On Wed, Sep 18, 2019 at 7:11 AM Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > > All these *_port things are a red herring. The initial problem was > connections to the origin server using HTTPS. > > Connections to originserver peer do not send URL scheme, and use the > settings on the cache_peer directive as the protocol layering and > message framing. So the http(s)_port options should be having no input > into the problem. The problem is something in the unknown cache_peer > settings, or maybe a bug in the new peer selection code. Thanks. I think I've got that bit working. The old v3 config didn't have cache_peers for all of the 150 odd https_port entries the squid server is running. It was a very old version of 3 so it's likely a default changed or the config was relying on an old bug/accidental behaviour to work. However, I don't understand how to send traffic to different ports on the same servers. The reverse-proxy faq and sample configs cover multiple servers and name based virtual hosting but I can't find how to direct to specific ports. For example, some test config (with combinations of vhost and vport): https_port 9000 accel defaultsite=10.240.0.6:80 cert=/etc/pki/tls/cert.crt key=/etc/pki/tls/cert.key vhost https_port 9001 accel defaultsite=10.240.0.6:81 cert=/etc/pki/tls/cert.crt key=/etc/pki/tls/cert.key vhost https_port 9002 accel defaultsite=10.240.0.6:80 cert=/etc/pki/tls/cert.crt key=/etc/pki/tls/cert.key no-vhost https_port 9003 accel defaultsite=10.240.0.6:81 cert=/etc/pki/tls/cert.crt key=/etc/pki/tls/cert.key no-vhost https_port 9004 accel defaultsite=10.240.0.6 cert=/etc/pki/tls/cert.crt key=/etc/pki/tls/cert.key vport=80 vhost https_port 9005 accel defaultsite=10.240.0.6 cert=/etc/pki/tls/cert.crt key=/etc/pki/tls/cert.key vport=81 vhost https_port 9006 accel defaultsite=10.240.0.6 cert=/etc/pki/tls/cert.crt key=/etc/pki/tls/cert.key vport=80 no-vhost https_port 9007 accel defaultsite=10.240.0.6 cert=/etc/pki/tls/cert.crt key=/etc/pki/tls/cert.key vport=81 no-vhost http_port 8000 accel defaultsite=10.240.0.6:80 vhost http_port 8001 accel defaultsite=10.240.0.6:81 vhost http_port 8002 accel defaultsite=10.240.0.6:80 no-vhost http_port 8003 accel defaultsite=10.240.0.6:81 no-vhost http_port 8004 accel defaultsite=10.240.0.6 vport=80 vhost http_port 8005 accel defaultsite=10.240.0.6 vport=81 vhost http_port 8006 accel defaultsite=10.240.0.6 vport=80 no-vhost http_port 8007 accel defaultsite=10.240.0.6 vport=81 no-vhost cache_peer 10.240.0.6 parent 80 0 no-query no-query originserver no-digest login=PASSTHRU name=test80 cache_peer 10.240.0.6 parent 81 0 no-query no-query originserver no-digest login=PASSTHRU name=test81 # end config Requests to 900[0145] see squid make http connections 10.240.0.6:80. Requests 900[2367] see squid make https connections to 10.240.0.6 - my logs don't record the port on the error. Requests to 800[012456] see squid make http connections to 10.240.0.6:80. Requests to 800[37] see squid make http connections to 10.240.0.7:81. So the no-vhost option seems to give me what I want for http_port. However, when I use an https_port with no-vhost squid's requests are being done in https instead of http and without no-vhost all the traffic is directed to port 80 even when 81 is specified in the https_port line (the same applied to http_port for that part). I'm sure I'm missing something obvious, I'll be rereading the squid docs tonight but there's a lot that I don't understand. > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
