On 21/09/10 00:02, Nikolaos Pavlidis wrote:
Hello Amos, all,
Many thanks for taking a look at my config!
Comments inline (easier)
On Fri, 2010-09-17 at 23:17 +1200, Amos Jeffries wrote:
On 17/09/10 19:32, Nikolaos Pavlidis wrote:
Hello Amos, all,
Thank you for your response. As far as understanding what you mean I do
(thats something at least) but I fail to see how this will be syntaxed
Answers inline.
My config is as follows please advise(this is not working of course):
# NETWORK OPTIONS
#
-----------------------------------------------------------------------------
http_port 80 accel defaultsite=www.domain.com vhost
https_port 443 cert=/etc/squid/uob/sid_domain.crt
key=/etc/squid/uob/sid_domain.key cafile=/etc/squid/uob/sid_domain.ca
defaultsite=sid.domain.com vhost
>
> https_port 443 cert=/etc/squid/uob/helpdesk_domain.crt
> key=/etc/squid/uob/helpdesk_domain.key
> cafile=/etc/squid/uob/helpdesk_domain.ca defaultsite=helpdesk.domain.com
> vhost
The pubic-facing IP address is needed to open multiple same-numbered ports.
(wrapped for easy reading)
https_port 10.0.0.1:443 accel vhost defaultsite=sid.domain.com
cert=/etc/squid/uob/sid_domain.crt
key=/etc/squid/uob/sid_domain.key
cafile=/etc/squid/uob/sid_domain.ca
https_port 10.0.0.2:443 accel vhost defaultsite=helpdesk.domain.com
cert=/etc/squid/uob/helpdesk_domain.crt
key=/etc/squid/uob/helpdesk_domain.key
cafile=/etc/squid/uob/helpdesk_domain.ca
Unfortunately that did not work! If I define an IP address on the port
it just stops working for some reason! squid reloads with no errors but
access to the host times out.
SSL is on the edge of my knowledge field. This is a bit of a black box
to me now.
Hopefully someone else here knows more details of what to test.
To me it sounds a little like the SSL layer is failing to be setup or
something. For example if the IP does not match the certificate info
domain rDNS, or Host: domain matching the cert, etc.
debug_options 83,6 may have something relevant if it's something
detected by Squid.
<snip>
# OPTIONS FOR TUNING THE CACHE
#
-----------------------------------------------------------------------------
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.css 1440 50% 2880 override-expire
refresh_pattern -i \.swf 1440 50% 2880 ignore-reload override-expire
Missing:
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
That is actually not suggested for our CMS at the moment :/
huh? it specifies that dynamic pages are not to be cached unless they
have Cache-Control/Expires. Not having this causes dynamic pages to be
stored for maybe long periods after they should have been updated.
If there are parts of the site that it matches and are supposed to be
cached for a while, add rules above it for those specific site parts.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.8
Beta testers wanted for 3.2.0.2
