On 13/11/2011 6:16 p.m., Bin Zhou wrote:
Hello everyone. I am building an Apache and Squid Reserve Proxy
environment. Everything looks good except the last step - Squid. I got
a error Connection to ::1 failed.....
Any help would be greatly appreciated. Thank you
Details.....
1) Servers:
Apache HTTP Server runs on server ark08.maya.com 192.168.220.50, HTTP
service port is 8001. The Linux firewall wall has been turned off. The
web page http://ark09.maya.com:8001/hello.py is accessible.
Squid Proxy server runs on server ark09.maya.com 192.168.220.60,
service port 3128. The following error was encountered while trying to
retrieve the URL http://ark09.maya.com:3128/hello.py.
So why does Squid believe your Apache IP address is ::1 (aka "localhost") ?
Start by making your Apache listen on that ::1 IP and Squid will be able
to contact it.
Then we get to some config mistakes...
# Squid normally listens to port 3128
http_port 3128 transparent vhost vport
This is a NAT interception receiving port. Nothing to do with reverse proxy.
#http_port 3128 transparent vhost
#http_port 3128 vhost vport
This last one is a reverse proxy port. But lacks the "accel" mode flag
for enabling reverse proxy. This port is typically 80, since it is the
publicly visible URL port number.
# Peer Web Server Configuration
cache_peer ark08.maya.com parent 8001 0 no-query originserver name=myAccel
acl my_site dstdomain ark08.maya.com
http_access allow my_site
cache_peer_access myAccel allow my_site
#ache_peer_access myAccel deny all
This is reverse proxy. Although ark08.maya.com seems to resolve to
localhost IP from the machine itself, not the Apache service external
facing IP.
Given that Apache should not have an external facing IP in this setup,
that is fine. Just be aware of the detail.
# To fix "Unable to forward this request at this time" problem
always_direct allow all
But then you go and force squid to ignore the cache_peer configuration.
Remove this.
Amos
