Re: [squid-users] Reverse Proxy

Mario Almeida wrote:
> Hi,
> After adding the below option
>
> always_direct allow all
>

prevent peer being used?

An error there is kind of expected if the peer is not listening on port
80 for web traffic.

Amos

> I get a different error
>
> The following error was encountered:
>
> * Connection to 172.27.1.10 Failed
>
> The system returned:
>
> (111) Connection refused
>
> The remote host or network may be down. Please try the request again.
>
> Your cache administrator is root.
>
> Regards,
> Mario
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Wednesday, August 20, 2008 10:14 AM
> To: Chris Robertson
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Reverse Proxy
>
> Chris Robertson wrote:
>> Mario Almeida wrote:
>>> Hi All,
>>>
>>> Below is the setting I have done to test a reverse proxy
>>>
>>> http_port 3128 accel defaultsite=xyz.example.com vhost
>>>
>>> cache_peer 172.27.1.10 parent 8080 0 no-query originserver name=server1
>>> acl server1_acl dstdomain www.xyz.example.com xyz.example.com
>>> cache_peer_access server1 allow server1_acl
>>> cache_peer_access server1 deny all
>>>
>>> But could not get it done
>>> Bellow is the error message what I get
>>>
>>>
>>> ERROR
>>> The requested URL could not be retrieved
>>>
>>> While trying to retrieve the URL: http:// xyz.example.com /
>>>
>>> The following error was encountered:
>>>
>>> * Unable to forward this request at this time.
>>> This request could not be forwarded to the origin server or to any parent
>>> caches. The most likely cause for this error is that:
>>>
>>> * The cache administrator does not allow this cache to make direct
>>> connections to origin servers, and
>>>
>> This seems unlikely given the cache_peer_access line, so...
>>
>>> * All configured parent caches are currently unreachable.
>> This is far more likely the issue at hand. Check your cache.log for any
>> clues. Verify you have the right IP and port for your parent server,
>> and that there are no firewall rules preventing access. Try using wget
>> or Lynx on your Squid server to grab a page off the origin server.
>>
>>> Your cache administrator is root.
>>>
>>>
>>>
>>> Regards,
>>> Remy
>>>
>> Chris
>
> There is also a weird side-case rarely seen with dstdomain thst needs
> checking here.
>
> Mario:
> does it work if you change the ACL line to:
> acl server1_acl dstdomain .xyz.example.com
>
> If not, check your config for lines mentioning always_direct or
> never_direct, and the network linkage between test proxy and web server
> as mentioned by Chris.
>
> Amos
Received on Thu Aug 21 2008 - 10:00:22 MDT