On 21/09/10 00:02, Nikolaos Pavlidis wrote:
> Hello Amos, all,
>
> Many thanks for taking a look at my config!
>
> Comments inline (easier)
>
> On Fri, 2010-09-17 at 23:17 +1200, Amos Jeffries wrote:
>> On 17/09/10 19:32, Nikolaos Pavlidis wrote:
>>> Hello Amos, all,
>>>
>>> Thank you for your response. As far as understanding what you mean I do
>>> (thats something at least) but I fail to see how this will be syntaxed
>>
>> Answers inline.
>>
>>>
>>> My config is as follows please advise(this is not working of course):
>>>
>>> # NETWORK OPTIONS
>>> #
>>> -----------------------------------------------------------------------------
>>> http_port 80 accel defaultsite=www.domain.com vhost
>>> https_port 443 cert=/etc/squid/uob/sid_domain.crt
>>> key=/etc/squid/uob/sid_domain.key cafile=/etc/squid/uob/sid_domain.ca
>>> defaultsite=sid.domain.com vhost
>> >
>> > https_port 443 cert=/etc/squid/uob/helpdesk_domain.crt
>> > key=/etc/squid/uob/helpdesk_domain.key
>> > cafile=/etc/squid/uob/helpdesk_domain.ca defaultsite=helpdesk.domain.com
>> > vhost
>>
>> The pubic-facing IP address is needed to open multiple same-numbered ports.
>>
>> (wrapped for easy reading)
>>
>> https_port 10.0.0.1:443 accel vhost defaultsite=sid.domain.com
>> cert=/etc/squid/uob/sid_domain.crt
>> key=/etc/squid/uob/sid_domain.key
>> cafile=/etc/squid/uob/sid_domain.ca
>>
>> https_port 10.0.0.2:443 accel vhost defaultsite=helpdesk.domain.com
>> cert=/etc/squid/uob/helpdesk_domain.crt
>> key=/etc/squid/uob/helpdesk_domain.key
>> cafile=/etc/squid/uob/helpdesk_domain.ca
>>
>>
> Unfortunately that did not work! If I define an IP address on the port
> it just stops working for some reason! squid reloads with no errors but
> access to the host times out.
>
SSL is on the edge of my knowledge field. This is a bit of a black box
to me now.
Hopefully someone else here knows more details of what to test.
To me it sounds a little like the SSL layer is failing to be setup or
something. For example if the IP does not match the certificate info
domain rDNS, or Host: domain matching the cert, etc.
debug_options 83,6 may have something relevant if it's something
detected by Squid.
<snip>
>>>
>>> # OPTIONS FOR TUNING THE CACHE
>>> #
>>> -----------------------------------------------------------------------------
>>> refresh_pattern ^ftp: 1440 20% 10080
>>> refresh_pattern ^gopher: 1440 0% 1440
>>> refresh_pattern -i \.css 1440 50% 2880 override-expire
>>> refresh_pattern -i \.swf 1440 50% 2880 ignore-reload override-expire
>>
>> Missing:
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>>
> That is actually not suggested for our CMS at the moment :/
>
huh? it specifies that dynamic pages are not to be cached unless they
have Cache-Control/Expires. Not having this causes dynamic pages to be
stored for maybe long periods after they should have been updated.
If there are parts of the site that it matches and are supposed to be
cached for a while, add rules above it for those specific site parts.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2Received on Mon Sep 20 2010 - 12:41:50 MDT
This archive was generated by hypermail 2.2.0 : Mon Sep 20 2010 - 12:00:03 MDT