Sorry for nagging. We want to use both tproxy and accelerator mode. Mainly tproxy for internet traffic and accelerator mode for web server. Also we want to ignore cache control header in the HTTP requests destined for our webserver (abcexample.com) Does the below configuration work ? or Do we need to do add IPtables rules?
http_port 3128
http_port 3129 tproxy
http_port 80 accel defaultsite=abcexample.com ignore-cc
cache_peer abcexample.com/data/ parent 80 0 no-query originserver name=myAccel
acl our_sites dstdomain abcexample.com
http_access allow our_sites
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all
http_port 3128
http_port 3129 tproxy
http_port 80 accel defaultsite=abcexample.com ignore-cc
cache_peer abcexample.com/data/ parent 80 0 no-query originserver name=myAccel
acl our_sites dstdomain abcexample.com
http_access allow our_sites
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all
On Sun, Feb 28, 2016 at 12:05 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 28/02/2016 5:31 p.m., Anonymous cross wrote:
> Hi, Amos,
> We are using forward tproxy . We used to redirect the packets coming from
> client for port 80 to squid proxy server. Squid spoofs the request and
> establishes a connection with Server transparently. Please find the
> configuration below
>
> Client --- > Squid proxy server --- > web Server
>
You talk about TPROXY up here. But your config with the refresh pattern
is for the accel port domain.
If you are a legitimate reverse-proxy / CDN / accel - then intercepting,
even with TPROXY is just plain daft.
> =====
> http_port 3128
> http_port 3129 tproxy
> http_port 80 accel defaultsite=abcexample.com
> refresh_pattern -i abcexample.com/* 600 0% 600 override-expire
> override-lastmod reload-into-ims ignore-reload
> refresh_pattern -i abcexample2.com/* 600 0% 600 override-expire
> override-lastmod reload-into-ims ignore-reload
> =====
You can remove the "/*" part of those patterns, its just wasting config
file space and perhapse confusing you into thinking the '/' part is
being looked for by regex (the '*' cancels its existence out).
reload-into-ims and ignore-reload are mutually exclusive options. Squid
cannot both adjust a reload action and ignore it at the same time.
Remove the ignore-reload.
Add "ignore-cc" to the accel port line to ignore a Cache-Control
arriving from the clients. No you cannot do the same on the tproxy line
without causing a lot of trouble.
You should seriously consider removing override-lastmod as well. That is
usually only used on dynamic content, which is important to keep up-to-date.
>
> Basically we want to increase the page load times by caching the images.
Then adjust your web server outputs to make that happen. Page times will
get even better if you allow cache in the ISPs closer to the clients to
store your images correctly instead of hacking your proxy config to be
the only one doing so efficiently.
The config above indicates that you are the owner of abcexample.com (or
they are a customer of yours) and thus in a position to get problems
like caching times for images fixed at the web server end.
> Sometimes the specific client is triggering HTTP request with cache-control
> as no-cache. We want to mandate the packets coming from specific client to
> be cached in squid to increase the page load times . In order to avoid
> serving the stale content we have configured a refresh pattern.
>
You have configured the refresh_pattern to force Squid to serve stale
content for up to 10 hours. It does not prevent the content being stale.
It just gets delivered by the proxy anyway.
This is kind of what I meant by there usually being a reason for seeing
no-cache.
If you have used refresh_pattern to force things to cache for long times
and the web server indicates they are not supposed to. Then you can
cause pages looking weird, not updating correctly, etc ...
... users press the force-refresh button in their browser to 'fix' the
page they see. Thus generating a no-cache or max-age=0 request (aka
reload) to try and make the page update properly.
... downstream caches think the content is constantly stale and
re-request updates for every user until they get something fresh.
These can waste more bandwidth and actually increase avg page load times
versus letting the objects get refreshed once every N requests.
Force-caching is a pretty popular pasttime. ISPs at least have a little
bit of excuse since they have no way to fix what the web server outputs.
As reverse-proxy operator you do.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--
Regards,
Anonymous cross.
Anonymous cross.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users