RE: [squid-users] Squid 3.0 PRE3 in accellerator mode

Found another reference in cache.log FYI..

==> ../var/logs/cache.log <==
2006/06/16 12:09:11| Failed to select source for
'https://www.servername.com.au/'
2006/06/16 12:09:11| always_direct = 0
2006/06/16 12:09:11| never_direct = 0
2006/06/16 12:09:11| timedout = 0

--
Kevin Withnall
ILB Computing
PH: 02 4227 0001 Mobile: 0412 453 846
FAX: 02 4227 0081
http://kevin.withnall.com/
 
> -----Original Message-----
> From: Kevin Withnall [mailto:kevin@ilb.com.au] 
> Sent: Friday, 16 June 2006 11:42 AM
> To: Henrik Nordstrom
> Cc: squid-users@squid-cache.org
> Subject: RE: [squid-users] Squid 3.0 PRE3 in accellerator mode
> 
> Heres my cache_peer line..
> 
> cache_peer www.servername.com.au parent 443 443 ssl originserver
> 
> Currently the world DNS points at 1.1.1.1 and the cache proxy 
> is on 2.2.2.2
> 
> Ive manually changed a workstation hosts file to point at 
> 2.2.2.2 for that
> domain name.
> 
> I can https access the server so I think the https_port is 
> right. Here it
> is...
> 
> https_port 443 cert=/usr/local/squid/etc/server.cert.pem
> key=/usr/local/squid/etc/server.key.pem vhost
> 
> So, what I think will happen is the squid 3.0PRE3 will look 
> at the headers
> and decide to use the cache_peer line based on the server 
> name. is that
> correct ?
> 
> What im after is a way to transparently put this accelerated 
> server inside
> my network (possibly by port redirection, or by DNSing the 
> cache and giving
> it overriding hosts entries on the cache box to know about 
> the real server)
> 
> As per your request, heres the access log...
> 192.168.1.177 - - [16/Jun/2006 11:36:51] "GET 
> https://www.servername.com.au/
> HTTP/1.1" 503 2776 "-" "Mozilla/5.0 (Windows; U; Windows NT 
> 5.1; en-US;
> rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4" TCP_MISS:TIMEOUT_NONE
> 
> I also have 
> 
> 2006/06/16 11:36:51| fwdNegotiateSSL: Error negotiating SSL 
> connection on FD
> 14: error:14090086:SSL 
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed (1/-1)
> 2006/06/16 11:36:51| TCP connection to 
> www.servername.com.au/443 failed
> 
> In the stdout for squid (running in non daemon mode)
> 
> Thanks.
> 
> 
> 
> --
> Kevin Withnall
> ILB Computing
> PH: 02 4227 0001 Mobile: 0412 453 846
> FAX: 02 4227 0081
> http://kevin.withnall.com/
> 
>  
> 
> > -----Original Message-----
> > From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net] 
> > Sent: Sunday, 11 June 2006 10:00 PM
> > To: Kevin Withnall
> > Cc: squid-users@squid-cache.org
> > Subject: Re: [squid-users] Squid 3.0 PRE3 in accellerator mode
> > 
> > sön 2006-06-11 klockan 11:50 +1000 skrev Kevin Withnall:
> > 
> > > Ive setup squid 3.0 PRE3 to accelerate them and can connect 
> > to the squid
> > > proxy on https and I have it looking at the vhost headers 
> > to talk to the
> > > back end servers.
> > > 
> > > What doesn't seem to be working is the https connection to 
> > the back end
> > > and, unless I set always_direct, it won't connect to the 'origin'
> > > server. Are there any docs or similar I should be looking 
> > at or should I
> > > post some config file extracts here ?
> > 
> > SSL to the backend should be supported.. what does access.log say?
> > 
> > Regarding always_direct: In Squid-2.6 and 3.0 accelerators is 
> > configured
> > using the cache_peer directive. This is mentioned in the 
> > release notes.
> > 
> > Regards
> > Henrik
> > 
>