Search squid archive

Re: Rewriting HTTP to HTTPS for generic package proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2024-07-10 15:31, Fiehe, Christoph wrote:

The problem is that the proxy just forwards the client GET request to the upstream proxy
Why does sending a GET request to the upstream proxy represent a problem in your use case? I cannot find anything in your prior messages on this thread that would preclude sending a GET request to the upstream proxy. 



but in that case a CONNECT is required.


Why?
Please do not interpret my response as implying that this "must send CONNECT" requirement is wrong (or correct). At this point, I am just trying to understand what problem(s) you are trying to solve beyond the one you have originally described. 


Thank you,

Alex.



Working case: Upstream proxy receives a CONNECT from the downstream proxy

2024/07/10 21:06:05.355 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New connection on FD 12
2024/07/10 21:06:05.355 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: connection on conn482169 local=[::]:3128 remote=[::] FD 12 flags=9
2024/07/10 21:06:05.355 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP Request
2024/07/10 21:06:05.355 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 10.2.59.181 NOT found
2024/07/10 21:06:05.355 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: Failed to retrieve connection mark: (-1) (2) No such file or directory (Destination X.X.X.X:3128, source 10.2.59.181:40122)
2024/07/10 21:06:05.355 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 timeout 300
2024/07/10 21:06:05.355 kid1| 5,3| IoCallback.cc(112) finish: called for conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 (0, 0)
2024/07/10 21:06:05.355 kid1| 5,3| Read.cc(93) ReadNow: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1, size 4096, retval 213, errno 0
2024/07/10 21:06:05.355 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 timeout 300
2024/07/10 21:06:05.355 kid1| 33,3| Pipeline.cc(43) back: Pipeline 0x5651b328cb80 empty
2024/07/10 21:06:05.355 kid1| 11,2| client_side.cc(1332) parseHttpRequest: HTTP Client conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1
2024/07/10 21:06:05.355 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client REQUEST:
---------
CONNECT download.docker.com:443 HTTP/1.1
Host: download.docker.com:443
User-Agent: curl/7.81.0
Via: 1.1 pkg-proxy (squid/6.10)
X-Forwarded-For: 10.2.59.102
Cache-Control: max-age=259200
Connection: close

Not working after schema rewrite: Upstream proxy receives a GET from the proxy

2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New connection on FD 12
2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: connection on conn482169 local=[::]:3128 remote=[::] FD 12 flags=9
2024/07/10 18:24:44.031 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP Request
2024/07/10 18:24:44.031 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 10.2.59.181 NOT found
2024/07/10 18:24:44.031 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: Failed to retrieve connection mark: (-1) (2) No such file or directory (Destination X.X.X.X:3128, source 10.2.59.181:59100)
2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300
2024/07/10 18:24:44.031 kid1| 5,3| IoCallback.cc(112) finish: called for conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 (0, 0)
2024/07/10 18:24:44.031 kid1| 5,3| Read.cc(93) ReadNow: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1, size 4096, retval 293, errno 0
2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300
2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(43) back: Pipeline 0x5651b328cb80 empty
2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1332) parseHttpRequest: HTTP Client conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1
2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client REQUEST:
---------
GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease HTTP/1.1
Host: download.docker.com
Accept: text/*
User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive
Via: 1.1 pkg-proxy (squid/6.10)
X-Forwarded-For: 10.2.59.102
Cache-Control: max-age=0
Connection: keep-alive




-----Ursprüngliche Nachricht-----
Von: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
Gesendet: Mittwoch, 10. Juli 2024 18:56
An: squid-users@xxxxxxxxxxxxxxxxxxxxx
Cc: Fiehe, Christoph <c.fiehe@xxxxxxxxxxx>
Betreff: Re:  Rewriting HTTP to HTTPS for generic package proxy

On 2024-07-10 12:42, Fiehe, Christoph wrote:


In the next test case, I used a more modern upstream proxy server based von Squid 6.8

and enabled debugging.


The log shows the error SQUID_TLS_ERR_CONNECT+GNUTLS_E_FATAL_ALERT_RECEIVED. I am not

sure, what I can do to prevent it from occurring

I cannot help with GnuTLS, but I can recommend using Squid built with
OpenSSL libraries (./configure --with-openssl) instead of Squid built
with GnuTLS.


HTH,

Alex.




2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New connection on FD 12
2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: connection on

conn482169 local=[::]:3128 remote=[::] FD 12 flags=9

2024/07/10 18:24:44.031 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP Request
2024/07/10 18:24:44.031 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 10.2.59.181

NOT found

2024/07/10 18:24:44.031 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: Failed to

retrieve connection mark: (-1) (2) No such file or directory (Destination
212.89.134.12:3128, source 10.2.59.181:59100)

2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175

local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300

2024/07/10 18:24:44.031 kid1| 5,3| IoCallback.cc(112) finish: called for conn482175

local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 (0, 0)

2024/07/10 18:24:44.031 kid1| 5,3| Read.cc(93) ReadNow: conn482175

local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1, size 4096, retval 293,
errno 0

2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175

local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300

2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(43) back: Pipeline 0x5651b328cb80 empty
2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1332) parseHttpRequest: HTTP Client

conn482175 local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1

2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client

REQUEST:

---------
GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease HTTP/1.1
Host: download.docker.com
Accept: text/*
User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive
Via: 1.1 pkg-proxy (squid/6.10)
X-Forwarded-For: 10.2.59.102
Cache-Control: max-age=0
Connection: keep-alive


----------
2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(1364) parseHttpRequest: complete

request received. prefix_sz = 293, request-line-size=77, mime-header-size=216, mime header
block:

Host: download.docker.com
Accept: text/*
User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive
Via: 1.1 pkg-proxy (squid/6.10)
X-Forwarded-For: 10.2.59.102
Cache-Control: max-age=0
Connection: keep-alive


----------
2024/07/10 18:24:44.031 kid1| 87,3| clientStream.cc(139) clientStreamInsertHead:

clientStreamInsertHead: Inserted node 0x5651b6c14538 with data 0x5651b379ecb0 after head

2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175

local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 86400

2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(1767) add: 0x5651b379dc40*3 to 0/0
2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(24) add: Pipeline 0x5651b328cb80 add

request 1 0x5651b379dc40*4

2024/07/10 18:24:44.031 kid1| 23,3| Uri.cc(446) parse: Split URL

'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease' into proto='https',
host='download.docker.com', port='443', path='/linux/ubuntu/dists/jammy/InRelease'

2024/07/10 18:24:44.031 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP

'download.docker.com': Name or service not known

2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(702) clientSetKeepaliveFlag: http_ver

= HTTP/1.1

2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(703) clientSetKeepaliveFlag: method =

GET

2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(123) ClientRequestContext:

ClientRequestContext constructed, this=0x5651b667b8b8

2024/07/10 18:24:44.031 kid1| 83,3| client_side_request.cc(1709) doCallouts: Doing

calloutContext->hostHeaderVerify()

2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(607) hostHeaderVerify:

validate host=download.docker.com, port=0, portStr=NULL

2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(621) hostHeaderVerify:

validate skipped.

2024/07/10 18:24:44.031 kid1| 83,3| client_side_request.cc(1716) doCallouts: Doing

calloutContext->clientAccessCheck()

2024/07/10 18:24:44.031 kid1| 28,3| Checklist.cc(69) preCheck: 0x5651b56d0d38 checking

slow rules

2024/07/10 18:24:44.032 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' found
2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked:

follow_x_forwarded_for#1 = 1

2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: follow_x_forwarded_for

= 1

2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(62) markFinished: 0x5651b56d0d38 answer

DENIED for match

2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(162) checkCallback:

ACLChecklist::checkCallback: 0x5651b56d0d38 answer=DENIED

2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(69) preCheck: 0x5651b5f334e8 checking

slow rules

2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: Safe_ports = 1
2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: !Safe_ports = 0
2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#1 = 0
2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#2 = 0
2024/07/10 18:24:44.032 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT

found

2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: localhost = 0
2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#3 = 0
2024/07/10 18:24:44.032 kid1| 28,3| RegexData.cc(50) match: checking

'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'

2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: manager = 0
2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#4 = 0
2024/07/10 18:24:44.032 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname:

'download.docker.com', flags=1

2024/07/10 18:24:44.032 kid1| 14,3| ipcache.cc(314) ipcacheRelease: ipcacheRelease:

Releasing entry for 'download.docker.com'

2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP

'download.docker.com': Name or service not known

2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP

'download.docker.com': Name or service not known

2024/07/10 18:24:44.032 kid1| 78,3| dns_internal.cc(1793) idnsALookup: idnsALookup: buf

is 37 bytes for download.docker.com, id = 0xc228

2024/07/10 18:24:44.032 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:

Attempt to send UDP packet to X.X.X.X:53 using FD 10 using Port 52871

2024/07/10 18:24:44.032 kid1| 78,3| dns_internal.cc(1729) idnsSendSlaveAAAAQuery: buf is

48 bytes for download.docker.com, id = 0x798c

2024/07/10 18:24:44.032 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:

Attempt to send UDP packet to X.X.X.X:53 using FD 10 using Port 52871

2024/07/10 18:24:44.032 kid1| 28,3| DestinationIp.cc(78) match: can't yet compare

'to_localhost' ACL for download.docker.com

2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP

'download.docker.com': Name or service not known

2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: to_localhost = -1

async

2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#5 = -1

async

2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access = -1 async
2024/07/10 18:24:44.048 kid1| 78,3| dns_internal.cc(1320) idnsRead: idnsRead: starting

with FD 10

2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1366) idnsRead: idnsRead: FD 10:

received 144 bytes from X.X.X.X:53

2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1173) idnsGrokReply: idnsGrokReply:

QID 0xc228, 5 answers

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 5 answers for

download.docker.com

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #1

108.138.7.18

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #2

108.138.7.33

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #3

108.138.7.48

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #4

108.138.7.88

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 5 answers for

download.docker.com

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #1

108.138.7.18

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #2

108.138.7.33

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #3

108.138.7.48

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #4

108.138.7.88

2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1320) idnsRead: idnsRead: starting

with FD 10

2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1366) idnsRead: idnsRead: FD 10:

received 315 bytes from X.X.X.X:53

2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1173) idnsGrokReply: idnsGrokReply:

QID 0x798c, 9 answers

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 9 answers for

download.docker.com

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #5

[2600:9000:2490:2200:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #6

[2600:9000:2490:3600:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #7

[2600:9000:2490:7000:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #8

[2600:9000:2490:d600:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #9

[2600:9000:2490:5a00:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #10

[2600:9000:2490:6600:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #11

[2600:9000:2490:b600:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #12

[2600:9000:2490:aa00:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(587) ipcacheHandleReply: done with

download.docker.com: 108.138.7.18 #1/12-0

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 9 answers for

download.docker.com

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #5

[2600:9000:2490:2200:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #6

[2600:9000:2490:3600:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #7

[2600:9000:2490:7000:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #8

[2600:9000:2490:d600:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #9

[2600:9000:2490:5a00:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #10

[2600:9000:2490:6600:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #11

[2600:9000:2490:b600:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #12

[2600:9000:2490:aa00:3:db06:4200:93a1]

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(587) ipcacheHandleReply: done with

download.docker.com: 108.138.7.18 #1/12-0

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(314) ipcacheRelease: ipcacheRelease:

Releasing entry for 'download.docker.com'

2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname:

'download.docker.com', flags=1

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.18' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.33' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.48' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.88' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:2200:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:3600:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:7000:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:d600:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:5a00:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:6600:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:b600:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:aa00:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: to_localhost = 0
2024/07/10 18:24:44.049 kid1| 28,3| InnerNode.cc(100) resumeMatchingAt: checked:

http_access#5 = 0

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: PURGE = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#6 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: PURGE = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#7 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: localhost = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#8 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: nocnet = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#9 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: EXTERNAL_DEV_CLIENTS =

0

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#10 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#11 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#12 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#13 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#14 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#15 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#16 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#17 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: Safe_ports = 1
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: !Safe_ports = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#18 = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#19 = 0
2024/07/10 18:24:44.049 kid1| 28,3| RegexData.cc(50) match: checking

'/linux/ubuntu/dists/jammy/InRelease'

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: worm = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#20 = 0
2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname:

'download.docker.com', flags=1

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.18' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.33' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.48' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.88' NOT

found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:2200:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:3600:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:7000:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:d600:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:5a00:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:6600:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:b600:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'[2600:9000:2490:aa00:3:db06:4200:93a1]' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: SEUCHEN_IPS = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#21 = 0
2024/07/10 18:24:44.049 kid1| 28,3| DomainData.cc(110) match: aclMatchDomainList:

checking 'download.docker.com'

2024/07/10 18:24:44.049 kid1| 28,3| DomainData.cc(115) match: aclMatchDomainList:

'download.docker.com' NOT found

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: SEUCHEN_DOMAINS = 0
2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#22 = 0
2024/07/10 18:24:44.049 kid1| 28,3| RegexData.cc(50) match: checking

'download.docker.com'

2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: SEUCHEN_DOMAINS_REGEX

= 0

2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: http_access#23 = 0
2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT

found

2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: http_access#24 = 0
2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' found
2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: REPOSITORY-CLIENTS = 1
2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(110) match: aclMatchDomainList:

checking 'download.docker.com'

2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(115) match: aclMatchDomainList:

'download.docker.com' found

2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: REPOSITORY-ZIELE = 1
2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: http_access#25 = 1
2024/07/10 18:24:44.050 kid1| 28,3| InnerNode.cc(100) resumeMatchingAt: checked:

http_access = 1

2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: 0x5651b5f334e8 answer

ALLOWED for match

2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(162) checkCallback:

ACLChecklist::checkCallback: 0x5651b5f334e8 answer=ALLOWED

2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(715) clientAccessCheckDone:

The request GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease is ALLOWED;
last ACL checked: REPOSITORY-ZIELE

2024/07/10 18:24:44.050 kid1| 83,3| AccessCheck.cc(42) Start: adaptation off, skipping
2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1744) doCallouts: Doing

calloutContext->clientAccessCheck2()

2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(693) clientAccessCheck2: No

adapted_http_access configuration. default: ALLOW

2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(715) clientAccessCheckDone:

The request GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease is ALLOWED;
last ACL checked: REPOSITORY-ZIELE

2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1762) doCallouts: Doing

clientInterpretRequestHeaders()

2024/07/10 18:24:44.050 kid1| 85,3| client_side_request.cc(117) ~ClientRequestContext:

ClientRequestContext destructed, this=0x5651b667b8b8

2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1856) doCallouts: calling

processRequest()

2024/07/10 18:24:44.050 kid1| 87,3| clientStream.cc(178) clientStreamRead:

clientStreamRead: Calling 1 with cbdata 0x5651b379fd80 from node 0x5651b6c14538

2024/07/10 18:24:44.050 kid1| 73,3| HttpRequest.cc(742) storeId: sent back

effectiveRequestUrl: https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 20,3| Controller.cc(429) peek:

D3522EE27FB0ED7004DD594AF7674667

2024/07/10 18:24:44.050 kid1| 85,3| client_side_reply.cc(1523) identifyFoundObject:

StoreEntry is NULL -  MISS

2024/07/10 18:24:44.050 kid1| 20,3| store.cc(731) storeCreatePureEntry:

storeCreateEntry: 'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'

2024/07/10 18:24:44.050 kid1| 20,3| MemObject.cc(99) MemObject: MemObject constructed,

this=0x5651b3ae4fc0

2024/07/10 18:24:44.050 kid1| 88,3| MemObject.cc(82) setUris: 0x5651b3ae4fc0 storeId:

https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: storeCreateEntry locked key

[null_store_key] e:=V/0x5651b365e210*1

2024/07/10 18:24:44.050 kid1| 20,3| store.cc(537) setPrivateKey: 00

e:=V/0x5651b365e210*1

2024/07/10 18:24:44.050 kid1| 20,3| store.cc(413) hashInsert: StoreEntry::hashInsert:

Inserting Entry e:=IV/0x5651b365e210*1 key '8349000000000000D107000001000000'

2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: store_client locked key

8349000000000000D107000001000000 e:=IV/0x5651b365e210*2

2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(243) copy: store_client::copy:

8349000000000000D107000001000000, from 0, for length 4096, cb 1, cbdata 0x5651b379ece8

2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: store_client::copy locked key

8349000000000000D107000001000000 e:=IV/0x5651b365e210*3

2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(343) storeClientCopy2:

storeClientCopy2: 8349000000000000D107000001000000

2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(390) doCopy: store_client::doCopy:

Waiting for more

2024/07/10 18:24:44.050 kid1| 20,3| store.cc(458) unlock: store_client::copy unlocking

key 8349000000000000D107000001000000 e:=IV/0x5651b365e210*3

2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: 0x7ffef6c09e30 checking

fast rules

2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181:59100'

found

2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: miss_access#1 = 1
2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: miss_access = 1
2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: 0x7ffef6c09e30 answer

ALLOWED for match

2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(373) Start:

'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'

2024/07/10 18:24:44.050 kid1| 17,2| FwdState.cc(133) FwdState: Forwarding client request

conn482175 local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1,
url=https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: FwdState locked key

8349000000000000D107000001000000 e:=IV/0x5651b365e210*3

2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(140) FwdState: FwdState constructed,

this=0x5651b695faf8

2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(309) peerSelect:

e:=IV/0x5651b365e210*3 https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: peerSelect locked key

8349000000000000D107000001000000 e:=IV/0x5651b365e210*4

2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(612) selectMore: GET

download.docker.com

2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(617) selectMore: direct =

DIRECT_UNKNOWN (always_direct to be checked)

2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: 0x5651b56d0d38 checking

slow rules

2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' found
2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: always_direct#1 = 1
2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: always_direct = 1
2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: 0x5651b56d0d38 answer

ALLOWED for match

2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(162) checkCallback:

ACLChecklist::checkCallback: 0x5651b56d0d38 answer=ALLOWED

2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(373) checkAlwaysDirectDone: ALLOWED
2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(379) checkAlwaysDirectDone: direct =

DIRECT_YES (always_direct allow)

2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(612) selectMore: GET

download.docker.com

2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(1102) addSelection: adding

HIER_DIRECT#download.docker.com

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(460) resolveSelected: Find IP

destination for: https://download.docker.com/linux/ubuntu/dists/jammy/InRelease' via
download.docker.com

2024/07/10 18:24:44.050 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP

'download.docker.com': Name or service not known

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482176 local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1, destination #1
for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482176

local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(1124) connectStart: 1+ paths to

https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482177 local=0.0.0.0 remote=108.138.7.33:443 HIER_DIRECT flags=1, destination #2
for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482177

local=0.0.0.0 remote=108.138.7.33:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482178 local=0.0.0.0 remote=108.138.7.48:443 HIER_DIRECT flags=1, destination #3
for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482178

local=0.0.0.0 remote=108.138.7.48:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482179 local=0.0.0.0 remote=108.138.7.88:443 HIER_DIRECT flags=1, destination #4
for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482179

local=0.0.0.0 remote=108.138.7.88:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482180 local=[::] remote=[2600:9000:2490:2200:3:db06:4200:93a1]:443 HIER_DIRECT
flags=1, destination #5 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482180

local=[::] remote=[2600:9000:2490:2200:3:db06:4200:93a1]:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482181 local=[::] remote=[2600:9000:2490:3600:3:db06:4200:93a1]:443 HIER_DIRECT
flags=1, destination #6 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482181

local=[::] remote=[2600:9000:2490:3600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482182 local=[::] remote=[2600:9000:2490:7000:3:db06:4200:93a1]:443 HIER_DIRECT
flags=1, destination #7 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482182

local=[::] remote=[2600:9000:2490:7000:3:db06:4200:93a1]:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482183 local=[::] remote=[2600:9000:2490:d600:3:db06:4200:93a1]:443 HIER_DIRECT
flags=1, destination #8 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482183

local=[::] remote=[2600:9000:2490:d600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482184 local=[::] remote=[2600:9000:2490:5a00:3:db06:4200:93a1]:443 HIER_DIRECT
flags=1, destination #9 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482184

local=[::] remote=[2600:9000:2490:5a00:3:db06:4200:93a1]:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482185 local=[::] remote=[2600:9000:2490:6600:3:db06:4200:93a1]:443 HIER_DIRECT
flags=1, destination #10 for
https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482185

local=[::] remote=[2600:9000:2490:6600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482186 local=[::] remote=[2600:9000:2490:b600:3:db06:4200:93a1]:443 HIER_DIRECT
flags=1, destination #11 for
https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482186

local=[::] remote=[2600:9000:2490:b600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364

found conn482187 local=[::] remote=[2600:9000:2490:aa00:3:db06:4200:93a1]:443 HIER_DIRECT
flags=1, destination #12 for
https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =

ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =

DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482187

local=[::] remote=[2600:9000:2490:aa00:3:db06:4200:93a1]:443 HIER_DIRECT flags=1

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(479) resolveSelected:

PeerSelector64364 found all 12 destinations for
https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(480) resolveSelected:   always_direct

= ALLOWED

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(481) resolveSelected:    never_direct

= DUNNO

2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(482) resolveSelected:        timedout

= 0

2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(241) ~PeerSelector:

https://download.docker.com/linux/ubuntu/dists/jammy/InRelease

2024/07/10 18:24:44.050 kid1| 20,3| store.cc(458) unlock: peerSelect unlocking key

8349000000000000D107000001000000 e:=p2IV/0x5651b365e210*4

2024/07/10 18:24:44.050 kid1| 48,3| pconn.cc(474) popStored: lookup for key

{108.138.7.18:443/download.docker.com} failed.

2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: 0x7ffef6c0a460 checking

fast ACLs

2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(110) match: aclMatchDomainList:

checking 'download.docker.com'

2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(115) match: aclMatchDomainList:

'download.docker.com' NOT found

2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: SKIP_PALO_DOMAINS_FAST

= 0

2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked:

!SKIP_PALO_DOMAINS_FAST = 1

2024/07/10 18:24:44.051 kid1| 28,3| Acl.cc(175) matches: checked: (tcp_outgoing_mark

0x14 line) = 1

2024/07/10 18:24:44.051 kid1| 28,3| Acl.cc(175) matches: checked: tcp_outgoing_mark 0x14

= 1

2024/07/10 18:24:44.051 kid1| 28,3| Checklist.cc(62) markFinished: 0x7ffef6c0a460 answer

ALLOWED for match

2024/07/10 18:24:44.051 kid1| 17,3| FwdState.cc(1568) GetMarkingsToServer: from 0.0.0.0

tos 0 netfilter mark 20

2024/07/10 18:24:44.051 kid1| 5,3| ConnOpener.cc(42) ConnOpener: will connect to

conn482189 local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1 with 60 timeout

2024/07/10 18:24:44.051 kid1| 50,3| comm.cc(378) comm_openex: comm_openex: Attempt open

socket for: 0.0.0.0

2024/07/10 18:24:44.051 kid1| 50,3| comm.cc(420) comm_openex: comm_openex: Opened socket

conn482190 local=0.0.0.0 remote=[::] FD 19 flags=1 : family=2, type=1, protocol=6

2024/07/10 18:24:44.051 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 19

download.docker.com

2024/07/10 18:24:44.051 kid1| 50,3| QosConfig.cc(581) setSockNfmark: for FD 19 to 20
2024/07/10 18:24:44.051 kid1| 5,3| ConnOpener.cc(312) createFd: conn482189 local=0.0.0.0

remote=108.138.7.18:443 HIER_DIRECT flags=1 will timeout in 60

2024/07/10 18:24:44.058 kid1| 83,2| Io.cc(161) Handshake: handshake IN: Unknown

Handshake packet

2024/07/10 18:24:44.058 kid1| 83,2| Io.cc(163) Handshake: handshake OUT: CLIENT HELLO
2024/07/10 18:24:44.058 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482189

local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1 timeout 60

2024/07/10 18:24:44.064 kid1| 83,2| Io.cc(161) Handshake: handshake IN: Unknown

Handshake packet

2024/07/10 18:24:44.064 kid1| 83,2| Io.cc(163) Handshake: handshake OUT: CLIENT HELLO
2024/07/10 18:24:44.064 kid1| 83,2| PeerConnector.cc(279) handleNegotiationResult:

ERROR: Cannot establish a TLS connection to conn482189 local=X.X.X.X:36718
remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1:

      problem: failure
      detail: SQUID_TLS_ERR_CONNECT+GNUTLS_E_FATAL_ALERT_RECEIVED
2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(625) commUnsetConnTimeout: Remove timeout for

conn482189 local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1

2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482189

local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1 timeout -1

2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(850) _comm_close: start closing FD 19 by

Connection.cc:108

2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(586) commUnsetFdTimeout: Remove timeout for

FD 19

2024/07/10 18:24:44.064 kid1| 83,3| Session.cc(36) tls_read_method: started for

session=0x5651b404d2c0

2024/07/10 18:24:44.064 kid1| 51,3| fd.cc(93) fd_close: fd_close FD 19 server https

start

2024/07/10 18:24:44.064 kid1| 17,3| FwdState.cc(471) fail: ERR_SECURE_CONNECT_FAIL

"Service Unavailable"

	https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
2024/07/10 18:24:44.064 kid1| 17,3| FwdState.cc(781) retryOrBail: re-forwarding (1

tries, 0 secs)




-----Ursprüngliche Nachricht-----
Von: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
Gesendet: Mittwoch, 10. Juli 2024 14:50
An: squid-users@xxxxxxxxxxxxxxxxxxxxx
Cc: Fiehe, Christoph <c.fiehe@xxxxxxxxxxx>
Betreff: Re:  Rewriting HTTP to HTTPS for generic package proxy

On 2024-07-09 18:25, Fiehe, Christoph wrote:


I hope that somebody has an idea, what I am doing wrong.


AFAICT from the debugging log, it is your parent proxy that returns an
ERR_SECURE_CONNECT_FAIL error page in response to a seemingly valid
"HEAD https://..."; request. Can you ask their admin to investigate? You
may also recommend that they upgrade from Squid v4 that has many known
security vulnerabiities.

If parent is uncooperative, you can try to reproduce the problem by
temporary installing your own parent Squid instance and configuring your
child Squid to use that instead.

HTH,

Alex.
P.S. Unlike Amos, I do not see serious conceptual problems with
rewriting request target scheme (as a temporary compatibility measure).
It may not always work, for various reasons, but it does not necessarily
make things worse (and may make things better).




I try to build a generic package proxy with Squid and need the feature
to rewrite (not redirect) a HTTP request to a package repository
transparently to a HTTPS-based package source. I was able to get Jesred
working and defined the following rewrite rule:


regex ^http:\/\/download\.docker\.com(.*)$ https://download.docker.com\1

I had to use a parent upstream proxy. In my test case the rule gets applied

successfully:


1720558404.106 10.2.59.102/molecule-ubuntu-jammy.lx.mycompany.de



http://download.docker.com/linux/ubuntu/dists/jammy/InRelease[http://download.docker.com/l

inux/ubuntu/dists/jammy/InRelease]
https://download.docker.com/linux/ubuntu/dists/jammy/InRelease 2


I have validated that the returned URL is correct and that the resource is accessible

via my upstream proxy.


But at the very end, the client receives a 503 error code. I have set "debug_options

ALL,3" and this gives the log:


[...]
2024/07/09 23:35:40.115 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client

REQUEST:

---------
HEAD



http://download.docker.com/linux/ubuntu/dists/jammy/InRelease[http://download.docker.com/l

inux/ubuntu/dists/jammy/InRelease] HTTP/1.1

Host: download.docker.com
User-Agent: curl/7.81.0
Accept: */*
Proxy-Connection: Keep-Alive


----------
2024/07/09 23:35:40.115 kid1| 33,3| client_side.cc(1364) parseHttpRequest: complete

request received. prefix_sz = 174, request-line-size=77, mime-header-size=97, mime

header

block:

Host: download.docker.com
User-Agent: curl/7.81.0
Accept: */*
Proxy-Connection: Keep-Alive


----------
2024/07/09 23:35:40.115 kid1| 87,3| clientStream.cc(139) clientStreamInsertHead:

clientStreamInsertHead: Inserted node 0x5c3ba4154308 with data 0x5c3ba4152950 after

head

2024/07/09 23:35:40.115 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn9

local=10.2.59.103:8000 remote=10.2.59.102:56466 FD 15 flags=1 timeout 86400

2024/07/09 23:35:40.115 kid1| 33,3| client_side.cc(1767) add: 0x5c3ba41518e0*3 to 0/0
2024/07/09 23:35:40.115 kid1| 33,3| Pipeline.cc(24) add: Pipeline 0x5c3ba41501f0 add

request 1 0x5c3ba41518e0*4

2024/07/09 23:35:40.115 kid1| 23,3| Uri.cc(446) parse: Split URL



'http://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[http://download.docker.com

/linux/ubuntu/dists/jammy/InRelease'] into proto='http', host='download.docker.com',
port='80', path='/linux/ubuntu/dists/jammy/InRelease'

2024/07/09 23:35:40.115 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP

'download.docker.com': Name or service not known

2024/07/09 23:35:40.115 kid1| 33,3| client_side.cc(702) clientSetKeepaliveFlag:

http_ver

= HTTP/1.1

2024/07/09 23:35:40.115 kid1| 33,3| client_side.cc(703) clientSetKeepaliveFlag: method

=

HEAD

2024/07/09 23:35:40.115 kid1| 85,3| client_side_request.cc(122) ClientRequestContext:

ClientRequestContext constructed, this=0x5c3ba4154e78

2024/07/09 23:35:40.115 kid1| 83,3| client_side_request.cc(1708) doCallouts: Doing

calloutContext->hostHeaderVerify()

2024/07/09 23:35:40.115 kid1| 85,3| client_side_request.cc(606) hostHeaderVerify:

validate host=download.docker.com, port=0, portStr=NULL

2024/07/09 23:35:40.115 kid1| 85,3| client_side_request.cc(620) hostHeaderVerify:

validate skipped.

2024/07/09 23:35:40.115 kid1| 83,3| client_side_request.cc(1715) doCallouts: Doing

calloutContext->clientAccessCheck()

2024/07/09 23:35:40.115 kid1| 28,3| Checklist.cc(69) preCheck: 0x5c3ba41552d8 checking

slow rules

2024/07/09 23:35:40.115 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'10.2.59.102:56466'

found

2024/07/09 23:35:40.115 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
2024/07/09 23:35:40.115 kid1| 28,3| Acl.cc(175) matches: checked: http_access#1 = 1
2024/07/09 23:35:40.115 kid1| 28,3| Acl.cc(175) matches: checked: http_access = 1
2024/07/09 23:35:40.115 kid1| 28,3| Checklist.cc(62) markFinished: 0x5c3ba41552d8

answer

ALLOWED for match

2024/07/09 23:35:40.115 kid1| 28,3| Checklist.cc(162) checkCallback:

ACLChecklist::checkCallback: 0x5c3ba41552d8 answer=ALLOWED

2024/07/09 23:35:40.115 kid1| 85,2| client_side_request.cc(714) clientAccessCheckDone:

The request HEAD


http://download.docker.com/linux/ubuntu/dists/jammy/InRelease[http://download.docker.com/l

inux/ubuntu/dists/jammy/InRelease] is ALLOWED; last ACL checked: all

2024/07/09 23:35:40.115 kid1| 83,3| AccessCheck.cc(42) Start: adaptation off, skipping
2024/07/09 23:35:40.115 kid1| 83,3| client_side_request.cc(1735) doCallouts: Doing

calloutContext->clientRedirectStart()

2024/07/09 23:35:40.115 kid1| 78,3| dns_internal.cc(1836) idnsPTRLookup:

idnsPTRLookup:

buf is 42 bytes for 10.2.59.102, id = 0x8d95

2024/07/09 23:35:40.115 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:

Attempt to send UDP packet to 127.0.0.53:53 using FD 11 using Port 54280

2024/07/09 23:35:40 kid1| Starting new redirector helpers...
current master transaction: master54
2024/07/09 23:35:40 kid1| helperOpenServers: Starting 1/3 'jesred' processes
current master transaction: master54
2024/07/09 23:35:40.115 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 17 IPC UNIX

STREAM

Parent

2024/07/09 23:35:40.115 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 19 IPC UNIX

STREAM

Parent

2024/07/09 23:35:40.115 kid1| 54,3| ipc.cc(212) ipcCreate: ipcCreate: prfd FD 17
2024/07/09 23:35:40.115 kid1| 54,3| ipc.cc(213) ipcCreate: ipcCreate: pwfd FD 17
2024/07/09 23:35:40.115 kid1| 54,3| ipc.cc(214) ipcCreate: ipcCreate: crfd FD 19
2024/07/09 23:35:40.115 kid1| 54,3| ipc.cc(215) ipcCreate: ipcCreate: cwfd FD 19
2024/07/09 23:35:40.116 kid1| 5,3| comm.cc(850) _comm_close: start closing FD 19 by

ipc.cc:271

2024/07/09 23:35:40.116 kid1| 5,3| comm.cc(586) commUnsetFdTimeout: Remove timeout for

FD 19

2024/07/09 23:35:40.116 kid1| 21,3| tools.cc(561) leave_suid: leave_suid: PID 503746

called

2024/07/09 23:35:40.116 kid1| 21,3| tools.cc(651) no_suid: no_suid: PID 503746 giving

up

root privileges forever

2024/07/09 23:35:40.116 kid1| 5,3| comm.cc(586) commUnsetFdTimeout: Remove timeout for

FD 17

2024/07/09 23:35:40.117 kid1| 84,3| helper.cc(1310) GetFirstAvailable:

GetFirstAvailable: Least-loaded helper is fully loaded!

2024/07/09 23:35:40.117 kid1| 51,3| fd.cc(93) fd_close: fd_close FD 19 IPC UNIX STREAM

Parent

2024/07/09 23:35:40.117 kid1| 78,3| dns_internal.cc(1319) idnsRead: idnsRead: starting

with FD 11

2024/07/09 23:35:40.117 kid1| 78,3| dns_internal.cc(1365) idnsRead: idnsRead: FD 11:

received 92 bytes from 127.0.0.53:53

2024/07/09 23:35:40.117 kid1| 78,3| dns_internal.cc(1172) idnsGrokReply:

idnsGrokReply:

QID 0x8d95, 1 answers

2024/07/09 23:35:40.117 kid1| 35,3| fqdncache.cc(336) fqdncacheParse: fqdncacheParse:

1

answers for '10.2.59.102'

2024/07/09 23:35:40.117 kid1| 5,3| IoCallback.cc(112) finish: called for conn11

local=[::] remote=[::] FD 17 flags=1 (0, 0)

2024/07/09 23:35:40.125 kid1| 5,3| Read.cc(148) HandleRead: FD 17, size 32767, retval

80, errno 0

2024/07/09 23:35:40.125 kid1| 5,3| IoCallback.cc(112) finish: called for conn10

local=[::] remote=[::] FD 17 flags=1 (0, 0)

2024/07/09 23:35:40.125 kid1| 84,3| helper.cc(1022) helperHandleRead:

helperHandleRead:

end of reply found

2024/07/09 23:35:40.125 kid1| 84,3| Reply.cc(41) finalize: Parsing helper buffer
2024/07/09 23:35:40.125 kid1| 84,3| Reply.cc(59) finalize: Buff length is larger than

2

2024/07/09 23:35:40.125 kid1| 84,3| Reply.cc(63) finalize: helper Result = OK
2024/07/09 23:35:40.125 kid1| 23,3| Uri.cc(446) parse: Split URL



'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.c

om/linux/ubuntu/dists/jammy/InRelease'] into proto='https', host='download.docker.com',
port='443', path='/linux/ubuntu/dists/jammy/InRelease'

2024/07/09 23:35:40.125 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP

'download.docker.com': Name or service not known

2024/07/09 23:35:40.125 kid1| 61,2| client_side_request.cc(1235) clientRedirectDone:

URL-rewriter diverts URL from


http://download.docker.com/linux/ubuntu/dists/jammy/InRelease[http://download.docker.com/l

inux/ubuntu/dists/jammy/InRelease] to


https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.125 kid1| 83,3| client_side_request.cc(1743) doCallouts: Doing

calloutContext->clientAccessCheck2()

2024/07/09 23:35:40.125 kid1| 85,2| client_side_request.cc(692) clientAccessCheck2: No

adapted_http_access configuration. default: ALLOW

2024/07/09 23:35:40.125 kid1| 85,2| client_side_request.cc(714) clientAccessCheckDone:

The request HEAD


https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease] is ALLOWED; last ACL checked: all

2024/07/09 23:35:40.126 kid1| 83,3| client_side_request.cc(1761) doCallouts: Doing

clientInterpretRequestHeaders()

2024/07/09 23:35:40.126 kid1| 83,3| client_side_request.cc(1770) doCallouts: Doing

calloutContext->checkNoCache()

2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(69) preCheck: 0x5c3ba41552d8 checking

slow rules

2024/07/09 23:35:40.126 kid1| 28,3| RegexData.cc(50) match: checking



'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.c

om/linux/ubuntu/dists/jammy/InRelease']

2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: no_cache = 0
2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: cache#1 = 0
2024/07/09 23:35:40.126 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'10.2.59.102:56466'

found

2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: cache#2 = 1
2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: cache = 1
2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(62) markFinished: 0x5c3ba41552d8

answer

ALLOWED for match

2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(162) checkCallback:

ACLChecklist::checkCallback: 0x5c3ba41552d8 answer=ALLOWED

2024/07/09 23:35:40.126 kid1| 85,3| client_side_request.cc(116) ~ClientRequestContext:

ClientRequestContext destructed, this=0x5c3ba4154e78

2024/07/09 23:35:40.126 kid1| 83,3| client_side_request.cc(1855) doCallouts: calling

processRequest()

2024/07/09 23:35:40.126 kid1| 87,3| clientStream.cc(178) clientStreamRead:

clientStreamRead: Calling 1 with cbdata 0x5c3ba4153e70 from node 0x5c3ba4154308

2024/07/09 23:35:40.126 kid1| 73,3| HttpRequest.cc(742) storeId: sent back

effectiveRequestUrl:


https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.126 kid1| 20,3| Controller.cc(429) peek:

DE850794EBC405A27A7718F51795E32A

2024/07/09 23:35:40.126 kid1| 73,3| HttpRequest.cc(742) storeId: sent back

effectiveRequestUrl:


https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.126 kid1| 20,3| Controller.cc(429) peek:

D3522EE27FB0ED7004DD594AF7674667

2024/07/09 23:35:40.126 kid1| 85,3| client_side_reply.cc(1523) identifyFoundObject:

StoreEntry is NULL - MISS

2024/07/09 23:35:40.126 kid1| 20,3| store.cc(730) storeCreatePureEntry:

storeCreateEntry:


'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.c

om/linux/ubuntu/dists/jammy/InRelease']

2024/07/09 23:35:40.126 kid1| 20,3| MemObject.cc(99) MemObject: MemObject constructed,

this=0x5c3ba416ef10

2024/07/09 23:35:40.126 kid1| 88,3| MemObject.cc(82) setUris: 0x5c3ba416ef10 storeId:



https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.126 kid1| 20,3| store.cc(434) lock: storeCreateEntry locked key

[null_store_key] e:=V/0x5c3ba416ee90*1

2024/07/09 23:35:40.126 kid1| 20,3| store.cc(536) setPrivateKey: 00

e:=V/0x5c3ba416ee90*1

2024/07/09 23:35:40.126 kid1| 20,3| store.cc(412) hashInsert: StoreEntry::hashInsert:

Inserting Entry e:=IV/0x5c3ba416ee90*1 key '020000000000000061AF070001000000'

2024/07/09 23:35:40.126 kid1| 20,3| store.cc(434) lock: store_client locked key

020000000000000061AF070001000000 e:=IV/0x5c3ba416ee90*2

2024/07/09 23:35:40.126 kid1| 90,3| store_client.cc(243) copy: store_client::copy:

020000000000000061AF070001000000, from 0, for length 4096, cb 1, cbdata 0x5c3ba4152dd8

2024/07/09 23:35:40.126 kid1| 20,3| store.cc(434) lock: store_client::copy locked key

020000000000000061AF070001000000 e:=IV/0x5c3ba416ee90*3

2024/07/09 23:35:40.126 kid1| 90,3| store_client.cc(343) storeClientCopy2:

storeClientCopy2: 020000000000000061AF070001000000

2024/07/09 23:35:40.126 kid1| 90,3| store_client.cc(390) doCopy: store_client::doCopy:

Waiting for more

2024/07/09 23:35:40.126 kid1| 20,3| store.cc(457) unlock: store_client::copy unlocking

key 020000000000000061AF070001000000 e:=IV/0x5c3ba416ee90*3

2024/07/09 23:35:40.126 kid1| 17,3| FwdState.cc(373) Start:



'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.c

om/linux/ubuntu/dists/jammy/InRelease']

2024/07/09 23:35:40.126 kid1| 17,2| FwdState.cc(133) FwdState: Forwarding client

request

conn9 local=10.2.59.103:8000 remote=10.2.59.102:56466 FD 15 flags=1,


url=https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker

.com/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.126 kid1| 20,3| store.cc(434) lock: FwdState locked key

020000000000000061AF070001000000 e:=IV/0x5c3ba416ee90*3

2024/07/09 23:35:40.126 kid1| 17,3| FwdState.cc(140) FwdState: FwdState constructed,

this=0x5c3ba416fa18

2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(309) peerSelect:

e:=IV/0x5c3ba416ee90*3


https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.126 kid1| 20,3| store.cc(434) lock: peerSelect locked key

020000000000000061AF070001000000 e:=IV/0x5c3ba416ee90*4

2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(612) selectMore: HEAD

download.docker.com

2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(626) selectMore: direct =

DIRECT_UNKNOWN (never_direct to be checked)

2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(69) preCheck: 0x5c3ba4170638 checking

slow rules

2024/07/09 23:35:40.126 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:

'10.2.59.102:56466'

found

2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: never_direct#1 = 1
2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: never_direct = 1
2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(62) markFinished: 0x5c3ba4170638

answer

ALLOWED for match

2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(162) checkCallback:

ACLChecklist::checkCallback: 0x5c3ba4170638 answer=ALLOWED

2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(345) checkNeverDirectDone: ALLOWED
2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(351) checkNeverDirectDone: direct =

DIRECT_NO (never_direct allow)

2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(612) selectMore: HEAD

download.docker.com

2024/07/09 23:35:40.126 kid1| 14,3| ipcache.cc(732) ipcache_gethostbyname:

ipcache_gethostbyname: 'download.docker.com', flags=0

2024/07/09 23:35:40.126 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP

'download.docker.com': Name or service not known

2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(286) peerSelectIcpPing:



https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.126 kid1| 15,3| neighbors.cc(283) neighborsCount: neighborsCount:

0

2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(297) peerSelectIcpPing: counted 0

neighbors

2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(833) selectSomeParent: HEAD

download.docker.com

2024/07/09 23:35:40.126 kid1| 15,3| neighbors.cc(350) getRoundRobinParent: returning

[nil]

2024/07/09 23:35:40.126 kid1| 15,3| neighbors.cc(403) getWeightedRoundRobinParent:

returning [nil]

2024/07/09 23:35:40.126 kid1| 15,3| neighbors.cc(309) getFirstUpParent: returning

212.89.128.96

2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(1102) addSelection: adding

FIRSTUP_PARENT/212.89.128.96

2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(1095) addSelection: skipping

ANY_OLD_PARENT/212.89.128.96; have FIRSTUP_PARENT/212.89.128.96

2024/07/09 23:35:40.126 kid1| 15,3| neighbors.cc(493) getDefaultParent: returning

212.89.128.96

2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(1095) addSelection: skipping

DEFAULT_PARENT/212.89.128.96; have FIRSTUP_PARENT/212.89.128.96

2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(460) resolveSelected: Find IP

destination for:


https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.co

m/linux/ubuntu/dists/jammy/InRelease'] via 212.89.128.96

2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector1

found

conn12 local=0.0.0.0 remote=212.89.128.96:3128 FIRSTUP_PARENT flags=1, destination #1

for



https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =

DENIED

2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =

ALLOWED

2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
2024/07/09 23:35:40.126 kid1| 17,3| FwdState.cc(610) noteDestination: conn12

local=0.0.0.0 remote=212.89.128.96:3128 FIRSTUP_PARENT flags=1

2024/07/09 23:35:40.126 kid1| 17,3| FwdState.cc(1124) connectStart: 1+ paths to



https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(479) resolveSelected: PeerSelector1

found all 1 destinations for


https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(480) resolveSelected: always_direct

=

DENIED

2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(481) resolveSelected: never_direct

=

ALLOWED

2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(482) resolveSelected: timedout = 0
2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(241) ~PeerSelector:



https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.126 kid1| 20,3| store.cc(457) unlock: peerSelect unlocking key

020000000000000061AF070001000000 e:=p2IV/0x5c3ba416ee90*4

2024/07/09 23:35:40.126 kid1| 48,3| pconn.cc(474) popStored: lookup for key

{212.89.128.96:3128} failed.

2024/07/09 23:35:40.126 kid1| 17,3| FwdState.cc(1568) GetMarkingsToServer: from

0.0.0.0

tos 0 netfilter mark 0

2024/07/09 23:35:40.126 kid1| 5,3| ConnOpener.cc(42) ConnOpener: will connect to

conn14

local=0.0.0.0 remote=212.89.128.96:3128 FIRSTUP_PARENT flags=1 with 30 timeout

2024/07/09 23:35:40.126 kid1| 50,3| comm.cc(378) comm_openex: comm_openex: Attempt

open

socket for: 0.0.0.0

2024/07/09 23:35:40.126 kid1| 50,3| comm.cc(420) comm_openex: comm_openex: Opened

socket

conn15 local=0.0.0.0 remote=[::] FD 19 flags=1 : family=2, type=1, protocol=6

2024/07/09 23:35:40.126 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 19
2024/07/09 23:35:40.126 kid1| 5,3| ConnOpener.cc(312) createFd: conn14 local=0.0.0.0

remote=212.89.128.96:3128 FIRSTUP_PARENT flags=1 will timeout in 30

2024/07/09 23:35:40.127 kid1| 17,3| FwdState.cc(1197) dispatch: conn9

local=10.2.59.103:8000 remote=10.2.59.102:56466 FD 15 flags=1: Fetching HEAD


https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.127 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP

'download.docker.com': Name or service not known

2024/07/09 23:35:40.127 kid1| 78,3| dns_internal.cc(1793) idnsALookup: idnsALookup:

buf

is 37 bytes for download.docker.com, id = 0xe779

2024/07/09 23:35:40.127 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:

Attempt to send UDP packet to 127.0.0.53:53 using FD 11 using Port 54280

2024/07/09 23:35:40.127 kid1| 78,3| dns_internal.cc(1729) idnsSendSlaveAAAAQuery: buf

is

37 bytes for download.docker.com, id = 0x8aee

2024/07/09 23:35:40.127 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:

Attempt to send UDP packet to 127.0.0.53:53 using FD 11 using Port 54280

2024/07/09 23:35:40.127 kid1| 11,3| http.cc(2516) httpStart: HEAD



https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.127 kid1| 20,3| store.cc(434) lock: Client locked key

020000000000000061AF070001000000 e:=p2IV/0x5c3ba416ee90*4

2024/07/09 23:35:40.127 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn14

local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1 timeout
86400

2024/07/09 23:35:40.127 kid1| 22,3| refresh.cc(636) getMaxAge: getMaxAge:



'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.c

om/linux/ubuntu/dists/jammy/InRelease']

2024/07/09 23:35:40.127 kid1| 11,2| http.cc(2472) sendRequest: HTTP Server conn14

local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1

2024/07/09 23:35:40.127 kid1| 11,2| http.cc(2473) sendRequest: HTTP Server REQUEST:
---------
HEAD



https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease] HTTP/1.1

Host: download.docker.com
User-Agent: curl/7.81.0
Accept: */*
Via: 1.1 pkg-proxy (squid/6.6)
X-Forwarded-For: 10.2.59.102
Cache-Control: max-age=0
Connection: keep-alive


----------
2024/07/09 23:35:40.127 kid1| 5,3| IoCallback.cc(112) finish: called for conn14

local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1 (0, 0)

2024/07/09 23:35:40.127 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn14

local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1 timeout

900

2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1319) idnsRead: idnsRead: starting

with FD 11

2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1365) idnsRead: idnsRead: FD 11:

received 304 bytes from 127.0.0.53:53

2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1172) idnsGrokReply:

idnsGrokReply:

QID 0x8aee, 9 answers

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(480) ipcacheParse: 9 answers for

download.docker.com

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #1

[2600:9000:2490:6c00:3:db06:4200:93a1]

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #2

[2600:9000:2490:a600:3:db06:4200:93a1]

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #3

[2600:9000:2490:9c00:3:db06:4200:93a1]

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #4

[2600:9000:2490:6000:3:db06:4200:93a1]

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #5

[2600:9000:2490:c00:3:db06:4200:93a1]

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #6

[2600:9000:2490:5200:3:db06:4200:93a1]

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #7

[2600:9000:2490:9a00:3:db06:4200:93a1]

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #8

[2600:9000:2490:2c00:3:db06:4200:93a1]

2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1319) idnsRead: idnsRead: starting

with FD 11

2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1365) idnsRead: idnsRead: FD 11:

received 144 bytes from 127.0.0.53:53

2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1172) idnsGrokReply:

idnsGrokReply:

QID 0xe779, 5 answers

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(480) ipcacheParse: 5 answers for

download.docker.com

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #9

108.138.7.33

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #10

108.138.7.18

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #11

108.138.7.88

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #12

108.138.7.48

2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(586) ipcacheHandleReply: done with

download.docker.com: [2600:9000:2490:6c00:3:db06:4200:93a1] #1/12-0

2024/07/09 23:35:40.137 kid1| 38,3| net_db.cc(337) netdbSendPing: netdbSendPing:

pinging

download.docker.com

2024/07/09 23:35:40.137 kid1| 37,2| IcmpSquid.cc(88) SendEcho: to

[2600:9000:2490:6c00:3:db06:4200:93a1], opcode 3, len 19

2024/07/09 23:35:40.137 pinger| 42,2| IcmpPinger.cc(198) Recv: Pass

[2600:9000:2490:6c00:3:db06:4200:93a1] off to ICMPv6 module.

2024/07/09 23:35:40 pinger| SendEcho ERROR: sending to ICMPv6 packet to

[2600:9000:2490:6c00:3:db06:4200:93a1]: (101) Network is unreachable

2024/07/09 23:35:40.138 pinger| 42,2| Icmp.cc(90) Log: pingerLog: 1720560940.138021

[2600:9000:2490:6c00:3:db06:4200:93a1] 0

2024/07/09 23:35:40.323 kid1| 5,3| IoCallback.cc(112) finish: called for conn14

local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1 (0, 0)

2024/07/09 23:35:40.324 kid1| 5,3| Read.cc(93) ReadNow: conn14 local=10.2.59.103:39370

remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1, size 65536, retval 348, errno 0

2024/07/09 23:35:40.324 kid1| 11,3| http.cc(649) processReplyHeader:

processReplyHeader:

key '020000000000000061AF070001000000'

2024/07/09 23:35:40.324 kid1| 11,2| http.cc(696) processReplyHeader: HTTP Server

conn14

local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1

2024/07/09 23:35:40.324 kid1| 11,2| http.cc(697) processReplyHeader: HTTP Server

RESPONSE:

---------
HTTP/1.1 503 Service Unavailable
Server: squid/4.10
Mime-Version: 1.0
Date: Tue, 09 Jul 2024 21:35:40 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3879
X-Squid-Error: ERR_SECURE_CONNECT_FAIL 71
X-Cache: MISS from proxy-srv2
X-Cache-Lookup: MISS from proxy-srv2:3128
Via: 1.1 proxy-srv2 (squid/4.10)
Connection: keep-alive

----------
2024/07/09 23:35:40.324 kid1| 83,3| AccessCheck.cc(42) Start: adaptation off, skipping
2024/07/09 23:35:40.324 kid1| 20,3| store.cc(1693) replaceHttpReply:

StoreEntry::replaceHttpReply:


https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com

/linux/ubuntu/dists/jammy/InRelease]

2024/07/09 23:35:40.324 kid1| 11,3| http.cc(949) haveParsedReplyHeaders: HTTP CODE:

503


Has anybody an idea what I can do to solve the issue?

This is my configuration borrowed from squid-deb-proxy:

# this file contains private networks (10.0.0.0/8, 172.16.0.0/12,
# 192.168.0.0/16) by default, you can add/remove additional allowed
# source networks in it to customize it for your setup
acl src_networks src "/etc/squid/acl/src-networks.acl"

# this file contains the archive mirrors by default,
# if you use a different mirror, add it there
acl to_archive_mirrors dstdomain "/etc/squid/acl/archive-mirrors.acl"

# Disable Cache for defined domains
acl no_cache url_regex "/etc/squid/acl/no-cache.acl"

# this contains the package blacklist
acl blockedpkgs urlpath_regex "/etc/squid/pkg-blacklist-regexp.acl"

# default to a different port than stock squid
http_port 8000

# -------------------------------------------------
# settings below probably do not need customization

# user visible name
visible_hostname pkg-proxy

# we need a big cache, some debs are huge
maximum_object_size 512 MB

# use a different dir than stock squid and default to 40G
cache_dir aufs /var/cache/squid 40000 16 256

cache_peer 212.89.128.96 parent 3128 0 no-query default
never_direct allow all

# use different logs
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

# tweaks to speed things up
cache_mem 200 MB
maximum_object_size_in_memory 10240 KB

# pid
pid_filename /var/run/squid.pid

# refresh pattern for debs and udebs
refresh_pattern deb$ 129600 100% 129600
refresh_pattern udeb$ 129600 100% 129600
refresh_pattern tar.gz$ 129600 100% 129600
refresh_pattern tar.xz$ 129600 100% 129600
refresh_pattern tar.bz2$ 129600 100% 129600

# always refresh Packages and Release files
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims

# handle meta-release and changelogs.ubuntu.com special
# (fine to have this on debian too)
refresh_pattern changelogs.ubuntu.com\/.* 0 1% 1

# only allow connects to ports for http, https
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 443 563

# only allow ports we trust
http_access deny !Safe_ports

# do not allow to download from the pkg blacklist
http_access deny blockedpkgs

# allow access only to official archive mirrors
# uncomment the third and fouth line to permit any unlisted domain
http_access deny !to_archive_mirrors

# allow access from our network and localhost
http_access allow src_networks

# And finally deny all other access to this proxy
http_access deny all

# don't cache domains not listed in the mirrors file
# uncomment the third and fourth line to cache any unlisted domains
cache deny no_cache

# And finally cache everything else
cache allow all

url_rewrite_children 3 startup=0 idle=1 concurrency=1
url_rewrite_program /usr/lib/squid/jesred

debug_options ALL,3

Thanks a lot.

Regards,
Christoph
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users




_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux