[squid-users] ESI include fails. Need help with configuration.

From: Bo Bendtsen DR TU Web Publicering <BBEN_at_dr.dk>
Date: Wed, 23 Feb 2011 17:04:26 +0100

Hello,
I'm testing different proxies with ESI, so far I have gotten Varnish [ http://www.varnish-cache.org/ ] to process simple edge side includes. But I'm having trouble getting squid to work: ESI processing fails. I would appreciate any help.

I have two hosts; one with squid3 (esilinuxtst01 10.101.143.70):
Squid Cache: Version 3.1.6
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2' --with-squid=/build/buildd/squid3-3.1.6

Test configuration /etc/squid3/squid.conf:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localnet
http_access allow localhost

http_access deny all

http_port 8080 accel defaultsite=esiwintst01

cache_peer 10.101.143.71 parent 80 0 no-query originserver name=myAccel

acl our_sites dstdomain esiwintst01 esiwintst01.net.dr.dk
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all

debug_options ALL,3

coredump_dir /var/spool/squid3

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

And a webserver on the other (esiwintst01 10.101.143.71). Configured to add the response header Surrogate-Control: content="ESI/1.0"
Test content:
<!DOCTYPE html>
</script>
<html lang="da">
<head>
    <title>Hello World</title>
</head>
<body>
    Hello:
    <ul>
        <li>1 </li>
<esi:remove><li>2</li></esi:remove>
        <li>3 </li>
        <li>
<esi:include src="/EsiTest/4.txt" />
        </li>
    </ul>
</body>
</html>

-- 
--------------------------------------------------------------------------------------------
Bo Bendtsen
It-Konsulent, DR TU Online
DR
DR Byen
DK-0999 København C
www.dr.dk
--------------------------------------------------------------------------------------------
Received on Wed Feb 23 2011 - 16:04:34 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 23 2011 - 12:00:03 MST