On 26/10/18 8:26 PM, Angus J. wrote: > What's wrong of my squid.conf from 27 to 3.5? > The port 3128 issue has been fixed > Yes that one is fixed. Now it is complaining about what you changed in cache_peer lines. > > oul163:/etc/squid # squid -k parse...> 2018/10/26 10:14:14| Processing: cache_peer 192.168.31.134 parent 8005 0 ssl > sslflags=DONT_VERIFY_PEER proxy-only name=uathrms > ssloptions=NO_SSLv3:NO_SSLv2 > 2018/10/26 10:14:14| Processing: cache_peer_domain uathrms > uathrms.ouhk.edu.hk > 2018/10/26 10:14:14| Processing: cache_peer_access prdhrms allow hrmsacl> 2018/10/26 10:14:14| /etc/squid/squid.conf, line 154: No cache_peer > 'prdhrms' > 2018/10/26 10:14:14| Processing: cache_peer_access uathrms allow hrmsacl > 2018/10/26 10:14:14| Processing: cache_peer_access sithrms allow hrmsacl > 2018/10/26 10:14:14| /etc/squid/squid.conf, line 156: No cache_peer > 'sithrms' > 2018/10/26 10:14:14| Processing: cache_peer_access devhrms allow hrmsacl > 2018/10/26 10:14:14| /etc/squid/squid.conf, line 157: No cache_peer > 'devhrms' >From the config: > > # the proxy-only indicates that caching will not be performed. > #cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms > #cache_peer_domain prdhrms prdhrms.ouhk.edu.hk > cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER > proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2 > #cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN > proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2 > cache_peer_domain uathrms uathrms.ouhk.edu.hk > #cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER > proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2 > #cache_peer_domain sithrms sithrms.ouhk.edu.hk > #cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER > proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2 > #cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver > name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt > #cache_peer_domain devhrms devhrms.ouhk.edu.hk > You commented out the cache_peer lines defining those peer connections and Squid does not know what to peer the cache_peer_access definitions are mentioning. The only thing that needed removing/replacing was the "cache_peer_domain" lines. >From the config: > # Create an additional ACL for local network access > acl localip src 192.168.0.0/24 > > # access control list > acl hrmsacl dstdomain .ouhk.edu.hk > http_access allow hrmsacl > #acl hrmsacl2 dstdomain devhrms.ouhk.edu.hk > #cache_peer_access devhrms allow hrmsacl2 > cache_peer_access prdhrms allow hrmsacl > cache_peer_access uathrms allow hrmsacl > cache_peer_access sithrms allow hrmsacl > cache_peer_access devhrms allow hrmsacl > #cache_peer_access secure allow SSL_ports > FYI: These rules are far more lenient than what you had before with cache_peer_domain. The previous config let *only* certain domains to each individual peer. These rules now allows *any* sub-domain to any peer. I suggest keeping to the minimal change until you are happy with the new proxy behaviour. The exact equivalent of these lines: cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms cache_peer_domain prdhrms prdhrms.hkbb.edu.hk cache_peer 192.168.31.134 parent 8005 ... name=uathrms cache_peer_domain uathrms uathrms.hkbb.edu.hk cache_peer 192.168.31.134 parent 8004 ... name=sithrms cache_peer_domain sithrms sithrms.hkbb.edu.hk cache_peer 192.168.31.134 parent 8000 ... name=devhrms cache_peer_domain devhrms devhrms.hkbb.edu.hk Are these lines: cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms acl prdhrms-domain dstdomain prdhrms.hkbb.edu.hk cache_peer_access prdhrms allow prdhrms-domain cache_peer 192.168.31.134 parent 8005 ... name=uathrms acl uathrms-domain dstdomain uathrms.hkbb.edu.hk cache_peer_access uathrms allow uathrms-domain cache_peer 192.168.31.134 parent 8004 ... name=sithrms acl sithrms-domain dstdomain sithrms.hkbb.edu.hk cache_peer_access sithrms allow sithrms-domain cache_peer 192.168.31.134 parent 8000 ... name=devhrms acl devhrms-domain dstdomain devhrms.hkbb.edu.hk cache_peer_access devhrms allow devhrms-domain Note that use of the exact sub-domain names remains in place rather than opening everything to the wildcards midway during a proxy upgrade. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
