Re: [squid-users] Squid3 issues

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 20 Mar 2010 03:53:22 +1300

Adam_at_Gmail wrote:
> Hi Amos,
> Thanks for your comments, All I was doing is hit reply, this is the very
> first time ever I used any mailing list
> It doesn't matter anymore, I am sorry if I offended anyone, it was not
> my intention, when I get an email I simply hit reply
> I will try and solve my problems, and if I do get it to work I will
> certainly post the solution for future users who might face the same
> problem
>
> As for now, I just want to thank you all
>
> I have previously installed an older version of Squid compiled it
> manually it wasn't the one packaged with the OS (Ubuntu hardy)
> after few days trying to get it to work, I mean as a reverse proxy, with
> no luck, I removed it, tried the version 3.0 the one that was packaged
> with the Os, I got as far as allowing clients on my network to have
> access to the internet and most of other applications on windows XP
> couldn't connect.

Windows apps sadly often have to be individually configured for the
proxy. A lot are not able to use proxies at all.

For the MS software on WindowsXP, set the IE "Internet Options" then at
the command line running "proxycfg -u".
  That proxycfg -u seems trivial, but it is seriously important for
Windows XP or a lot of HTTP service stuff in the background will not
work even with IE set correctly.
  Also worth noting is that proxy auto-detect is not done by several of
the back-end libraries either. Including windows update :(

>
> anyway this time around I have downloaded it again configured it
> compiled it and installed it, it's not starting but this is a minor
> problem, it's a permission issue rather than anything else.
>
> I just want to say, thank you all, If I do get it to work I will post
> the solution as promised if not that means I have moved on and no longer
> using Squid3.
>
> I will break it down for others to see and it will hopefully help others:
>
> Here it is:
>
> 1) Machine A Proxy-Router
> 2) Machine DSN DHCP
> 3) Web-server One www.example.com
> 4) Web-server Two www.example.org
> 5) Web-server Three www.example.net
> 6) IRC-server / Digichat server
> Plus 5 Windows clients
>
> I wanted a proxy server in the for two good reasons, one is for
> loadbalancing and second for an extra layer of security
> Currently I have all of the three websites above running on a single
> machine on a virtualhosts, but it's too much for one machine to handle
> all the requests.
>
> I always wanted to use a proxy server but I was putting it off.
> a) I knew it was going to be a challenge
> b) I was trying to get sometime off in order to do it properly
> Basically all I wanted for now is to forward all requests to the
> relevant backend servers, to which I knew it was going to be a challenge

The "IRC-server / Digichat server" may not be proxy-able at all through
Squid. It depends if they use HTTP services, or if they are accessible
via HTTP.

For the reverse proxying of your websites:
  pick one of the web servers to start with and this is the wiki article
you need for that website:
   http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator

Note, the config settings must be going in above all the default
http_access lines currently in your config. The default http_access are
for forward-proxy and will block external access.

Then when thats tested and working, this config describes what to add to
the above to get multiple websites from multiple servers:
   http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers

At this point or even with just one server setup you may hit the FD
overload problem again.

Why: Squid uses 2-3 FD for every request (client, cache file, and maybe
server connections) and clients like making 4-16 requests in parallel
each these days and make them is persistent for many minutes at a
stretch. FD run out fast.
  For reverse-proxies on a fairly used site it may be a good idea to
have many FD available to Squid (64K or even 128K has been cited a needed).

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
   Current Beta Squid 3.1.0.18
Received on Fri Mar 19 2010 - 14:53:30 MDT

This archive was generated by hypermail 2.2.0 : Sat Mar 20 2010 - 12:00:05 MDT