Re: [squid-users] Error 503, only when passing through squid

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 5 Mar 2009 15:39:34 +1300 (NZDT)

> Hi,
>
> and thanks for replying.
>
> > What's the output of "http_proxy=http://localhost:3128 wget -O
> /dev/null
> > -S http://www.google.fr/"?
> ----------------------
> # http_proxy=http://localhost:3128 wget -O /dev/null -S
> http://www.google.fr/
> --00:23:13-- http://www.google.fr/
> Resolving localhost... 127.0.0.1
> Connecting to localhost|127.0.0.1|:3128... connected.
> Proxy request sent, awaiting response...
> HTTP/1.0 503 Service Unavailable
> Server: squid/2.6.STABLE6
> Date: Wed, 04 Mar 2009 23:23:13 GMT
> Content-Type: text/html
> Content-Length: 1137
> Expires: Wed, 04 Mar 2009 23:23:13 GMT
> X-Squid-Error: ERR_DNS_FAIL 0
> X-Cache: MISS from gw-gridmip.cict.fr
> X-Cache-Lookup: MISS from gw-gridmip.cict.fr:3128
> Via: 1.0 gw-gridmip.cict.fr:3128 (squid/2.6.STABLE6)
> Proxy-Connection: close
> 00:23:13 ERROR 503: Service Unavailable.
> ----------------------
>
> Actually, it seems that squid only takes the first DNS listed in
> /etc/resolv.conf. If it fails, then
> it does not contact the second one. wget does.
> The first DNS listed is actually localhost, dedicated to the LAN. I should
> configure it to forward
> the requests that it cannot resolve to some masters and then send back the
> answer.
> I do not know yet how to do, but the important thing here is that it is no
> squid problem.
>
> Thanks again for your tip.
>
> Philippe
>

Ah, that was fixed at some point. The current squid all use
/etc/reoslv.conf a lot better.

Amos

>
> Chris Robertson a écrit :
>> Philippe Combes wrote:
>>> Hi all,
>>>
>>> I am a newbie to squid. And I have struggled with its configuration
>>> file for several days, until I got all the desired acl's correctly set.
>>> Then I tried my configuration using wget and... 503.
>>> I fell back to a minimal totally open configuration:
>>> ----------------------
>>> http_port 3128
>>> emulate_httpd_log on
>>> debug_options ALL,5
>>> negative_ttl 0
>>>
>>> acl all src 0.0.0.0/0.0.0.0
>>> acl allsites dst 0.0.0.0/0.0.0.0
>>> acl localhost src 127.0.0.1/255.255.255.255
>>> acl to_localhost dst 127.0.0.0/8
>>> acl SSL_ports port 443 563
>>> acl Safe_ports port 80 20 21 443 563 70 210 1025-65535
>>> acl CONNECT method CONNECT
>>> acl mysite src localhost 192.168.0.0/30 172.16.112.0/24
>>>
>>> http_access allow CONNECT
>>> http_access allow Safe_ports
>>> http_access allow all
>>> http_access allow allsites
>>> http_reply_access allow all
>>>
>>> coredump_dir /var/spool/squid
>>> ----------------------
>>>
>>> But still, I get:
>>> ----------------------
>>> # wget -O - http://www.google.fr/ > /dev/null
>>> --22:29:34-- http://www.google.fr/
>>> Resolving www.google.fr... 74.125.39.147, 74.125.39.99, 74.125.39.103,
>>> ...
>>> Connecting to www.google.fr|74.125.39.147|:80... connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: unspecified [text/html]
>>> Saving to: `STDOUT'
>>>
>>> [ <=> ]
>>> 5,852 --.-K/s in 0.02s
>>>
>>> 22:29:35 (266 KB/s) - `-' saved [5852]
>>>
>>> ######## everything is OK so far
>>>
>>> # http_proxy=http://localhost:3128 wget -O - http://www.google.fr/ >
>>> /dev/null
>>> --22:30:31-- http://www.google.fr/
>>> Resolving localhost... 127.0.0.1
>>> Connecting to localhost|127.0.0.1|:3128... connected.
>>> Proxy request sent, awaiting response... 503 Service Unavailable
>>> 22:30:31 ERROR 503: Service Unavailable.
>>> ----------------------
>>>
>>> Obviously, it is bound to squid. I run CentOS on x86_64 architecture.
>>> I do not join the log files here, because I found them not very
>>> helpful, only logging that there was an 503, without giving more
>>> information about it.
>>> I really do not know what to try now, and any clue would be very
>>> welcome and helpful.
>>
>> What's the output of "cat /selinux/enforce"?
>
> No such file :)
>
>
>> What's the output of "http_proxy=http://localhost:3128 wget -O /dev/null
>> -S http://www.google.fr/"?
> # http_proxy=http://localhost:3128 wget -O /dev/null -S
> http://www.google.fr/
> --00:23:13-- http://www.google.fr/
> Resolving localhost... 127.0.0.1
> Connecting to localhost|127.0.0.1|:3128... connected.
> Proxy request sent, awaiting response...
> HTTP/1.0 503 Service Unavailable
> Server: squid/2.6.STABLE6
> Date: Wed, 04 Mar 2009 23:23:13 GMT
> Content-Type: text/html
> Content-Length: 1137
> Expires: Wed, 04 Mar 2009 23:23:13 GMT
> X-Squid-Error: ERR_DNS_FAIL 0
> X-Cache: MISS from gw-gridmip.cict.fr
> X-Cache-Lookup: MISS from gw-gridmip.cict.fr:3128
> Via: 1.0 gw-gridmip.cict.fr:3128 (squid/2.6.STABLE6)
> Proxy-Connection: close
> 00:23:13 ERROR 503: Service Unavailable.
>
>
>>
>> Also you might want to change your debug options to "ALL,1 5,5" to just
>> get verbose logging related to the socket operations. The debug logging
>> will appear in the cache_log.
>
> I increased the debug logging level as you suggested and, because of the
> output above, I added:
> dns_nameservers 127.0.0.1
> for the nameserver of the squid host is also a DNS. Same error.
> I isolated the part in cache.log that seems to be related to the request
> above (before and after
> having added the dns_nameserver, it is the same, for /etc/resolv.conf
> points at 127.0.0.1 too):
> --------------
> 2009/03/05 00:23:12| commSetSelect: FD 10 type 1
> 2009/03/05 00:23:12| comm_add_close_handler: FD 12, handler=0x42948f,
> data=0x140a6858
> 2009/03/05 00:23:12| commSetTimeout: FD 12 timeout 300
> 2009/03/05 00:23:12| commSetSelect: FD 12 type 1
> 2009/03/05 00:23:12| comm_accept: FD 10: (11) Resource temporarily
> unavailable
> 2009/03/05 00:23:13| comm_select: timeout 194
> 2009/03/05 00:23:13| commSetTimeout: FD 12 timeout 86400
> 2009/03/05 00:23:13| comm_open: FD 13 is a new socket
> 2009/03/05 00:23:13| comm_add_close_handler: FD 13, handler=0x434d26,
> data=0x140a7278
> 2009/03/05 00:23:13| commSetTimeout: FD 13 timeout 60
> 2009/03/05 00:23:13| commConnectStart: FD 13, www.google.fr:80
> 2009/03/05 00:23:13| comm_add_close_handler: FD 13, handler=0x42ac97,
> data=0x140a6b58
> 2009/03/05 00:23:13| commSetSelect: FD 5 type 1
> 2009/03/05 00:23:13| commSetSelect: FD 12 type 1
> 2009/03/05 00:23:13| comm_select: timeout 194
> 2009/03/05 00:23:13| commConnectDnsHandle: Unknown host: www.google.fr
> 2009/03/05 00:23:13| comm_remove_close_handler: FD 13, handler=0x42ac97,
> data=0x140a6b58
> 2009/03/05 00:23:13| commSetTimeout: FD 13 timeout -1
> 2009/03/05 00:23:13| commConnectFree: FD 13
> 2009/03/05 00:23:13| comm_close: FD 13
> 2009/03/05 00:23:13| commCallCloseHandlers: FD 13
> 2009/03/05 00:23:13| commCallCloseHandlers: ch->handler=0x434d26
> 2009/03/05 00:23:13| comm_write: FD 12: sz 1524: hndl 0x424c00: data
> 0x1412e0c8.
> 2009/03/05 00:23:13| commSetSelect: FD 12 type 2
> 2009/03/05 00:23:13| comm_select: timeout 193
> 2009/03/05 00:23:13| commHandleWrite: FD 12: off 0, sz 1524.
> 2009/03/05 00:23:13| commHandleWrite: write() returns 1524
> 2009/03/05 00:23:13| comm_close: FD 12
> 2009/03/05 00:23:13| commCallCloseHandlers: FD 12
> 2009/03/05 00:23:13| commCallCloseHandlers: ch->handler=0x42948f
> ----------------
>
>>
>>>
>>>
>>> Thanks in advance,
>>>
>>> Philippe
>>
>> Chris
>
Received on Thu Mar 05 2009 - 02:41:00 MST

This archive was generated by hypermail 2.2.0 : Thu Mar 05 2009 - 12:00:02 MST