RE: [squid-users] Fedora

Attached is what I get in my cache.log file

When I try http://10.2.0.180/images/icon/test.jpg I am not getting

The image from http://10.2.0.140/images/icon/test.jpg

I get a page cannot be displayed message.

Thanks for your help I think we are getting closer

Gustavo -----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Thursday, September 18, 2008 11:52 PM
To: Gustavo Lazarte
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Fedora

Gustavo Lazarte wrote:
> Still doesn't work but I think to know why
>
> IP of my Squid proxy-cache server is 10.2.0.180 (where the configuration goes)
> We will never use this server as a proxy going outbound
>
> # for the datacenter to use as regular proxy
> http_port 3128 ##should I take this out?

maybe, that was only three for the datacenter you said wanted to use it
as a regular proxy.

>
> Cache_peer 10.2.0.140 no-query name=imgserver-> 10.2.0.140 is the IP of the webserver I am getting the images from, just to make sure you know
>

Yes.

> Acl imgdomain dstdomain <your-images-server-domain> -->that will be the 10.2.0.140 server, I cannot use domain name since there is no DNS resolution on the test network
>

Okay, dstdomain is a text match. against whatever the URL and Host:
header contains in requests.

Sounds like you need it to be "10.2.0.140" to test with:
   http://10.2.0.140/my-image.gif

or set:
   http_port ... defaultsite=<images-serverdomain-name>

> Then add the rest of your lines
> http_port 80 accel vhost
> cache_peer 10.2.0.140 80 0 no-query name=imgserver
> acl imgdomains dstdomain <your-images-server-domain>
> cache_peer_access imgserver allow imgdomains
> cache_peer_access imgserver deny all
> http_access allow imgdomains
>
> and this
>
> Acl mylan src 127.0.0.1
> http_reply_access allow mylan
> http_reply_access allow all
>
>
> Thanks for all your help
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Thursday, September 18, 2008 12:46 AM
> To: Gustavo Lazarte
> Cc: Amos Jeffries;squid-users_at_squid-cache.org
> Subject: RE: [squid-users] Fedora
>
>> What I had in the 2.4 version was a Cache-image server. The load balancer
>> will receive request from clients and send the image request to the
>> Squid-cache server and content to the webserver. So this unit will be set
>> up in a datacenter to help unload some of the incoming traffic. The
>> Squid-cache server should receive the port 80- traffic and then request
>> the images from a webserver
>> And keep them for future request. Right now it looks like the squid server
>> does not even receive port 80 traffic. I look that I need to enable
>> something the config
>>
>
> Ah that explains some of the issues. Put this config at the top of your
> squid.conf (with <your-images-server-domain> changed to the domain name
> being requested for the images):
>
> # for the datacenter to use as regular proxy
> http_port 3128
>
> # for the image server reverse-proxy
> http_port 80 accel vhost
> cache_peer 10.2.0.140 80 0 no-query name=imgserver
> acl imgdomains dstdomain <your-images-server-domain>
> cache_peer_access imgserver allow imgdomains
> cache_peer_access imgserver deny all
> http_access allow imgdomains
>
> # other acl and access controls for normal use go down here.
>
>
> That will let squid process the different modes properly. 2.6+ can have
> multiple ports of different types running no problem.
>
> The datacenter requests (and any attacks on port 80) will be handled
> normally through your other security settings. But the requests for stuff
> on the images domain names will be passed to the real web server where
> they come from.
>
> Amos
>
>> Thanks
>>
>> -----Original Message-----
>> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
>> Sent: Tuesday, September 16, 2008 9:04 PM
>> To: Gustavo Lazarte
>> Cc: squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] Fedora
>>
>> Gustavo Lazarte wrote:
>>> The service is up but is not getting any content from the destination
>>> server. Is there a line I need to change to make it forward traffic to
>>> my target server?
>>>
>> What type of proxy are you trying to setup?
>> Your config is for a standard proxy.
>>
>> Amos
>>
>>> Thanks
>>>
>>>
>>> -----Original Message-----
>>> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
>>> Sent: Tuesday, September 16, 2008 7:38 AM
>>> To: Gustavo Lazarte
>>> Cc: squid-users_at_squid-cache.org
>>> Subject: Re: [squid-users] Fedora
>>>
>>> Gustavo Lazarte wrote:
>>>> I upgraded and now when I am trying to use my squid server to send
>>>> traffic to the site 10.2.0.140 the squid server IP is 10.2.0.150.
>>>>
>>>> I also get the Warning cannot write the log file Permission denied.
>>>>
>>>> Then I try the /usr/local/squid/sbin/squid I get cannot write cache.log
>>>> Permission denied. I use the user nobody for
>>>> cache_effective_user
>>> Ah, well, you need to set read+write permission on the log file
>>> directory squid is trying to use and the logs inside it.
>>>
>>>> /usr/local/squid/sbin/squid -z runs correctly
>>>>
>>> Thats good. At least the storage area won't have more of these problems
>>> when squid does start.
>>>
>>> Amos
>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
>>>> Sent: Saturday, September 13, 2008 11:39 AM
>>>> To: Gustavo Lazarte
>>>> Cc: squid-users_at_squid-cache.org
>>>> Subject: Re: [squid-users] Fedora
>>>>
>>>> Gustavo Lazarte wrote:
>>>>> I got the service working. Now my old configuration from version 2.4
>>>>> is not working on 3.0 Stable 2.
>>>> Please do not use 3.0.stable2 under any circumstances. It does not
>>>> perform authentication in any meaningful manner.
>>>>
>>>> For you should use something 3.0.stable7+
>>>>
>>>> 3.0.stable9 is just out with the most current stability fixes..
>>>>
>>>>> In theory the traffic was coming from a load balancer and hit the
>>>>> Proxy server. The proxy server then will request 10.2.0.140 for the
>>>>> content.
>>>>>
>>>>> When I try to start the service with my old configuration is having
>>>>> problems with the following lines, is the syntax different?
>>>>>
>>>>> acl all src 0.0.0.0/0.0.0.0 ***warning***
>>>>> | acl manager proto cache_object
>>>>> | acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst
>>>>> | 127.0.0.0/8 acl ssl_ports ports 443 563 acl safe_port port 80 acl
>>>>> | safe_port ....
>>>>> | acl connect method connect
>>>>> | acl mylan src 127.0.0.1 ***Fatal Error***
>>>>> | acl mysites 10.2.0.140 *** Fatal Error***
>>>>> |
>>>>> | http_access allow manager localhost
>>>>> | http_access deny manager
>>>>> | http_access deny !safe_port
>>>>> | http_access deny to_localhost
>>>>> | http_access allow mysites
>>>>> | http_access deny all
>>>>> |
>>>>> | http_reply_access allow MYLAN ***Fatal Error***
>>>>> | http_reply_access allow all
>>>>>
>>>>> Even with the default config I am not able to telnet to port 80 on the
>>>>> squid server.
>>>> Correct. If squid cannot read it's config it wont be able to start
>>>> operating.
>>>>
>>>> Use a newer version, and please indicate what the warning messages are.
>>>> My informed guess is listed below
>>>>
>>>> acl all src ...
>>>> ** fully built-in now. no need to specify.
>>>>
>>>> acl mylan src 127.0.0.1
>>>> ** weird, check that line for extra text or invisible binary
>>>> characters. same for the other src one.
>>>>
>>>> http_reply_access allow MYLAN
>>>> http_reply_access allow all
>>>>
>>>> ** earlier failure of src ACL above may cause this
>>>> ** only the allow all is needed.
>>>>
>>>> Amos
>>>>
>>>>
>>>
>>
>> --
>> Please use Squid 2.7.STABLE4 or 3.0.STABLE9
>>
>>
>>
>
>
>
>

-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE9