Hi all,
I had a look in the archives and the only similar problem I found was
never answered
so I hope someone can help me. I posted this request on
linuxquestions.org but got no reply so I thought I'd be better off
asking you guys ;)
I tried to get reverse proxy working with apache mod_proxy but that
failed so I'm giving squid3 a go but with not much more luck. All
connections to non ssl websites work fine. The following error I
[B]only get the second time[/B] I access the page, the first time the
page is displayed properly! This does not make sense to me but maybe it
will to one of you.
The requested URL could not be retrieved
While trying to retrieve the URL: https://deb01.example.com/
The following error was encountered:
Connection to Failed
The system returned:
(71) Protocol error
The remote host or network may be down. Please try the request again.
Your cache administrator is webmaster.
Generated Thu, 20 May 2010 18:58:28 GMT by localhost (squid/3.0.STABLE8)
My setup
+--> (deb02) vhosts running multile http
[WWW] -> KVM/SQUID ->+--> (deb01) vhost running a single https
+--> (deb03) vhosts running multile http and one
My squid.conf
https_port 443 accel cert=/etc/ssl/deb01.example.com.crt
key=/etc/ssl/deb01.example.com.pem defaultsite=deb01.example.com vhost
http_port 80 accel defaultsite=deb02.example.com vhost
cache_peer parent 443 0 no-query originserver login=PASS
ssl sslversion=3 sslflags=DONT_VERIFY_PEER front-end-https=on name=srv01
cache_peer parent 80 0 no-query originserver name=srv02
acl https proto https
acl sites_srv01 dstdomain deb01.example.com
acl sites_srv02 dstdomain deb02.example.com second.example.com
http_access allow sites_srv01
http_access allow sites_srv02
cache_peer_access srv01 allow sites_srv01
cache_peer_access srv02 allow sites_srv02
forwarded_for on
The first 'successful' connection gives the following entries in the logs:
2010/05/20 21:05:21| digest requires version 17487; have: 5
2010/05/20 21:05:21| temporary disabling (invalid digest cblock) digest
2010/05/20 21:05:21| fwdNegotiateSSL: Error negotiating SSL connection
on FD 16: error:1408F06B:SSL routines:SSL3_GET_RECORD:bad decompression
2010/05/20 21:05:21| TCP connection to failed
2010/05/20 21:05:21| fwdNegotiateSSL: Error negotiating SSL connection
on FD 16: error:1408F06B:SSL routines:SSL3_GET_RECORD:bad decompression
2010/05/20 21:05:21| TCP connection to failed
2010/05/20 21:05:21| fwdNegotiateSSL: Error negotiating SSL connection
on FD 16: error:1408F06B:SSL routines:SSL3_GET_RECORD:bad decompression
2010/05/20 21:05:21| TCP connection to failed
==> /var/log/squid3/store.log <==
1274382321.365 RELEASE -1 FFFFFFFF B4F6358BEF575DB8EE08C9E4544D1ED8 200
1274382321 -1 -1 unknown -1/584 GET
1274382321.394 RELEASE 00 00000000 5B2811E3C3DBF846FB471299507A118F
? ? ? ? ?/? ?/? ? ?
1274382321.394 SWAPOUT 00 00000000 5B2811E3C3DBF846FB471299507A118F 200
1274382321 -1 -1 x-squid-internal/vary -1/0 GET
1274382321.394 RELEASE 00 00000008 00A5F16BB26487A2923FC532D7EAFB78
? ? ? ? ?/? ?/? ? ?
1274382321.394 SWAPOUT 00 00000008 EEC31BDDF7F08E5301417EBDCA25AFFE 200
1274382319 1273748130 -1 text/html 69/69 GET
1274382321.580 RELEASE -1 FFFFFFFF 092DD741F44CA089263CADBF1B57C579 503
1274382321 0 -1 text/html 2166/2166 GET
The second 'failed' connection shows the following log events:
==> /var/log/squid3/cache.log <==
2010/05/20 21:06:11| fwdNegotiateSSL: Error negotiating SSL connection
on FD 15: error:1408F06B:SSL routines:SSL3_GET_RECORD:bad decompression
2010/05/20 21:06:12| fwdNegotiateSSL: Error negotiating SSL connection
on FD 15: error:1408F06B:SSL routines:SSL3_GET_RECORD:bad decompression
2010/05/20 21:06:12| TCP connection to failed
2010/05/20 21:06:12| fwdNegotiateSSL: Error negotiating SSL connection
on FD 15: error:1408F06B:SSL routines:SSL3_GET_RECORD:bad decompression
2010/05/20 21:06:12| TCP connection to failed
==> /var/log/squid3/store.log <==
1274382371.814 RELEASE -1 FFFFFFFF 7CE73618FCCE2E2FAEACF611AA1A4E74 503
1274382371 0 -1 text/html 2078/2078 GET
1274382372.040 RELEASE -1 FFFFFFFF 73DFF8B44CF4A746EE44FF83754CC5E8 503
1274382372 0 -1 text/html 2166/2166 GET
Any help would be greatly apreciated.
As a side note. If anyone can tell me how to show the IP of the squid
server rather than the internal IP of the webserver (as in the error)
that would be a bonus ;)