Does anyone have any thoughts on this? I am not fond of the idea that both squid instances stopped responding to SSL requests at the same time. James ----- Original Message ----- Hi all, It appears that after about 2 months of up time I has a pair of squid servers stop servicing SSL at the same time. Both are running CentOS 5.5 fully updated. Version: 3.0.STABLE25-1.el5 (from the rpmforge repository) Servers are default CentOS 5.5 install with no packages or package groups installed outside of base. Only squid from rpmforge. They are Dell 2950s with Solid state cache drives. 16G of ram each. They are running in accelerator mode. The config is posted below. They are behind a load balancer. The traffic to about a dozen sites are balanced across these 2 servers. No errors in the error log, No errors in the cache log and nothing in the access log other than no requests for any SSL domains. It appears as if the requests were simply not getting to squid. Netstat showed 2 connections to port 443. Both were off-site addresses. Restarting squid solved the issue. Connections were getting through immediately. All this time non SSL (Port 80 / HTTP) requests were working with no problems. Any thoughts on this? Thanks in advance for any ideas. James Config ==================================== http_port 80 accel vhost #For IP xxx.xxx.xxx.101 https_port xxx.xxx.xxx.101:443 cert=/root/SSL/9696421.crt key=/root/SSL/xxxxxmediagroup.com.key cafile=/root/SSL/9696421.ca-bundle options=NO_SSLv2 accel vhost cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2 https_port xxx.xxx.xxx.103:443 cert=/root/SSL/multi-domain.crt key=/root/SSL/multi-domain.key cafile=/root/SSL/multi-domain.ca-bundle options=NO_SSLv2 accel vhost cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2 # Test Server # Production Servers cache_peer xxx.xxx.xxx.21 parent 80 0 no-query no-digest originserver login=PASS name=default1 round-robin cache_peer xxx.xxx.xxx.22 parent 80 0 no-query no-digest originserver login=PASS name=default2 round-robin cache_peer xxx.xxx.xxx.23 parent 80 0 no-query no-digest originserver login=PASS name=default3 round-robin cache_peer xxx.xxx.xxx.24 parent 80 0 no-query no-digest originserver login=PASS name=default4 round-robin cache_peer xxx.xxx.xxx.25 parent 80 0 no-query no-digest originserver login=PASS name=default5 round-robin # # xxxxxuser cache_peer xxx.xxx.xxx.61 parent 80 0 no-query no-digest originserver login=PASS name=puser1 round-robin cache_peer xxx.xxx.xxx.62 parent 80 0 no-query no-digest originserver login=PASS name=puser2 round-robin cache_peer xxx.xxx.xxx.63 parent 80 0 no-query no-digest originserver login=PASS name=puser3 round-robin cache_peer xxx.xxx.xxx.64 parent 80 0 no-query no-digest originserver login=PASS name=puser4 round-robin cache_peer xxx.xxx.xxx.72 parent 80 0 no-query no-digest originserver login=PASS name=puser5 round-robin # # xxxxxMedia cache_peer xxx.xxx.xxx.51 parent 80 0 no-query no-digest originserver login=PASS name=kmedia1 round-robin cache_peer xxx.xxx.xxx.52 parent 80 0 no-query no-digest originserver login=PASS name=kmedia2 round-robin cache_peer xxx.xxx.xxx.53 parent 80 0 no-query no-digest originserver login=PASS name=kmedia3 round-robin cache_peer xxx.xxx.xxx.54 parent 80 0 no-query no-digest originserver login=PASS name=kmedia4 round-robin cache_peer xxx.xxx.xxx.70 parent 80 0 no-query no-digest originserver login=PASS name=kmedia5 round-robin # # xxxxxworld cache_peer xxx.xxx.xxx.66 parent 80 0 no-query no-digest originserver login=PASS name=pworld1 round-robin cache_peer xxx.xxx.xxx.67 parent 80 0 no-query no-digest originserver login=PASS name=pworld2 round-robin cache_peer xxx.xxx.xxx.68 parent 80 0 no-query no-digest originserver login=PASS name=pworld3 round-robin cache_peer xxx.xxx.xxx.69 parent 80 0 no-query no-digest originserver login=PASS name=pworld4 round-robin cache_peer xxx.xxx.xxx.73 parent 80 0 no-query no-digest originserver login=PASS name=pworld5 round-robin # # xxxxxTraining cache_peer xxx.xxx.xxx.56 parent 80 0 no-query no-digest originserver login=PASS name=ktrain1 round-robin cache_peer xxx.xxx.xxx.57 parent 80 0 no-query no-digest originserver login=PASS name=ktrain2 round-robin cache_peer xxx.xxx.xxx.58 parent 80 0 no-query no-digest originserver login=PASS name=ktrain3 round-robin cache_peer xxx.xxx.xxx.59 parent 80 0 no-query no-digest originserver login=PASS name=ktrain4 round-robin cache_peer xxx.xxx.xxx.71 parent 80 0 no-query no-digest originserver login=PASS name=ktrain5 round-robin # # Ad Server cache_peer xxx.xxx.xxx.30 parent 80 0 no-query no-digest originserver login=PASS name=adserver1 round-robin # acl PURGE method PURGE acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 #acl all src 0.0.0.0/0.0.0.0 # acl our_sites dstdomain origin.xxxxxmediagroup.com acl our_sites dstdomain streamorigin.xxxxxmediagroup.com acl our_sites dstdomain xxxxxtrainingonline.com acl our_sites dstdomain www.xxxxxtrainingonline.com acl our_sites dstdomain images.xxxxxmediagroup.com acl our_sites dstdomain xxxxxfinishingtouches.com acl our_sites dstdomain www.xxxxxfinishingtouches.com acl our_sites dstdomain media.xxxxxmediagroup.com acl our_sites dstdomain origin-media.xxxxxmediagroup.com acl our_sites dstdomain www.media.xxxxxmediagroup.com acl our_sites dstdomain www.scottxxxxx.com acl our_sites dstdomain scottxxxxx.com acl our_sites dstdomain www.xxxxxtv.com acl our_sites dstdomain xxxxxtv.com acl our_sites dstdomain www.planetxxxxx.com acl our_sites dstdomain planetxxxxx.com acl our_sites dstdomain xxxxxusertv.com acl our_sites dstdomain www.xxxxxusertv.com #acl our_sites dstdomain layersmagazine.com #acl our_sites dstdomain www.layersmagazine.com acl our_sites dstdomain www.worldwidephotowalk.com acl our_sites dstdomain worldwidephotowalk.com acl our_sites dstdomain www.mattkloskowski.com acl our_sites dstdomain mattkloskowski.com #acl our_sites dstdomain xxxxxtraininglive.com #acl our_sites dstdomain www.xxxxxtraininglive.com acl our_sites dstdomain xxxxxtv.com acl our_sites dstdomain www.xxxxxtv.com #acl our_sites dstdomain xxxxxkillertips.com #acl our_sites dstdomain www.xxxxxkillertips.com acl our_sites dstdomain xxxxxelementskillertips.com acl our_sites dstdomain www.xxxxxelementskillertips.com acl our_sites dstdomain xxxxxhalloffame.com acl our_sites dstdomain www.xxxxxhalloffame.com acl our_sites dstdomain xxxxxkillertips.com acl our_sites dstdomain www.xxxxxkillertips.com acl our_sites dstdomain xxxxxonline.com acl our_sites dstdomain www.xxxxxonline.com acl our_sites dstdomain xxxxxuserawards.com acl our_sites dstdomain www.xxxxxuserawards.com acl our_sites dstdomain scottxxxxxbooks.com acl our_sites dstdomain www.scottxxxxxbooks.com acl our_sites dstdomain wheretheprosshoot.com acl our_sites dstdomain www.wheretheprosshoot.com acl adserver dstdomain cache.ads.xxxxxmediagroup.com acl ktrain dstdomain xxxxxtraining.com acl ktrain dstdomain www.xxxxxtraining.com acl ktrain dstdomain secure.xxxxxtraining.com acl puser dstdomain www.xxxxxuser.com acl puser dstdomain secure.xxxxxuser.com acl puser dstdomain cache.xxxxxuser.com acl puser dstdomain xxxxxuser.com acl kmedia dstdomain xxxxxmediagroup.com acl kmedia dstdomain www.xxxxxmediagroup.com acl kmedia dstdomain secure.xxxxxmediagroup.com acl kmedia dstdomain layersmagazine.com acl kmedia dstdomain www.layersmagazine.com acl kmedia dstdomain xxxxxkillertips.com acl kmedia dstdomain www.xxxxxkillertips.com acl kmedia dstdomain xxxxxtraininglive.com acl kmedia dstdomain www.xxxxxtraininglive.com #acl kmedia dstdomain xxxxxworld.com #acl kmedia dstdomain www.xxxxxworld.com acl kmedia dstdomain larryscheapshots.com acl kmedia dstdomain www.larryscheapshots.com acl pworld dstdomain www.xxxxxworld.com acl pworld dstdomain secure.xxxxxworld.com acl pworld dstdomain xxxxxworld.com # http_access allow our_sites http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge # # Main Pool cache_peer_access default1 allow our_sites cache_peer_access default1 deny all cache_peer_access default2 allow our_sites cache_peer_access default2 deny all cache_peer_access default3 allow our_sites cache_peer_access default3 deny all cache_peer_access default4 allow our_sites cache_peer_access default4 deny all cache_peer_access default4 allow our_sites cache_peer_access default4 deny all cache_peer_access default5 allow our_sites cache_peer_access default5 deny all # # cache_peer_access ktrain1 allow ktrain cache_peer_access ktrain1 deny all cache_peer_access ktrain2 allow ktrain cache_peer_access ktrain2 deny all cache_peer_access ktrain3 allow ktrain cache_peer_access ktrain3 deny all cache_peer_access ktrain4 allow ktrain cache_peer_access ktrain4 deny all cache_peer_access ktrain4 allow ktrain cache_peer_access ktrain4 deny all cache_peer_access ktrain5 allow ktrain cache_peer_access ktrain5 deny all # # cache_peer_access puser1 allow puser cache_peer_access puser1 deny all cache_peer_access puser2 allow puser cache_peer_access puser2 deny all cache_peer_access puser3 allow puser cache_peer_access puser3 deny all cache_peer_access puser4 allow puser cache_peer_access puser4 deny all cache_peer_access puser4 allow puser cache_peer_access puser4 deny all cache_peer_access puser5 allow puser cache_peer_access puser5 deny all # # cache_peer_access kmedia1 allow kmedia cache_peer_access kmedia1 deny all cache_peer_access kmedia2 allow kmedia cache_peer_access kmedia2 deny all cache_peer_access kmedia3 allow kmedia cache_peer_access kmedia3 deny all cache_peer_access kmedia4 allow kmedia cache_peer_access kmedia4 deny all cache_peer_access kmedia4 allow kmedia cache_peer_access kmedia4 deny all cache_peer_access kmedia5 allow kmedia cache_peer_access kmedia5 deny all # # cache_peer_access pworld1 allow pworld cache_peer_access pworld1 deny all cache_peer_access pworld2 allow pworld cache_peer_access pworld2 deny all cache_peer_access pworld3 allow pworld cache_peer_access pworld3 deny all cache_peer_access pworld4 allow pworld cache_peer_access pworld4 deny all cache_peer_access pworld4 allow pworld cache_peer_access pworld4 deny all cache_peer_access pworld5 allow pworld cache_peer_access pworld5 deny all # # cache_peer_access adserver1 allow adserver cache_peer_access adserver1 deny all # # visible_hostname squid1.xxxxxmediagroup.com # # refresh_pattern (phpmyadmin|process|register|login|contact|signup|admin|gateway|ajax|account|cart|checkout|members) 0 10% 0 refresh_pattern (blog|feed) 300 20% 4320 ignore-no-cache ignore-no-store ignore-reload refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 50% 7200 override-expire ignore-no-cache ignore-no-store ignore-private ignore-reload refresh_pattern -i \.(iso|avi|wav|mp3|mpeg|swf|flv|x-flv)$ 1440 40% 40320 override-expire ignore-no-cache ignore-no-store ignore-private ignore-reload refresh_pattern -i \.mp4$ 1440 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private ignore-reload refresh_pattern -i \.(css|js)$ 300 40% 7200 override-expire ignore-no-cache ignore-no-store ignore-private ignore-reload refresh_pattern -i \.(html|htm)$ 300 40% 7200 refresh_pattern (/cgi-bin/|\?) 300 20% 4320 refresh_pattern . 0 40% 40320 # # cache_effective_user squid cache_mem 1500 MB cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF maximum_object_size_in_memory 128 KB maximum_object_size 1000 MB cache_dir aufs /caches/cache1 30000 64 256 debug_options ALL,1 cache_store_log none pipeline_prefetch on # # shutdown_lifetime 1 second httpd_suppress_version_string on access_log /var/log/squid/squid-access.log squid #access_log none
