Re: [squid-users] acl-specific http_port

On 28 Mar, Henrik Nordstrom wrote:
= > Thanks, I think, I'm getting there. Here is what I did:
= >
= > http_port 80 # To be the only one :)
= > httpd_accel_host virtual # We need to support multipl vhosts
=
= So you have multiple IP addresses where Squid listens, and a redirector
= to take care of rewriting these to the correct domain(s)?

Well, squid is listening on the normail IP and on localhost. Ports 80 and
3128.
 
= Are you sure you are not looking for httpd_accel_uses_host_header here?
= (most people are, but confuse the two).

May be, but either one should work, right?
 
= > httpd_accel_port 8015 # This is where one of servers listens;
= > # this server will NOT grok hostname in
= > # the request, BTW
= > httpd_accel_with_proxy on # We need this too
=
= Then be very careful with your http_access rules to not open up the
= proxy to the world...

Yeah, I'll tighten it up later. I just want to get it working first.
 
= > acl S urlpath_regex ^/dufus/|^/$ # Only the URLs, which start
= > # with /dufus/ or the main page (/)
= > cache_peer localhost parent 8000 0 no-query # Apache listens on localhost:8000
= > never_direct allow S # Never fetch /dufus/ and / directly
= > cache_peer_access localhost allow S
= > cache_peer_access localhost deny !S
=
= The last cache_peer_access line is not strictly needed, or should read
= cache_peer_access localhost deny all

Ok.

But it does not work :( Even though the for the URLs that match, the
request goes to the 8015 (directly) instead of the special "parent". I
set the debug_options to 44,10 (how do I add 72 to the mix, BTW?). And
here is the log snippet:

2001/03/29 18:29:28| peerSelect: http://image2.privatelabs.com/dufus
2001/03/29 18:29:28| peerSelectFoo: 'GET image2.privatelabs.com'
2001/03/29 18:29:28| peerCheckNeverDirectDone: 1
2001/03/29 18:29:28| peerSelectFoo: 'GET image2.privatelabs.com'
2001/03/29 18:29:28| peerSelectFoo: direct = DIRECT_NO
2001/03/29 18:29:28| peerSelectIcpPing: http://image2.privatelabs.com/dufus
2001/03/29 18:29:28| peerSelectIcpPing: counted 0 neighbors
2001/03/29 18:29:28| peerGetSomeParent: GET image2.privatelabs.com
2001/03/29 18:29:28| peerSelect: FIRST_UP_PARENT/localhost
2001/03/29 18:29:28| peerAddFwdServer: adding localhost FIRST_UP_PARENT
2001/03/29 18:29:28| peerSelectCallback: http://image2.privatelabs.com/dufus
2001/03/29 18:29:28| peerSelect: http://localhost:8000/squid-internal-periodic/store_digest
2001/03/29 18:29:28| peerSelectFoo: 'GET localhost'
2001/03/29 18:29:28| peerCheckNeverDirectDone: 0
2001/03/29 18:29:28| peerSelectFoo: 'GET localhost'
2001/03/29 18:29:28| peerSelectFoo: direct = DIRECT_MAYBE
2001/03/29 18:29:28| peerSelectIcpPing: http://localhost:8000/squid-internal-periodic/store_digest
2001/03/29 18:29:28| peerAddFwdServer: adding DIRECT DIRECT
2001/03/29 18:29:28| peerGetSomeParent: GET localhost
2001/03/29 18:29:28| peerSelectCallback: http://localhost:8000/squid-internal-periodic/store_digest

So it recognises the localhost:8000 as a first (and only) parent, but
for some reason does not want to talk to it :( Is that because the host
being accelerated is the same one but with port 8015?
 
= > This seems to be working, except that squid responds with
= > ERR_DNS_FAIL for its own hostname. A simple nslookup on the
= > same machine resolves it perfectly, and it is also listed in
= > /etc/hosts (with 127.0.0.1 IP). Any ideas? It was working fine as an
= > accelerator for just Apache before...

= No idea. Which Squid version are you using, with internal or external
= (dnsserver) DNS client implementation?

Internal. I think, I know what triggers this. For some reason, it just
keeps on hitting the same web-server (the tclhttpd on port 8015) even
though the URL matches the S acl. The server issues redirections to port
80, which are supposed to hit Apache but don't. So redirections
accumulate, which kicks squid off-balance.

Thanks a lot for your help!

        -mi
Received on Thu Mar 29 2001 - 16:46:54 MST