Re: [squid-users] Error 503, only when passing through squid from Philippe Combes on 2009-03-04 (squid-users)

From: Philippe Combes <Philippe.Combes_at_ens-lyon.fr>
Date: Thu, 05 Mar 2009 01:31:00 +0100

Hi,

and thanks for replying.

> What's the output of "http_proxy=http://localhost:3128 wget -O /dev/null
> -S http://www.google.fr/"?
----------------------
# http_proxy=http://localhost:3128 wget -O /dev/null -S http://www.google.fr/
--00:23:13-- http://www.google.fr/
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:3128... connected.
Proxy request sent, awaiting response...
   HTTP/1.0 503 Service Unavailable
   Server: squid/2.6.STABLE6
   Date: Wed, 04 Mar 2009 23:23:13 GMT
   Content-Type: text/html
   Content-Length: 1137
   Expires: Wed, 04 Mar 2009 23:23:13 GMT
   X-Squid-Error: ERR_DNS_FAIL 0
   X-Cache: MISS from gw-gridmip.cict.fr
   X-Cache-Lookup: MISS from gw-gridmip.cict.fr:3128
   Via: 1.0 gw-gridmip.cict.fr:3128 (squid/2.6.STABLE6)
   Proxy-Connection: close
00:23:13 ERROR 503: Service Unavailable.
----------------------

Actually, it seems that squid only takes the first DNS listed in /etc/resolv.conf. If it fails, then
it does not contact the second one. wget does.
The first DNS listed is actually localhost, dedicated to the LAN. I should configure it to forward
the requests that it cannot resolve to some masters and then send back the answer.
I do not know yet how to do, but the important thing here is that it is no squid problem.

Thanks again for your tip.

Philippe

Chris Robertson a écrit :
> Philippe Combes wrote:
>> Hi all,
>>
>> I am a newbie to squid. And I have struggled with its configuration
>> file for several days, until I got all the desired acl's correctly set.
>> Then I tried my configuration using wget and... 503.
>> I fell back to a minimal totally open configuration:
>> ----------------------
>> http_port 3128
>> emulate_httpd_log on
>> debug_options ALL,5
>> negative_ttl 0
>>
>> acl all src 0.0.0.0/0.0.0.0
>> acl allsites dst 0.0.0.0/0.0.0.0
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl to_localhost dst 127.0.0.0/8
>> acl SSL_ports port 443 563
>> acl Safe_ports port 80 20 21 443 563 70 210 1025-65535
>> acl CONNECT method CONNECT
>> acl mysite src localhost 192.168.0.0/30 172.16.112.0/24
>>
>> http_access allow CONNECT
>> http_access allow Safe_ports
>> http_access allow all
>> http_access allow allsites
>> http_reply_access allow all
>>
>> coredump_dir /var/spool/squid
>> ----------------------
>>
>> But still, I get:
>> ----------------------
>> # wget -O - http://www.google.fr/ > /dev/null
>> --22:29:34-- http://www.google.fr/
>> Resolving www.google.fr... 74.125.39.147, 74.125.39.99, 74.125.39.103,
>> ...
>> Connecting to www.google.fr|74.125.39.147|:80... connected.
>> HTTP request sent, awaiting response... 200 OK
>> Length: unspecified [text/html]
>> Saving to: `STDOUT'
>>
>> [ <=> ]
>> 5,852 --.-K/s in 0.02s
>>
>> 22:29:35 (266 KB/s) - `-' saved [5852]
>>
>> ######## everything is OK so far
>>
>> # http_proxy=http://localhost:3128 wget -O - http://www.google.fr/ >
>> /dev/null
>> --22:30:31-- http://www.google.fr/
>> Resolving localhost... 127.0.0.1
>> Connecting to localhost|127.0.0.1|:3128... connected.
>> Proxy request sent, awaiting response... 503 Service Unavailable
>> 22:30:31 ERROR 503: Service Unavailable.
>> ----------------------
>>
>> Obviously, it is bound to squid. I run CentOS on x86_64 architecture.
>> I do not join the log files here, because I found them not very
>> helpful, only logging that there was an 503, without giving more
>> information about it.
>> I really do not know what to try now, and any clue would be very
>> welcome and helpful.
>
> What's the output of "cat /selinux/enforce"?

No such file :)

> What's the output of "http_proxy=http://localhost:3128 wget -O /dev/null
> -S http://www.google.fr/"?
# http_proxy=http://localhost:3128 wget -O /dev/null -S http://www.google.fr/
--00:23:13-- http://www.google.fr/
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:3128... connected.
Proxy request sent, awaiting response...
   HTTP/1.0 503 Service Unavailable
   Server: squid/2.6.STABLE6
   Date: Wed, 04 Mar 2009 23:23:13 GMT
   Content-Type: text/html
   Content-Length: 1137
   Expires: Wed, 04 Mar 2009 23:23:13 GMT
   X-Squid-Error: ERR_DNS_FAIL 0
   X-Cache: MISS from gw-gridmip.cict.fr
   X-Cache-Lookup: MISS from gw-gridmip.cict.fr:3128
   Via: 1.0 gw-gridmip.cict.fr:3128 (squid/2.6.STABLE6)
   Proxy-Connection: close
00:23:13 ERROR 503: Service Unavailable.

>
> Also you might want to change your debug options to "ALL,1 5,5" to just
> get verbose logging related to the socket operations. The debug logging
> will appear in the cache_log.

I increased the debug logging level as you suggested and, because of the output above, I added:
dns_nameservers 127.0.0.1
for the nameserver of the squid host is also a DNS. Same error.
I isolated the part in cache.log that seems to be related to the request above (before and after
having added the dns_nameserver, it is the same, for /etc/resolv.conf points at 127.0.0.1 too):
--------------
2009/03/05 00:23:12| commSetSelect: FD 10 type 1
2009/03/05 00:23:12| comm_add_close_handler: FD 12, handler=0x42948f, data=0x140a6858
2009/03/05 00:23:12| commSetTimeout: FD 12 timeout 300
2009/03/05 00:23:12| commSetSelect: FD 12 type 1
2009/03/05 00:23:12| comm_accept: FD 10: (11) Resource temporarily unavailable
2009/03/05 00:23:13| comm_select: timeout 194
2009/03/05 00:23:13| commSetTimeout: FD 12 timeout 86400
2009/03/05 00:23:13| comm_open: FD 13 is a new socket
2009/03/05 00:23:13| comm_add_close_handler: FD 13, handler=0x434d26, data=0x140a7278
2009/03/05 00:23:13| commSetTimeout: FD 13 timeout 60
2009/03/05 00:23:13| commConnectStart: FD 13, www.google.fr:80
2009/03/05 00:23:13| comm_add_close_handler: FD 13, handler=0x42ac97, data=0x140a6b58
2009/03/05 00:23:13| commSetSelect: FD 5 type 1
2009/03/05 00:23:13| commSetSelect: FD 12 type 1
2009/03/05 00:23:13| comm_select: timeout 194
2009/03/05 00:23:13| commConnectDnsHandle: Unknown host: www.google.fr
2009/03/05 00:23:13| comm_remove_close_handler: FD 13, handler=0x42ac97, data=0x140a6b58
2009/03/05 00:23:13| commSetTimeout: FD 13 timeout -1
2009/03/05 00:23:13| commConnectFree: FD 13
2009/03/05 00:23:13| comm_close: FD 13
2009/03/05 00:23:13| commCallCloseHandlers: FD 13
2009/03/05 00:23:13| commCallCloseHandlers: ch->handler=0x434d26
2009/03/05 00:23:13| comm_write: FD 12: sz 1524: hndl 0x424c00: data 0x1412e0c8.
2009/03/05 00:23:13| commSetSelect: FD 12 type 2
2009/03/05 00:23:13| comm_select: timeout 193
2009/03/05 00:23:13| commHandleWrite: FD 12: off 0, sz 1524.
2009/03/05 00:23:13| commHandleWrite: write() returns 1524
2009/03/05 00:23:13| comm_close: FD 12
2009/03/05 00:23:13| commCallCloseHandlers: FD 12
2009/03/05 00:23:13| commCallCloseHandlers: ch->handler=0x42948f
----------------

>
>>
>>
>> Thanks in advance,
>>
>> Philippe
>
> Chris
Received on Thu Mar 05 2009 - 00:31:06 MST

This archive was generated by hypermail 2.2.0 : Thu Mar 05 2009 - 12:00:02 MST