[squid-users] problem using squid as proxy server to load balance reverse-proxies

From: Sri Rao <sri_at_cloudflare.com>
Date: Thu, 10 Feb 2011 12:00:36 -0800

Hi,

I am trying to setup squid as a ssl proxy to load balance btwn
reverse-proxies. I believe the config is right but what is happening
is that squid gets the CONNECT request and connects to the reverse
servers on the right port but forwards the CONNECT request instead of
connecting to them as the originserver. I am pasting the config as it
is right now. I am using localhost as test reverse proxies just for
testing. It Also doesn't seem to be failing to the next peer when the
first one it selects either returns an error(http error code or
connection failure) and I have retry_on_error.

Thanks for your help!

Sri

pid_filename /var/run/squid_sptest.pid
debug_options ALL,1 44,9 26,9 17,9 3,9 5,9 15,9 33,9 39,9 61,9 21,5
http_port 127.0.0.1:7174

hierarchy_stoplist cgi-bin ?

retry_on_error on

refresh_pattern . 0 0% 0
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

acl sp_test myport 7174
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network

acl SSL_ports port 443
acl CONNECT method CONNECT

http_access allow sp_test localhost CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access deny all

cache_peer 127.0.0.1 parent 8174 0 originserver proxy-only no-query
round-robin weight=2 default
cache_peer 127.0.0.12 parent 8174 0 originserver proxy-only no-query
round-robin weight=1

cache_peer_access 127.0.0.1 allow sp_test
cache_peer_access 127.0.0.12 allow sp_test
cache_peer_access 127.0.0.1 deny all
cache_peer_access 127.0.0.12 deny all

never_direct allow sp_test

cache deny all
Received on Thu Feb 10 2011 - 20:00:43 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 11 2011 - 12:00:03 MST