Re: [squid-users] Squid Reserve Proxy Error - Connection to ::1 failed. Help me... from Amos Jeffries on 2011-11-13 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 13 Nov 2011 20:28:17 +1300

On 13/11/2011 6:16 p.m., Bin Zhou wrote:
> Hello everyone. I am building an Apache and Squid Reserve Proxy
> environment. Everything looks good except the last step - Squid. I got
> a error Connection to ::1 failed.....
> Any help would be greatly appreciated. Thank you
>
> Details.....
>
> 1) Servers:
>
> Apache HTTP Server runs on server ark08.maya.com 192.168.220.50, HTTP
> service port is 8001. The Linux firewall wall has been turned off. The
> web page http://ark09.maya.com:8001/hello.py is accessible.
>
> Squid Proxy server runs on server ark09.maya.com 192.168.220.60,
> service port 3128. The following error was encountered while trying to
> retrieve the URL http://ark09.maya.com:3128/hello.py.

So why does Squid believe your Apache IP address is ::1 (aka "localhost") ?
Start by making your Apache listen on that ::1 IP and Squid will be able
to contact it.

Then we get to some config mistakes...

> # Squid normally listens to port 3128
> http_port 3128 transparent vhost vport

This is a NAT interception receiving port. Nothing to do with reverse proxy.

> #http_port 3128 transparent vhost
> #http_port 3128 vhost vport

This last one is a reverse proxy port. But lacks the "accel" mode flag
for enabling reverse proxy. This port is typically 80, since it is the
publicly visible URL port number.

>
> # Peer Web Server Configuration
> cache_peer ark08.maya.com parent 8001 0 no-query originserver name=myAccel
>
> acl my_site dstdomain ark08.maya.com
> http_access allow my_site
> cache_peer_access myAccel allow my_site
> #ache_peer_access myAccel deny all

This is reverse proxy. Although ark08.maya.com seems to resolve to
localhost IP from the machine itself, not the Apache service external
facing IP.
Given that Apache should not have an external facing IP in this setup,
that is fine. Just be aware of the detail.

> # To fix "Unable to forward this request at this time" problem
> always_direct allow all

But then you go and force squid to ignore the cache_peer configuration.
Remove this.

Amos
Received on Sun Nov 13 2011 - 07:35:29 MST

This archive was generated by hypermail 2.2.0 : Sun Nov 13 2011 - 12:00:02 MST