache2 squid[27234]: WARNING: Forwarding loop detected
for: Client: <cache1_IP> http_port: <cache2_IP>:3128 GET
internal://site1.domain.com/squid-internal-dynamic/netdb HTTP/1.0  Via:
1.0 site1.domain.com:80 (squid)  X-Forwarded-For: unknown  Host:
<cache2_IP>:3128  Cache-Control: max-age=259200  Connection:
keep-alive   




Reverse proxy Setup:

		O F5 load balanced vhost 
		|  (DNS A name resolving site1.domain.com
		|			 site2.domain.com
		|			 site3.domain.com etc.)
		|
	|---------------|
	|		|
	|		|
cache1	O---------------O cache2
		|
		|
		|
		|
	O---------------O--------------O
	web1		web2		web3
	site1		site3		site4
	site2				site5

Desired path:
1. Request for site1
2. F5 load balances request to cache1
3. cache1 checks own cache
4. if NO-HIT check cache2
5. else go directly to web1

Server:
64bit SLES 11

Configuration file (what I have done so far):

# NETWORK OPTIONS
#
-----------------------------------------------------------------------------
http_port 80 accel defaultsite=site1.domain.com vhost
http_port 3128 accel defaultsite=site1.domain.com vhost
visible_hostname site1.domain.com
offline_mode off

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
#
-----------------------------------------------------------------------------
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

# OPTIONS WHICH AFFECT THE CACHE SIZE
#
-----------------------------------------------------------------------------
cache_mem 512 MB
maximum_object_size 32 KB
maximum_object_size_in_memory 64 Kb

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#
-----------------------------------------------------------------------------
cache_dir aufs /var/cache/squid 61440 16 256
emulate_httpd_log on
logfile_rotate 100
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
debug_options ALL,1,33,3,20,3

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
#
-----------------------------------------------------------------------------
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

# OPTIONS FOR TUNING THE CACHE
#
-----------------------------------------------------------------------------
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i \.css        1440    50%     2880 override-expire
refresh_pattern -i \.swf        1440    50%     2880 ignore-reload
override-expire
refresh_pattern .               1440    50%     4320 override-expire

# ACCESS CONTROLS
#
-----------------------------------------------------------------------------

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http 
acl purge method PURGE
acl CONNECT method CONNECT
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
http_reply_access allow all

icp_access allow all

##########################################
###### UNIVERSITY SERVICES ENTRIES  ######
##########################################

cache_peer <web1_IP> parent 80 0 no-query originserver name=web1
cache_peer <cache2_IP> parent 3128 3130 proxy-only default
acl sites_web1 dstdomain site1.domain.com site2.domain.com
http_access allow sites_web1
cache_peer_access web1 allow sites_web1
cache_peer_access web1 deny all

# ADMINISTRATIVE PARAMETERS
#
-----------------------------------------------------------------------------

shutdown_lifetime 3 second
httpd_suppress_version_string on
cache_mgr cachemgr@xxxxxxxxxx

# ICP OPTIONS
#
-----------------------------------------------------------------------------

log_icp_queries on

# MISCELLANEOUS
#
-----------------------------------------------------------------------------

memory_pools_limit 1024 MB

# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
#
-----------------------------------------------------------------------------

coredump_dir /var/spool/squid

-------------------------EO Configuration file -------------------------

Any comments on the configuration would be much appreciated. Thank you
in advance. 

Kind regards,

Nik

-- 
Nikolaos Pavlidis BSc (Hons) MBCS NCLP CEH CHFI
Systems Administrator
University Of Bedfordshire
Park Square LU1 3JU
Luton, Beds, UK
Tel: +441582489277 (Ext 2277)



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux