Re: [squid-users] Reverce proxy setup with neighboor support

From: Chris Robertson <crobertson_at_gci.net>
Date: Wed, 16 Dec 2009 12:10:55 -0900

Nikolaos Pavlidis wrote:
> Hello all,
>
> I figured the easiest way to describe what I am trying to do is to...
> draw it. First of all pardon my ignorance since I am relatively new to
> squid. Any help will be much appreciated.
>
>
> The Problem:
>
> Dec 9 17:42:35 cache2 squid[27234]: WARNING: Forwarding loop detected
> for: Client: <cache1_IP> http_port: <cache2_IP>:3128 GET
> internal://site1.domain.com/squid-internal-dynamic/netdb HTTP/1.0 Via:
> 1.0 site1.domain.com:80 (squid) X-Forwarded-For: unknown Host:
> <cache2_IP>:3128 Cache-Control: max-age=259200 Connection:
> keep-alive
>
>
>
>
> Reverse proxy Setup:
>
> O F5 load balanced vhost
> | (DNS A name resolving site1.domain.com
> | site2.domain.com
> | site3.domain.com etc.)
> |
> |---------------|
> | |
> | |
> cache1 O---------------O cache2
> |
> |
> |
> |
> O---------------O--------------O
> web1 web2 web3
> site1 site3 site4
> site2 site5
>
> Desired path:
> 1. Request for site1
> 2. F5 load balances request to cache1
> 3. cache1 checks own cache
> 4. if NO-HIT check cache2
> 5. else go directly to web1
>
> Server:
> 64bit SLES 11
>
> Configuration file (what I have done so far):
>
>
>
SNIP

> cache_peer <web1_IP> parent 80 0 no-query originserver name=web1
> cache_peer <cache2_IP> parent 3128 3130 proxy-only default
>

Cache2_IP should be a sibling...

cache_peer <cache2_IP> sibling 3128 3130 proxy-only

...not a parent, and should not be set as the default. As it stands
now, cache1 is using it's sibling to get to the content (it's the
default parent, after all) and cache2 is using cache1 to pass the
request from cache1 to the content, which passes the request to
cache2... Whoops. Forwarding loop detected.

> acl sites_web1 dstdomain site1.domain.com site2.domain.com
> http_access allow sites_web1
> cache_peer_access web1 allow sites_web1
> cache_peer_access web1 deny all
>
> # ADMINISTRATIVE PARAMETERS
> #
> -----------------------------------------------------------------------------
>
> shutdown_lifetime 3 second
>

This is unlikely going to give Squid enough time to write out it's
logs. While the description indicates this directive might only affect
clients, open descriptors are also used for logs and cache objects.

> httpd_suppress_version_string on
> cache_mgr cachemgr_at_domain.com
>
> # ICP OPTIONS
> #
> -----------------------------------------------------------------------------
>
> log_icp_queries on
>
> # MISCELLANEOUS
> #
> -----------------------------------------------------------------------------
>
> memory_pools_limit 1024 MB
>
> # DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
> #
> -----------------------------------------------------------------------------
>
> coredump_dir /var/spool/squid
>
> -------------------------EO Configuration file -------------------------
>
> Any comments on the configuration would be much appreciated. Thank you
> in advance.
>
> Kind regards,
>
> Nik
>

Chris
Received on Wed Dec 16 2009 - 21:11:05 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 17 2009 - 12:00:02 MST