Re: [squid-users] squid.conf and Squid 2.6 vs. Squid 2.7

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 29 Sep 2009 17:24:49 +1200

On Tue, 29 Sep 2009 00:10:35 -0400, Michael Lenaghan <michaell_at_dazzit.com>
wrote:
> I used a Python recipe from PyPi to build, install and configure
> Squid. The same recipe, config, etc. breaks when moving from Squid 2.6
> to Squid 2.7. Other people have reported seeing the same error but no
> one has bothered to track down a fix. I have one now, but I really
> only got it by trying a bunch of different things. Before reporting
> the fix back to various groups I'd like to understand what broke and
> why the change made a difference.
>
> In my particular case Squid was being used as a reverse (caching)
> proxy in an Nginx -> Squid -> Zope chain. Squid was running on port
> 10932 and Zope on 45086. With 2.6 everything worked, but when
> switching to 2.7 Squid's port number became visible in URLs. For
> example, in the main page the href to the logo appeared as:
>
> http://[domain]:10932/logo.jpg
>
> rather than:
>
> http://[domain]/logo.jpg
>
> I've pasted the original conf file below (with domain names and such
> abstracted out), but the fix involved the addition of vport=80 to the
> http_port line:
>
> http_port 127.0.0.1:10932 accel vhost vport=80 defaultsite=[domain]
>
> I've had a very difficult time finding good docs for vhost, vport and
> defaultsite. I've looked and I've searched in many places, but I
> haven't found anything that would help me explain *why* this change
> worked.

Looks like the cleanup made vport= replace the Host: header port. vport by
itself lookup and use the one already there.

From the commit message the fix makes defaultsite= optional when
visible_hostname is set to the wanted value. This simplifies your config a
little.

Ref:
http://www.squid-cache.org/Versions/v2/2.7/changesets/12051.patch
http://bugs.squid-cache.org/show_bug.cgi?id=2192
(comment 4 and 5 describes the options and how they work now).

> Indeed, the bits I did find made me think that perhaps you
> don't need defaultsite when you're using vhost--but I'm not even sure
> about that!

defaultsite= is there to 'fix' client requests which even today omit a
Host: header.
When vhost is used its optional but recommended.
When vhost is not used it might be required. Or it may not, if you only
have one peer and pass all requests there without checking the domain name
like this.

>
> (The 2.7 change notes say that for http_port "Accelerator mode options
> cleaned up (accel, defaultsite, vport, vhost and combinations
> thereof)". Is the difference in behaviour here related to that
> clean-up?)

I would think so yes.

>
> If anyone can explain--or point me to the explanation I missed--I'd
> appreciate it.
>
> === squid.conf created by plone.recipe.squid
>
> # This configuration file requires squid 2.6+. It is untested with squid
> 3.x.

Notes about a 3.x upgrade inline as well...

>
> visible_hostname [domain]
> http_port 127.0.0.1:10932 accel vhost defaultsite=[domain]
> pid_filename /home/[user]/webapps/plone/var/squid.pid
>
> ## Log files (http://wiki.squid-cache.org/SquidFaq/SquidLogs)
> cache_access_log /home/[user]/webapps/plone/var/log/squid-access.log
> cache_log /home/[user]/webapps/plone/var/log/squid-cache.log
> cache_store_log none
>
> # Cache storage
> cache_dir ufs /home/[user]/webapps/plone/var/squidstorage 1000 16 256
> cache_mem 64 MB
> maximum_object_size 10 MB
> maximum_object_size_in_memory 1 MB
>
> # Purge access - zope servers can purge but nobody else
> # (works best if Zope and Apache are on different IPs)
> acl zope_servers src 127.0.0.1
> acl purge method PURGE
> http_access allow zope_servers purge
> http_access deny purge
>
> # Deny caching of POST requests
> acl post_requests method POST
> cache deny post_requests
>
> # Cache Peers
> cache_peer 127.0.0.1 parent 45086 0 no-query originserver login=PASS
> name=server_0
>
> # Cache Peer Access
> acl all src 0.0.0.0/0.0.0.0

Please make that "acl all src all". And note that it needs to be removed
entirely for squid 3.x to work.

>
> cache_peer_access server_0 allow all

Amos
Received on Tue Sep 29 2009 - 05:24:55 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 29 2009 - 12:00:03 MDT