[squid-users] Re: Sibling cache peer for a HTTPS reverse proxy

Amos Jeffries wrote
> Showing that server B is in fact qeuerying server A for the objects. But
> it would seem that server A did not have them cached.
>
> It may be that these responses use Vary: header. ICP does not handle
> that type of response properly. You may get better behaviour using HTCP
> instead of ICP between the siblings.
>
>
> I also note that you have 40GB of RAM allocated to each of these Squid
> instances. Do you actually have over 100GB of RAM on those machines
> (*excluding* swap space)?
>
> Amos

Hi Amos,

Thanks for your reply, i am now using HTCP, still don't get it work :-( ,
here are the configurations,

# Squid Server A
cache_replacement_policy lru
memory_replacement_policy lru
maximum_object_size 1024 MB
maximum_object_size_in_memory 16 MB
cache_dir aufs /usr/local/squid/var/cache 307200 256 256
cache_mem 4096 MB
cache_store_log none

cache_peer app.domain parent 9443 0 no-query originserver ssl login=PASS
sslflags=DONT_VERIFY_PEER
cache_peer_access app.domain allow all

coredump_dir /usr/local/squid/var/cache

http_port 3128
http_access allow all
htcp_port 4827
htcp_access allow all
htcp_clr_access allow all
https_port 9443 cert=/usr/local/squid/etc/server.pem accel
key=/usr/local/squid/etc/privkey.pem vhost

refresh_pattern . 0 20% 4320
cache_mgr admin
cachemgr_passwd 123456 all
buffered_logs on
cache_store_log stdio:/usr/local/squid/var/logs/store.log

# Squid Server B
cache_replacement_policy lru
memory_replacement_policy lru
maximum_object_size 1024 MB
maximum_object_size_in_memory 16 MB
cache_dir aufs /usr/local/squid/var/cache 307200 256 256
cache_mem 4096 MB
cache_store_log none

cache_peer app.domain parent 9443 0 no-query originserver ssl login=PASS
sslflags=DONT_VERIFY_PEER
cache_peer servera.domain sibling 3128 4827 htcp
cache_peer_access app.domain allow all
cache_peer_access servera.domain allow all

coredump_dir /usr/local/squid/var/cache

http_port 3128
http_access allow all
htcp_port 4827
htcp_access allow all
htcp_clr_access allow all
https_port 9443 cert=/usr/local/squid/etc/server.pem accel
key=/usr/local/squid/etc/privkey.pem vhost

refresh_pattern . 0 20% 4320
cache_mgr admin
cachemgr_passwd 123456 all
buffered_logs on
cache_store_log stdio:/usr/local/squid/var/logs/store.log

And here are access logs,

# Squid Server A
1406380411.702 0 172.17.192.145 UDP_MISS/000 0 HTCP_CLR
https://serverb.domain:9443/ccm/service/com.ibm.team.scm.common.IScmService
- HIER_NONE/- -
1406380414.619 0 172.17.192.145 UDP_MISS/000 0 HTCP_CLR
https://serverb.domain:9443/ccm/service/com.ibm.team.scm.common.IScmService
- HIER_NONE/- -
1406380415.128 0 172.17.192.145 UDP_MISS/000 0 HTCP_CLR
https://serverb.domain:9443/ccm/service/com.ibm.team.scm.common.IScmService
- HIER_NONE/- -
1406380416.212 0 172.17.192.145 UDP_MISS/000 0 HTCP_CLR
https://serverb.domain:9443/ccm/service/com.ibm.team.filesystem.common.IFilesystemService
- HIER_NONE/- -

# Squid Server B
...
...
1406380429.286 90 172.17.210.5 TCP_MISS/200 664 GET
https://serverb.domain:9443/ccm/service/com.ibm.team.scm.common.IVersionedContentService/content/com.ibm.team.filesystem/FileItem/_TUaCUK2xEeOvOJ84krOqLg/_aN3NdK2xEeOEJLtkkn17bg/DjuXbV8AG7VOyHf-ds_UzKy02yApE33wddUBirD98Lo
- FIRSTUP_PARENT/172.17.96.148 application/octet-stream
1406380429.290 137 172.17.210.5 TCP_MISS/200 11040 GET
https://serverb.domain:9443/ccm/service/com.ibm.team.scm.common.IVersionedContentService/content/com.ibm.team.filesystem/FileItem/_TVSMEa2xEeOvOJ84krOqLg/_aPuOrK2xEeOEJLtkkn17bg/mogLTY-2R4AJu2OHAShQtBaydLlMgHo34-Cqkzyaxws
- FIRSTUP_PARENT/172.17.96.148 application/octet-stream

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Sibling-cache-peer-for-a-HTTPS-reverse-proxy-tp4667011p4667066.html
Sent from the Squid - Users mailing list archive at Nabble.com.