[squid-users] not getting persistent connections to an ssl backend

From: rob yates <robertyates_at_gmail.com>
Date: Fri, 2 Dec 2011 11:48:09 -0500


we are trying to set squid up as an SSL reverse proxy in front of SSL.
 The flow is browser -> ssl -> squid -> ssl -> application.

When we do this we're not seeing persistent connections being used for
the backend connection. It appears that squid is starting a new SSL
connection for every request vs. keeping one open and using it for
other browser requests.

Is there a way of getting squid configured to maintain and reuse the
persistent connection for different browser requests, we'd ideally
like it to maintain the connection for 5 mins. We're running on squid
2.6 and the pertinent bit of squid.conf is below, we're using the
defaults for everything else.

We're using tcpdump to see that the connection keeps getting
terminated and reopened with every request.

I am happy to upgrade if that is what is needed.

We have changed the pconn_timeout setting but it has no effect.

Certainly appreciate any help,



https_port cert=/etc/pki/tls/certs/www.
daily2.crt key=/etc/pki/tls/private/daily2.key accel
defaultsite=www.daily2.com vhost
https_port cert=/etc/pki/tls/certs/apps.daily2.crt
key=/etc/pki/tls/private/daily2.key accel defaultsite=apps.daily2.com

cache_peer parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=f5www login=PASS
cache_peer parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=f5apps login=PASS

acl engage_sites dstdomain www.daily2.com
http_access allow engage_sites
cache_peer_access f5www allow engage_sites

acl engage_sites dstdomain apps.daily2.com
http_access allow engage_sites
cache_peer_access f5apps allow engage_sites
Received on Fri Dec 02 2011 - 16:48:16 MST

This archive was generated by hypermail 2.2.0 : Mon Dec 05 2011 - 12:00:03 MST