On 27/11/23 22:38, Mihkel Tammepuu wrote:
Hello! I am trying to set up a sibling cluster of 4 Squid instances. The purpose of the cluster is redundancy AND sharing cache disk space.
FWIW, if these are running on the same machine you may find SMP workers with rock type cache_dir easier to manage and more efficient with the caching than a traditional cluster.
Everything seems to work fine with http, but with https I cannot see requests being forwarded to siblings. Interestingly, when using HTCP, the siblings do get HTCP_CLR requests, but not HTCP_TST requests and https content is NOT loaded from sibling even if it’s clearly present there. I’m of course using SSL Bump, content from origin servers works fine. I’ve tried Squid 6.5 and 5.9 with same results. What might be wrong? Any way to fix it?
I assume/suspect you have the traditional cache_peer setup without TLS between them.
Squid intentionally does not send decrypted HTTPS traffic over non-TLS connections. That includes your cache_peer.
Try adding the "tls" option to your cache_peer lines and ensure they all use https_port listening in forward-proxy mode to receive that traffic.
If you need more assistance, please show what your config is. We will need the specific details of that to see if any other changes are useful and/or advise on further troubleshooting.
HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
