[PATCH] part 1: cachemgr style updates

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 24 Jun 2011 22:26:22 +1200

On 28/01/11 00:20, Amos Jeffries wrote:
> I've been looking way ahead and considering the design changes we would
> need to upgrade the cachemgr reports to browsable HTML content. Stuff
> beyond the simple table conversion currently done by cachmgr.cgi.
>
> This will all depend on the internal server feature completion, as well
> as the visible_hostname / unique_hostname reworking. So will be 3.3
> release at the earliest.
>
>
> Access:
>
> * via http://$visible_hostname/ or http://$unique_hostname/ requests
> intercepted by the internal server feature. Also https:// if SSL/TLS
> available.

The attached patch implements this first step of the manager upgrade.

In order to safely identify the manager reports the path prefix
/squid-internal-mgr/ is added. The same old cache_oject:// scheme format
paths follow that identifier prefix.

  To retrieve pages the proxy visible_hostname, management port (first
forward-proxy port), and the path prefix must all be present in the URL.
   NP: it seems unique_hostname does not pass /squid-internal-* prefix
tests. So that is dropped for now.

  The "manager" ACL is altered to url_regex in order to match the new
protocol+path URL syntax.

  Unlike the cache_object:// scheme, http[s]:// do not accept password
as part of the URL. If one is needed it must be sent via the HTTP
Authorization: Basic authentication header.
  NP: use of this per-action password is not secure and should be
avoided. Stronger security can be gained via http_access with regular
proxy_auth and other ACLs.

FUTURE WORK:

  * drop the cachemgr_passwd directive and the weak security system
involved with it.

>
> Formats and Encoding:
>
> We will have to support the old cachemgr.cgi and squidclient requests
> for some time. Which means we will have to support multiple output
> formats in the cachemgr reports.
>
> * register the output types supported by the component as a parameter
> during the registration action. So we can specify TXT, HTML, XML or any
> other file formats which the report can be delivered in. Default to
> start with just being TXT.
>
> * Using the URL filename portion to encode the type of report.
> Alternative content formatting would appear under /.../action.html or
> /.../action.xml etc.
> The old API just requests /.../action as the path. So this can be mapped
> to produce the old TXT format also available as /.../action.txt.
> ** as a bonus "squidclient mgr:action.txt" could be requested already.
> Making that interface somewhat forward-compatible.
> ** cachemgr.cgi is obsolete with this feature so does not matter.
>
> Nothing unusual there from the user perspective. I hope.
>
>
> Navigation display:
>
> * placing the "menu" report permanently off to one side of each page for
> quick linking in HTML format.
>
> * some type of group or category as part of the component report
> registration.
> This would be used to produce the side menu in a short form with
> expandable groups.
>
> * URL linking for configured non-origin peers to their cachemgr pages.
> Thus forming a navigable hierarchy "website" for managing clusters.
> Similar report for workers in SMP mode, with additional URL details to
> specify individual worker reports where appropriate.
>
>

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.9 and 3.1.12.3

Received on Fri Jun 24 2011 - 10:26:31 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 24 2011 - 12:00:05 MDT