From:
Ben Toms <ben@xxxxxxxxxxx>
Date: Friday, 12 July 2024 at 17:56
To: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>, squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: TCP_MISS_ABORTED/502
So, with the below config:
https_port 443 accel protocol=HTTPS tls-cert=/usr/local/squid/client.pem tls-key=/usr/local/squid/client.key
cache_peer public.server.fqdn parent 443 0 no-query originserver no-digest no-netdb-exchange tls login=PASSTHRU name=myAccel forceddomain=public.server.fqdn
acl our_sites dstdomain local.server.fqdn
http_access allow our_sites
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all
cache_dir ufs /usr/local/squid/var/cache 100000 16 256
cache_mem 500 MB
maximum_object_size_in_memory 50000 KB
refresh_pattern . 0 20% 4320
debug_options 11,2
I can see the below in /var/log/squid/cache.log
----------
2024/07/12 16:49:57.056 kid1| 11,2| http.cc(1263) readReply: conn12 local=client.ip:56670 remote=public.ip.of.public.server:443 FIRSTUP_PARENT FD 14 flags=1: read failure: (0) No error.
2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(273) sendStartOfMessage: HTTP Client conn9 local=client.ip:443 remote=local.server.ip:59158 FD 13 flags=1
2024/07/12 16:49:57.056 kid1| 11,2| Stream.cc(274) sendStartOfMessage: HTTP Client REPLY:
---------
HTTP/1.1 502 Bad Gateway
Server: squid/6.6
Mime-Version: 1.0
Date: Fri, 12 Jul 2024 16:49:57 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3629
X-Squid-Error: ERR_READ_ERROR 0
Vary: Accept-Language
Content-Language: en
Cache-Status: local.server;detail=mismatch
Via: 1.1 local.server (squid/6.6)
Connection: keep-alive
----------
The apache server still shows a 200 for the request:
[12/Jul/2024:17:49:57 +0100] "GET /path/to/file HTTP/1.1" 200 10465 "-" "curl/8.7.1"
And this is when testing via:
curl -D -
https://local.server.fqdn/path/to/file -H "Authorization: Basic base64auth" -o /dev/null
Regards,
Ben.
From:
Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Friday, 12 July 2024 at 17:36
To: Ben Toms <ben@xxxxxxxxxxx>, squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: TCP_MISS_ABORTED/502
On 2024-07-12 12:14, Ben Toms wrote:
> Which log should those be found?
cache.log (if they are present)
> Can’t see “HTTP Server RESPONSE” in the access.log or cache.log.
Sigh. This is one of the reasons I avoid asking folks to study logs
themselves, even ALL,2 logs...
If that line is not in cache.log, then child Squid probably did not
receive a response from parent Squid, or could not parse that response.
A full debugging log should give us more information.
Alex.
> *From: *squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on
> behalf of Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
> *Date: *Friday, 12 July 2024 at 17:11
> *To: *squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx>
> *Subject: *Re: TCP_MISS_ABORTED/502
>
> On 2024-07-12 11:38, Ben Toms wrote:
>> Think I made the changes Alex requested:
>>
>> 12/Jul/2024:15:36:31 +0000.640 local.server.ip TCP_MISS_ABORTED/502 3974
>> GET https://local.server.fqdn/path/to/file
> <https://local.server.fqdn/path/to/file> -
>> FIRSTUP_PARENT/public.ip.of.public.server text/html
>> ERR_READ_ERROR/WITH_SERVER
>
> Thank you for using Squid v6 for this test.
>
> Unfortunately, due to Squid logging bugs, ERR_READ_ERROR/WITH_SERVER
> does not always mean what it says. For example, parent Squid could have
> closed the child-parent connection prematurely, but there could be other
> reasons. A full debugging log should give us more information.
>
>
>> 2024/07/12 14:57:08.678 kid1| 11,2| Stream.cc(274) sendStartOfMessage:
>> HTTP Client REPLY:
>
> This is a child proxy response to the client. We need parent response to
> the child proxy. Look for "HTTP Server RESPONSE" lines instead.
>
>
> HTH,
>
> Alex.
>
>
>
>> ---------
>>
>> HTTP/1.1 502 Bad Gateway
>>
>> Server: squid/6.6
>>
>> Mime-Version: 1.0
>>
>> Date: Fri, 12 Jul 2024 14:57:08 GMT
>>
>> Content-Type: text/html;charset=utf-8
>>
>> Content-Length: 3629
>>
>> X-Squid-Error: ERR_READ_ERROR 0
>>
>> Vary: Accept-Language
>>
>> Content-Language: en
>>
>> Cache-Status: squid.host;detail=mismatch
>>
>> Via: 1.1 squid.host (squid/6.6)
>>
>> Connection: keep-alive
>>
>> ----------
>>
>> Regards,
>>
>> Ben.
>>
>> *From: *squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on
>> behalf of Amos Jeffries <squid3@xxxxxxxxxxxxx>
>> *Date: *Friday, 12 July 2024 at 15:22
>> *To: *squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx>
>> *Subject: *Re: TCP_MISS_ABORTED/502
>>
>>
>> On 13/07/24 01:52, Alex Rousskov wrote:
>>> On 2024-07-12 08:06, Ben Toms wrote:
>>>> Seems that my issue is similar to -
>>>>
https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>
<https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication <https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication>>
>>>
>>> You are facing up to two problems:
>>>
>>> 1. Some authenticated responses are not cachable by Squid. Please share
>>> HTTP headers of the response in question.
>>>
>>
>> FYI, those can be obtained by configuring squid.conf with
>>
>> debug_options 11,2
>>
>>
>> Cheers
>> Amos
>>
>>
>>> 2. TCP_MISS_ABORTED/502 errors may delete a being-cached response. These
>>> can be bogus errors (essentially Squid logging bugs) or real ones (e.g.,
>>> due to communication bugs, misconfiguration, or compatibility problems).
>>> I recommend adding %err_code/%err_detail to your logformat and sharing
>>> the corresponding access.log lines (obfuscated as needed).
>>>
>>> Sharing (privately if needed) a pointer to compressed ALL,9 cache.log
>>> while reproducing the issue using a single transaction may help us
>>> resolve all the unknowns:
>>>
>>>
https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction <https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction>
<https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction <https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction>>
>>>
>>>
>>> HTH,
>>>
>>> Alex.
>>>
>>>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>> https://lists.squid-cache.org/listinfo/squid-users
> <https://lists.squid-cache.org/listinfo/squid-users>
>> <https://lists.squid-cache.org/listinfo/squid-users
> <https://lists.squid-cache.org/listinfo/squid-users>>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>> https://lists.squid-cache.org/listinfo/squid-users
> <https://lists.squid-cache.org/listinfo/squid-users>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.squid-cache.org/listinfo/squid-users
> <https://lists.squid-cache.org/listinfo/squid-users>
>