Re: [squid-users] Squid round-robin to 2 Apache's from Amos Jeffries on 2013-02-04 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 05 Feb 2013 19:13:59 +1300

On 5/02/2013 5:28 p.m., PARAM KRISH wrote:
> Amos, Thanks for helping.
>
> I have moved the squid out of server1 to keep them in same ports as
> you recommended. Now here is my setup...
>
> server1 : just squid listening in 80 and 443 (IP: 10.56.8.201)
> server2 : apache1 in 8080 & 443 (IP: 10.56.8.38)
> server3 : apache2 in 8080 & 443 (IP: 10.56.8.39 )
>
>
> When i try http://10.56.8.201 , it gets converted to https but hits
> the "400 Bad Request - You're speaking plain HTTP to an SSL-enabled
> server port"

Try 'ssl' option on your Apache cache_peer lines now.

>
> Removed round-robin from squid.conf as you recommended but that did
> not make a difference either.
>
> Interestingly, When i try it through "curl -vvvv" it tells some access
> denied, not sure what/where access could be denied.
> I am not running "iptables" in any of these 3 servers. I can do a
> telnet to 8080 & 443 from squid to apache servers as well.
>
> < HTTP/1.1 302 Moved Temporarily
> < Server: squid/3.2.3
> < Mime-Version: 1.0
> < Date: Tue, 05 Feb 2013 04:25:48 GMT
> < Content-Type: text/html
> < Content-Length: 0
> < Location: https://10.56.8.201/
> *< X-Squid-Error: 403 Access Denied*
> < X-Cache: MISS from engwikilb1.eng.COMPANY.com
> <http://engwikilb1.eng.COMPANY.com>
> < Via: 1.1 engwikilb1.eng.COMPANY.com
> <http://engwikilb1.eng.COMPANY.com> (squid/3.2.3)
> < Connection: keep-alive

Small artifact of using deny_info to redirect. You can ignore these.

> <
> * Connection #0 to host 10.56.8.201 left intact
> * Closing connection #0
>
>
> To make it simple for the discussion, we can talk only for the domain:
> eng.COMPANY.com <http://eng.COMPANY.com>.
> If it works i can proceed for the other domain "company.com
> <http://company.com>".
>
> Am i missing something ? Please find attached the squid.conf and the
> access, cache.logs for you to look at.
>
> I have masked the domain as "newwikid.company.com
> <http://newwikid.company.com>" everywhere.
> I think what i am hitting must be very trivial for experts like you to
> crack in a min.
>
> Thanks much for the help.
>
>
> -PK

Amos
Received on Tue Feb 05 2013 - 06:14:06 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 05 2013 - 12:00:03 MST