Hey, I am trying to establish a caching squid proxy - 5.5 openssl - ( to be used with our CI/CD system and cache npm modules (we configure http_proxy in our npm configuration). I've created a configuration with ssl bump-ing and aggressive npm module caching. When a client starts fetching the modules through proxy, everything works fine however quite soon the connections start stalling and all end up timeouting. The logs show that clients did issue a CONNECT, however the connections are stuck (and eventually timeout) and netstat is showing exactly 10 connections in SYN_SENT state towards npm registry. I am kinda puzzled, where this number comes from. I am wondering whether npm registry starts throttling me or I am hitting some networking issue or squid misconfiguration. Does anyone has any idea what could be the issue? (or if someone is using squid for npm module caching, are you willing to share your working squid.conf ;))? Big thank you in advance, br, Jernej The "relevant" parts of my configurations are: acl intermediate_fetching transaction_initiator certificate-fetching http_access allow intermediate_fetching http_port 80 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/certs/squid-self-signed.crt tls-key=/etc/squid/certs/squid-self-signed.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/certs/squid-self-signed_dhparam.pem disable-pmtu-discovery=transparent sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 20MB sslcrtd_children 8 ssl_bump server-first all sslproxy_cert_error deny all forwarded_for delete via off request_header_access X-Forwarded-For deny all request_header_access Via deny all # dns positive_dns_ttl 31 seconds negative_dns_ttl 30 seconds httpd_suppress_version_string on connect_timeout 10 seconds squid -v: https://pastebin.com/KRywK3rN Full config: https://pastebin.com/xsgS5J38 |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users