Hello all,
I figured the easiest way to describe what I am trying to do is to...
draw it. First of all pardon my ignorance since I am relatively new to
squid. Any help will be much appreciated.
The Problem:
Dec 9 17:42:35 cache2 squid[27234]: WARNING: Forwarding loop detected
for: Client: <cache1_IP> http_port: <cache2_IP>:3128 GET
internal://site1.domain.com/squid-internal-dynamic/netdb HTTP/1.0 Via:
1.0 site1.domain.com:80 (squid) X-Forwarded-For: unknown Host:
<cache2_IP>:3128 Cache-Control: max-age=259200 Connection:
keep-alive
Reverse proxy Setup:
O F5 load balanced vhost
| (DNS A name resolving site1.domain.com
| site2.domain.com
| site3.domain.com etc.)
|
|---------------|
| |
| |
cache1 O---------------O cache2
|
|
|
|
O---------------O--------------O
web1 web2 web3
site1 site3 site4
site2 site5
Desired path:
1. Request for site1
2. F5 load balances request to cache1
3. cache1 checks own cache
4. if NO-HIT check cache2
5. else go directly to web1
Server:
64bit SLES 11
Configuration file (what I have done so far):
# NETWORK OPTIONS
#
-----------------------------------------------------------------------------
http_port 80 accel defaultsite=site1.domain.com vhost
http_port 3128 accel defaultsite=site1.domain.com vhost
visible_hostname site1.domain.com
offline_mode off
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
#
-----------------------------------------------------------------------------
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# OPTIONS WHICH AFFECT THE CACHE SIZE
#
-----------------------------------------------------------------------------
cache_mem 512 MB
maximum_object_size 32 KB
maximum_object_size_in_memory 64 Kb
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#
-----------------------------------------------------------------------------
cache_dir aufs /var/cache/squid 61440 16 256
emulate_httpd_log on
logfile_rotate 100
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
debug_options ALL,1,33,3,20,3
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
#
-----------------------------------------------------------------------------
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# OPTIONS FOR TUNING THE CACHE
#
-----------------------------------------------------------------------------
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.css 1440 50% 2880 override-expire
refresh_pattern -i \.swf 1440 50% 2880 ignore-reload
override-expire
refresh_pattern . 1440 50% 4320 override-expire
# ACCESS CONTROLS
#
-----------------------------------------------------------------------------
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl purge method PURGE
acl CONNECT method CONNECT
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
http_reply_access allow all
icp_access allow all
##########################################
###### UNIVERSITY SERVICES ENTRIES ######
##########################################
cache_peer <web1_IP> parent 80 0 no-query originserver name=web1
cache_peer <cache2_IP> parent 3128 3130 proxy-only default
acl sites_web1 dstdomain site1.domain.com site2.domain.com
http_access allow sites_web1
cache_peer_access web1 allow sites_web1
cache_peer_access web1 deny all
# ADMINISTRATIVE PARAMETERS
#
-----------------------------------------------------------------------------
shutdown_lifetime 3 second
httpd_suppress_version_string on
cache_mgr cachemgr@xxxxxxxxxx
# ICP OPTIONS
#
-----------------------------------------------------------------------------
log_icp_queries on
# MISCELLANEOUS
#
-----------------------------------------------------------------------------
memory_pools_limit 1024 MB
# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
#
-----------------------------------------------------------------------------
coredump_dir /var/spool/squid
-------------------------EO Configuration file -------------------------
Any comments on the configuration would be much appreciated. Thank you
in advance.
Kind regards,
Nik
--
Nikolaos Pavlidis BSc (Hons) MBCS NCLP CEH CHFI
Systems Administrator
University Of Bedfordshire
Park Square LU1 3JU
Luton, Beds, UK
Tel: +441582489277 (Ext 2277)
