Search squid archive

Re: Squid reverse proxy with cache.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



this works only with squid 2.7
if you are using squid 2.7 stable 7 and newer please remove the stale-while-revalidate

On 03/29/2011 10:52 AM, Morgan Storey wrote:
I think I am already using it;

I have also played with the cache control setting in IIS, I get the below if
I wget the index on the webserver:

Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: public, max-age=5,stale-while-revalidate=600,
stale-if-error=36000
Set-Cookie: ASP.NET_SessionId=fdlkjayuf98dsfgnkjdsl7; path=/; HttpOnly
Cache-Control: private

2011/3/29 George Halkias<admin@xxxxxxxx>:
Use stale-if-error cache directive!

http://www.mnot.net/blog/2007/12/12/stale

-----Original Message-----
From: Morgan Storey [mailto:me@xxxxxxxxxxxxxxxx]
Sent: Tuesday, March 29, 2011 10:42 AM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  Squid reverse proxy with cache.

Anyone got any other ideas on why this isn't delving into the cache
when the backend server is down?

On Tue, Mar 22, 2011 at 10:37 AM, Morgan Storey<me@xxxxxxxxxxxxxxxx>  wrote:
Thanks Amos I tried your suggestions, still no good when the webserver
is offline. I get only a single line in the cache.log "2011/03/22
10:28:50| TCP connection to myAccel (10.0.0.18:80) failed"
I have put the squid.conf in the email to make corrections easier (I
have tried that offline mode on but it doesn't seem to work);

dns_nameservers 10.0.0.2 10.0.0.1

cache_dir ufs d:/cache 8000 100 256
cache_mem 512 MB
maximum_object_size_in_memory 10240 KB

access_log e:/squidlogs/access.log squid
cache_log e:/squidlogs/cache.log
cache_store_log e:/squidlogs/store.log
logfile_rotate 10


acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src all    # RFC1918 possible internal network

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl CONNECT method CONNECT

##############################################################

http_port 80 accel defaultsite=www.site.com vhost

#                                        proxy  icp
#          hostname             type     port   port  options
#          -------------------- -------- ----- -----  -----------
cache_peer 10.0.0.18 parent 80 0 no-query originserver name=myAccel


acl our_sites dstdomain www.site.com
forwarded_for on

http_access allow our_sites
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all

cache_effective_group proxy

##############################################################

#
#Allow ICP queries from All
icp_access allow all

#  TAG: max_stale       time-units
#       This option puts an upper limit on how stale content Squid
#       will serve from the cache if cache validation fails.
#
#Default:
max_stale 1 week

#Suggested default:
#refresh_pattern ^ftp:          1440    20%     10080
#refresh_pattern ^gopher:       1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern -i (/umbraco/|\?) 0     0%      0
refresh_pattern .               120     20%     4320

acl QUERY urlpath_regex umbraco \?
acl POST method POST
no_cache deny QUERY
no_cache deny POST

# TIMEOUTS
forward_timeout 15 seconds

# Do not tell the world that which squid version we're running
httpd_suppress_version_string on

# Remove the Caching Control header for upstream servers
header_access Cache-Control deny all

cache_mgr someone@xxxxxxxxxxxxx

#offline_mode on


On Mon, Mar 21, 2011 at 10:26 PM, Amos Jeffries<squid3@xxxxxxxxxxxxx>  wrote:
On 21/03/11 21:44, Morgan Storey wrote:
Some notes on those configs:

(squid1)
  * You can deny CONNECT entirely. It should never happen to a reverse-proxy.
They get native HTTPS connections to their https_port.

  * Your reverse-proxy settings, for cache_peer and the related http_access
rule MUST be above the default forward-proxy rules. Since this appears to be
a pure reverse-proxy you can drop the default config file http_access lines
entirely.
  NP: do that and I believe your Squid will stop needing to wait for DNS. It
only uses it now to check the localnet ACL :)

  * header_access is not a very safe thing to do for Squid-2. It affects both
the client request headers passed to your main server AND the reply headers
destined for the visitor.
  refresh_pattern flag "reload-into-ims" is much safer and helps avoid the
forced reload clients sometimes send.

(squid2)
  * you are missing the http_access reverse-proxy settings. squid1 was
better.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.11
  Beta testers wanted for 3.2.0.5



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux