Search squid archive

Re: Help with accelerated site

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello again here few updates of my cache.log and access.log
Can anybody translat to me what does that mean, I have changed my real site to "mysite" 
Thank you all
I tried www.mysite.org from a local machine which is 192.168.1.1
remember the router is actually on 192.168.1.4 which is also the Squid machine. 

########################################################################

cache log report
***********************************************************************


2010/03/26 20:41:24| WARNING: Forwarding loop detected for:
GET /favicon.ico HTTP/1.0
Host: www.mysite.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.18) Gecko/2010021501 Ubuntu/8.04 (hardy) Firefox/3.0.18 
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Via: 1.1 proxy (squid/3.0.STABLE25)
X-Forwarded-For: 192.168.1.1
Cache-Control: max-age=259200
Connection: keep-alive


2010/03/26 20:47:02| WARNING: Forwarding loop detected for:
GET / HTTP/1.0
Host: www.mysite.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.18) Gecko/2010021501 Ubuntu/8.04 (hardy) Firefox/3.0.18 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: http://www.mysite.org
Via: 1.1 proxy (squid/3.0.STABLE25)
X-Forwarded-For: 192.168.1.1
Cache-Control: max-age=259200
Connection: keep-alive

##########################################################################
acces.log
********************************************************************
1269636041.546 157 192.168.1.1 TCP_MISS/200 5178 GET http://www.google.com/ - DIRECT/66.102.9.104 text/html 1269636041.727 163 192.168.1.1 TCP_MISS/200 9340 GET http://www.google.com/intl/fr_ALL/images/logo.gif - DIRECT/66.102.9.104 image/gif 1269636042.006 168 192.168.1.1 TCP_MISS/200 21210 GET http://www.google.com/extern_js/f/CgJmciswCjheQB0sKzAOOAwsKzAWOBcsKzAXOAYsKzAYOAUsKzAZOBksKzAdOCUsKzAlOMqIASwrMCY4CSwrMCc4BCwrMCo4AywrMCs4CiwrMDw4AiwrMEA4DSwrMEQ4AiwrMEU4ASwrME44ASw/BYTXK9Z1bX4.js - DIRECT/66.102.9.104 text/javascript 1269636042.099 59 192.168.1.1 TCP_MISS/200 4144 GET http://www.google.com/extern_chrome/1ae1d100aea24288.js - DIRECT/66.102.9.104 text/html 1269636042.164 113 192.168.1.1 TCP_MISS/204 239 GET http://clients1.google.com/generate_204 - DIRECT/209.85.227.101 text/html 1269636042.212 42 192.168.1.1 TCP_MISS/200 6059 GET http://www.google.com/images/nav_logo8.png - DIRECT/66.102.9.104 image/png 1269636042.298 127 192.168.1.1 TCP_MISS/204 329 GET http://www.google.com/csi? - DIRECT/66.102.9.105 text/html 1269636054.744 0 192.168.1.1 TCP_HIT/200 456 GET http://192.168.1.3/ - NONE/- text/html 1269636054.865 6 192.168.1.1 TCP_MISS/404 665 GET http://192.168.1.3/favicon.ico - DIRECT/192.168.1.3 text/html 1269636057.864 0 192.168.1.1 TCP_NEGATIVE_HIT/404 674 GET http://192.168.1.3/favicon.ico - NONE/- text/html 1269636084.636 1 81.98.104.57 TCP_MISS/403 2263 GET http://www.mysite.org/ - NONE/- text/html 1269636084.637 92 192.168.1.1 TCP_MISS/403 2327 GET http://www.mysite.org/ - FIRST_UP_PARENT/main text/html 1269636084.667 1 81.98.104.57 TCP_MISS/403 2264 GET http://www.mysite.org/favicon.ico - NONE/- text/html 1269636084.668 2 192.168.1.1 TCP_MISS/403 2328 GET http://www.mysite.org/favicon.ico - FIRST_UP_PARENT/main text/html 1269636087.667 0 192.168.1.1 TCP_NEGATIVE_HIT/403 2335 GET http://www.mysite.org/favicon.ico - NONE/- text/html 1269636098.347 0 192.168.1.1 TCP_NEGATIVE_HIT/403 2335 GET http://www.mysite.org/ - NONE/- text/html 1269636422.015 1 81.98.104.57 TCP_MISS/403 2319 GET http://www.mysite.org/ - NONE/- text/html 1269636422.016 105 192.168.1.1 TCP_MISS/403 2383 GET http://www.mysite.org/ - FIRST_UP_PARENT/main text/html 

Your time and help will be much appreciated
Thanking you in advance
Regards
Adam
----- Original Message ----- From: "Ron Wheeler" <rwheeler@xxxxxxxxxxxxxxxxxxxxx> 
To: "Adam@Gmail" <adbasque@xxxxxxxxxxxxxx>
Sent: Friday, March 26, 2010 5:14 PM
Subject: Re:  Help with accelerated site




There are 2 uses for Squid:
1) to act as a proxy for browsers inside your network that want to get out to the Internet and you want to avoid 2 people downloading the same big file by having squid remember pages that it sees go by and giving the second requester the copy that is already in cache on its disk. In this case it is usually watching on port 3128 on the NIC attached to your internal LAN for requests that should be sent out on the public address.
2) To act as an accelerator for people outside who want pages from your web server. In this case it is watching for requests coming in on port 80 on the NIC that carries the public address and cheching to see if the page that they are requesting is in its cache and if it is, it responds to the request without bothering the webserver.
Note in Case 2, it is not doing anything for your people on the inside since they do NOT come in through the ethernet interface that Squid is watching.
You have to be clear in your configuring and testing that you are testing with the right connections. 
If you are testing case 2, you need to be outside your network to test.
If you come into port 80 on the ethernet NIC that is part of your internal LAN, your accelerator may not even see it. 

Make sure that your firewall setup matches what you are trying to do.
If you have got everything set up for whichever case you are testing, you might want to ask some of these questions to see what is happening.
What happens when you try to reference the proxy with a browser on port 80? 
What is showing up in your squid log when you make the request?
What is showing up in your firewall log when you make the request?
What is showing up in the Apache log when you make the request?
Post some of these results when asking for help. The answer usually is in the logs. 

Ron

Adam@Gmail wrote:

Hi Al,
thanks for your reply, I don't acutally have a problem with the apache
because the webserver is on another machine as the backend server
switching off the apache running on the proxy machine doesn't bother me
what I am having a problem with is that it doesn't pull the website from the backend server 
and right now it won't even allow me access from the local network
I have commented out all of the deny accesses and yet it still won't allow any machine on my local network to access the internet.
You can do both with Apache but the configurations and problems are very different. 

What exactly are you trying to do?
Try to get one working first and then go after the other.


That's what I found very strange.
My proxy server runs freely on a dedicated machine nothing else runs on that machine. 

Regards
Adam
----- Original Message ----- From: "Al - Image Hosting Services" <azick@xxxxxxxxxxxxxxxxxxxx> 
To: "Adam@Gmail" <adbasque@xxxxxxxxxxxxxx>
Cc: <squid-users@xxxxxxxxxxxxxxx>
Sent: Friday, March 26, 2010 1:24 AM
Subject: Re:  Help with accelerated site



Hi,
Although you can't have apache and squid listening on port 80 on the same IP, you can have them both running on port 80 on the same machine. Just do this: 

Change your apache config to:
"Listen 127.0.0.1:80"

Change your squid config to:
"cache_peer 127.0.0.1 parent 80 0 no-query originserver" "http_port 1.2.3.4:80 accel vhost" 

Where 1.2.3.4 is, put your public IP.

-Al






On Thu, 25 Mar 2010, Adam@Gmail wrote:


Date: Thu, 25 Mar 2010 16:30:33 -0000
From: "Adam@Gmail" <adbasque@xxxxxxxxxxxxxx>
To: Ron Wheeler <rwheeler@xxxxxxxxxxxxxxxxxxxxx>
Cc: Amos Jeffries <squid3@xxxxxxxxxxxxx>, squid-users@xxxxxxxxxxxxxxx
Subject: Re:  Help with accelerated site

Hi All,
Thank you guys for your help
I have tried your suggestions,
Yes Ron I know that two programmes can't both listen on the same port at the same time but I thought the Apache was essential for the Proxy server, so thanks for the suggestion, I am including bits of my config here, because now I am getting "Access Denied" even from a local network: Can you guys please take a look at it and see if you can spot what's causing the access denied. note I have tried to allow everything and removed all the "deny" directives and yet it's still denies any access from my local network. That is why I get so confused with Squid, I don't understand it's logic to be perfectly honest, and let me remind you that this config used to work just fine at least it used to allow access to the internet to all the clients on my local network. 


#############################
# Other Access Controls
#############################
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl our_networks dst 192.168.1.0/32
acl our_sites dstdomain www.mysite.org
acl localnet src 10.0.0.0/8  # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
# acl localnet src 192.168.0.0/32 # RFC1918 possible internal network
acl localnet src 192.168.1.0/32  #Local Network
acl myaccelport port 80

# acl FTP proto FTP
acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443  # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210  # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280  # http-mgmt
acl Safe_ports port 488  # gss-http
acl Safe_ports port 591  # filemaker
acl Safe_ports port 777  # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
#http_access deny manager
# http_access deny !Safe_ports
http_access allow localnet
#http_access deny all
# http_access allow intranet
# http_access deny all
http_access allow our_networks

icp_access allow localnet
#icp_access deny all
htcp_access allow localnet
#htcp_access deny all
http_acceess allow CONNECT
#http_access deny all
hosts_file /etc/hosts
visible_hostname proxy

http_port  3128

hierarchy_stoplist cgi-bin ?

cache_effective_user squid
access_log /usr/local/squid/var/logs/access.log squid
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
pid_filename /usr/local/squid/var/logs/squid.pid

refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern .  0 20% 4320

icp_port 3130
htcp_port 4827
# allow_underscore on

coredump_dir /usr/local/squid/var/cache
Can anyone see what's wrong with this config and if possible to point it out to me, your help would be much appreciated 

Thanking you in advance
Regards
Adam
----- Original Message ----- From: "Ron Wheeler" <rwheeler@xxxxxxxxxxxxxxxxxxxxx> 
To: "Adam@Gmail" <adbasque@xxxxxxxxxxxxxx>
Cc: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>; <squid-users@xxxxxxxxxxxxxxx> 
Sent: Thursday, March 25, 2010 1:58 AM
Subject: Re:  Help with accelerated site



Adam@Gmail wrote:

Hello there,
Thanks for the reply Ron and Amos
Maybe my original e-mail wasn't clear a bit confusing I am sorry if I confused you 

I have squid running on Machine A with let's say local ip 192.168.1.4
the backend server is running on machine B and ip address 192.168.1.3
Now, instead of getting the website that is located on Machine B 192.168.1.3 which is listening on port 81 not 80. I am getting the default Apache Page on the Proxy server Machine which is 192.168.1.4 

And I do have the vhost in my configuration
Well there are two apaches running on the two machines, the proxy machine and the web-server machine, except the web-server apache listens on port 81, logically (technically) speaking it should work, but for some reason it doesn't. 
I hope it makes more sense to you what I am trying to describe here


Very helpful.
You can not have apache listening for port 80 on 192.168.1.4 and Squid trying to do the same thing. 
Only one process can have port 80.
You will very likely find a note in the squid logs that says something to the effect that squid can not bind to port 80. If you shutdown apache on 192.168.1.4 and restart squid, your proxy will work (if the rest of the configuration is correct) If you then try to start apache on 192.168.1.4 it will certainly complain loudly about port 80 not being free.
If you want to use Apache on both 192.168.1.4 and 192.168.1.3 you need to set the apache on 192.168.1.4 to listen on port 81 and set squid to proxy to the apache on 192.168.1.4 and use apache's proxy and vhost features to reach 192.168.1.5 which can be set to listen on port 80. 
This will support
browser=>Squid on 192.168.1.4 ==> Apache on 192.168.1.4:81 (vhost) ==>Apache 192.168.1.3:80 
That is a pretty common approach.

Ron




Thank you all for your help
Regards
Adam
----- Original Message ----- From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx> 
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Thursday, March 25, 2010 1:01 AM
Subject: Re:  Help with accelerated site



On Wed, 24 Mar 2010 19:48:27 -0400, Ron Wheeler
<rwheeler@xxxxxxxxxxxxxxxxxxxxx> wrote:

What is squid proxying?
Usually the normal behaviour is exactly what you are getting since squid 


normally proxies Apache on 80.
Browser ==> Squid on 80==>proxied to Apache on port 81.


If Squid is not proxying Apache, then it looks like you have Apache
running on 80.
If you are trying to redirect port 80 to another program that is not 
Apache, then you need to get Apache off port 80.
You can not have 2 programs listening to port 80.

If Apache is running and owns port 80, Squid will not start.
If this is the case, You likely have errors in the logs to this effect. 

Shut down Apache and and restart Squid.
Try to start Apache and now it should howl with anger (or log in anger) 
at not getting port 80.


Ron

Adam@Gmail wrote:

Hello All,

I have followed this configuration, but when I try and access the
website from outside my network
All I get is the default page of the apache on the machine where the 
Squid proxy is installed

Here is the link:

http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator

here is the configuration I followed
http_port 80 accel defaultsite=your.main.website.name(changed my port to 81 my backend server listens on port 81)I havehttp_port 81 accel 
defaultsite=www.my.website.org vhostand then used thiscache_peer
ip.of.webserver parent 80 0 no-query originserver
name=myAccelcache_peer 192.168.1.5 parent 81 0 no query originserver 
name=myAccel(myAccel I have put a name)and then acl our_sites
dstdomain my.website.org
http_access allow our_sites
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all Anybody with any suggestions
please?Any help would be appreciated thank youRegardsAdam



Sorry, took me a while to un-mangle that original email text.
You are missing the "vhost" option on https_port 80. All traffic Squid 
receives on port 80 will go to Apache's default virtual host.

Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux