Solved

squid not working

Posted on 2006-11-12
10
539 Views
Last Modified: 2013-12-16
I am trying to configure a squid accelerator(a reverse proxy), but it's not working.  I have a web server and a squid server like this.

10.0.0.2         web1 (the apache)
10.0.0.3         s2 (the squid)

I can visit http://web1/ in my browser, but when I visit http://s2/ it says this:

While trying to process the request:

GET / HTTP/1.1
Host: s2
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cache-Control: max-age=0

The following error was encountered:

    * Invalid Request

Here is my config.

visible_hostname s2

http_port 80
defaultsite=web1

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow CONNECT localhost
http_access allow all
http_reply_access allow all
icp_access allow all
cache_effective_user nobody
cache_effective_group nobody
cache_dir aufs /usr/local/squid/var/cache1 100 16 256
cache_dir aufs /usr/local/squid/var/cache2 800 16 256

Can someone point me in the right direction for setting up squid for a first time user?  I am having trouble with the new syntax being used after the changes in squid 2.6.  Should I just use 2.4?
0
Comment
Question by:bryanlloydharris
  • 6
  • 4
10 Comments
 
LVL 43

Expert Comment

by:ravenpl
ID: 17928363
A small guide can be found http://www.deckle.co.za/squid-users-guide/Accelerator_Mode
> 10.0.0.2         web1 (the apache)
> 10.0.0.3         s2 (the squid)
> I can visit http://web1/ in my browser, but when I visit http://s2/ it says this:
Why You want visit http://s2/ ? Is the squid itself serving some webpages? No, therefore it will show You an error.
The Q is, whether visiting http://web1/ goes throught the squid or not.
0
 
LVL 3

Author Comment

by:bryanlloydharris
ID: 17929467
I want to create the squid as an accelerator squid, not a regular squid.  That's the reason I go to s2 instead of web1.

For an accelerator, it tries to help a slow web server by saving the pages.  If it doesn't have the page saved, it gets the page from the real web server.  This is why I go to http://s2/ instead of http://web1/.
0
 
LVL 3

Author Comment

by:bryanlloydharris
ID: 17929470
But then again, I could be doing this wrong..
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 43

Expert Comment

by:ravenpl
ID: 17929515
Have you read the guide?
squid in acceleration mode does not serve any webpages anyway. Therefore it always acts as transparent proxy(it mimics the server, but requires valid URL).
So usually it works that way: client requests http://web1/ but gets redirected to squid. Squid serves as many as it from cache, then connects to real server and caches(if possible) the answer. If squid works as accelerator for one server, You may put the serever name in it's config, otherwise(many servers) squid uses Host: value from http request.
So You see, You can't put in Your browser http:/s2/ url, as this is invalid webpage name.
0
 
LVL 3

Author Comment

by:bryanlloydharris
ID: 17930744
"So usually it works that way: client requests http://web1/ but gets redirected to squid."

Are you saying client connects to web1 but web1 forwards the packets to the squid?  Wouldn't I need to setup iptables to forward the packets with a firewall?
0
 
LVL 3

Author Comment

by:bryanlloydharris
ID: 17930764
Ah yes I've read the guide but I think I'm missing something.  I thought it worked like this:

client -> squid -> webserver

But are you saying it works like the following?

client -> webserver -> squid
    '~----------------------> squid
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17930821
In fact it works: client -> squid -> webserver
But it's transparent to client. Client thinks that there is no squid on the way - that's why it puts http://web1/ in it's browser.

> Wouldn't I need to setup iptables to forward the packets with a firewall?
Yes!
What more, usuall configuration is:
internet ---- firewall with global IP with squid that intercepts any http requests ---- farm of servers on local IPs
0
 
LVL 3

Author Comment

by:bryanlloydharris
ID: 17931988
"In fact it works: client -> squid -> webserver"
That's how I'm trying I think.  But I guess I need to rename the stuff in /etc/hosts so it's web1 instead of s2?
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 500 total points
ID: 17932557
No!
client thinks it connects to webserver directly:  client -> webserver
but some firewall on the way (or DNS) redirect it's to squid. squid knows where to connect either from the Host: header from client's request or is configured statically.
0
 
LVL 3

Author Comment

by:bryanlloydharris
ID: 17933563
Maybe that's why it's not working...
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question