Hi Amos,
I made the changes suggested, biut still getting TCP_MISS_ABORTED/502.
The test I’m performing is via a simple curl:
curl https://local.server.fqdn/some/file/path -H "Authorization: Basic
base64_auth" -o ~/Downloads/test
The Apache logs for the parent (public.server.fqdn), show:
[12/
Hello, apologies in advance for the silly question.
We are having some stability issues with our squid farms after a recent upgrade
from Centos/Squid 3.5.x to Ubuntu/Squid 5.7/6.9. I wonder if anyone here has
seen something similar, and might have some suggestion about what we are
obviously mi
To test, I changed the parent url to my blog.. and was able to download an item
there via squid-cache.. so the issue seems to be when downloading from a parent
which requires authentication.
Regards,
Ben.
From: Ben Toms
Date: Friday, 12 July 2024 at 10:29
To: squid-users@lists.squid-cache.org
On 12/07/24 11:50, Jonathan Lee wrote:
I recommend changing your main port to this:
http_port 3128 ssl-bump
This is set to this when it processes
http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem
Hi,
I my setup (also ubuntu) I have made these changes :
root@proxy: # cat /etc/security/limits.d/squid.conf
squidsoftnofile 64000
squidhardnofile 65500
root@proxy: # cat /etc/squid/squid.conf | grep max_file
max_filedesc 64000
This force the system limits for squid pr
Seems that my issue is similar to -
https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication
Regards,
Ben.
From: Ben Toms
Date: Friday, 12 July 2024 at 12:07
To: squid-users@lists.squid-cache.org
Subject: Re: TCP_MISS_ABORTED/502
To test, I changed the parent url
Thanks. We have limits set at 100K, squid can easily reach that. The problem is
that the number of FD in use keeps increasing. A workaround is to restart squid
every time it goes over a certain value, but it’s not really a solution. In the
same situation, with centos and squid 3.5, we seldom wen
On 2024-07-12 06:58, paolo.pr...@gmail.com wrote:
We are having some stability issues with our squid farms after a recent
upgrade from Centos/Squid 3.5.x to Ubuntu/Squid 5.7/6.9.
In short, after running for a certain period the servers run out of file
descriptors. We see a slowly growing numb
On 2024-07-12 08:06, Ben Toms wrote:
Seems that my issue is similar to -
https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication
You are facing up to two problems:
1. Some authenticated responses are not cachable by Squid. Please share
HTTP headers of the resp
On 13/07/24 01:52, Alex Rousskov wrote:
On 2024-07-12 08:06, Ben Toms wrote:
Seems that my issue is similar to -
https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication
You are facing up to two problems:
1. Some authenticated responses are not cachable by Sq
Logs below:
--
2024/07/12 14:57:08.678 kid1| 11,2| http.cc(1263) readReply: conn17
local=squid.cache.ip:42848 remote=public.ip.of.public.server:443 FIRSTUP_PARENT
FD 14 flags=1: read failure: (0) No error.
2024/07/12 14:57:08.678 kid1| 11,2| Stream.cc(273) sendStartOfMessage: HTTP
Clien
Picking up squid again and trying to look at what's going on inside..
Squid on OpenWRT.. wanted to look at mgr:info for file desc, etc..
trying to access the cachemgr.cgi.. as this looks like the new squidclient
Wasn't working etc..
..
debug_options ALL,2
cache_log /tmp/squid_cache.log
..
Think I made the changes Alex requested:
12/Jul/2024:15:36:31 +.640 local.server.ip TCP_MISS_ABORTED/502 3974 GET
https://local.server.fqdn/path/to/file -
FIRSTUP_PARENT/public.ip.of.public.server text/html ERR_READ_ERROR/WITH_SERVER
Regards,
Ben.
From: Ben Toms
Date: Friday, 12 July 202
Thanks I fixed the firewall rules, I am trying tproxy and it seems to help with
speed right now.
Sent from my iPhone
> On Jul 12, 2024, at 04:57, Amos Jeffries wrote:
>
> On 12/07/24 11:50, Jonathan Lee wrote:
>>> I recommend changing your main port to this:
>>>
>>> http_port 3128 ssl-bump
On 2024-07-12 11:38, Ben Toms wrote:
Think I made the changes Alex requested:
12/Jul/2024:15:36:31 +.640 local.server.ip TCP_MISS_ABORTED/502 3974
GET https://local.server.fqdn/path/to/file -
FIRSTUP_PARENT/public.ip.of.public.server text/html
ERR_READ_ERROR/WITH_SERVER
Thank you for us
Hi Alex,
Which log should those be found?
Can’t see “HTTP Server RESPONSE” in the access.log or cache.log.
Regards,
Ben.
From: squid-users on behalf of Alex
Rousskov
Date: Friday, 12 July 2024 at 17:11
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] TCP_MISS_ABORTED/502
On
tested with removal of IP and port failed If I leave port I get this
2024/07/12 09:15:17| Processing: http_port :3128 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
cert=/usr/local/etc/squid/serverkey.pem
cafile=/usr/local/share/certs/ca-root-nss.crt capath=/u
Per your subject question "cachemgr.cgi isn't mgr:info ?"
Correct.
cachemgr.cgi is an old tool to access multiple proxies manager reports.
"mgr:info" is a command line parameter for the squidclient tool to
access a proxies "info" manager report.
Also, commonly used shorthand in Squid commu
Sorry that test was on the 5.8 version I am using that boot environment right
now. All others were on 6.6 does 6.6 support no IP port combo?
Sent from my iPhone
> On Jul 12, 2024, at 09:16, Jonathan Lee wrote:
>
> tested with removal of IP and port failed If I leave port I get this
>
> 2024/0
On 2024-07-12 11:18, Brian Cook wrote:
Picking up squid again and trying to look at what's going on inside..
Squid on OpenWRT.. wanted to look at mgr:info for file desc, etc..
trying to access the cachemgr.cgi.. as this looks like the new squidclient
FWIW, I do not recommend using cachemgr.cg
On 2024-07-12 12:14, Ben Toms wrote:
Which log should those be found?
cache.log (if they are present)
Can’t see “HTTP Server RESPONSE” in the access.log or cache.log.
Sigh. This is one of the reasons I avoid asking folks to study logs
themselves, even ALL,2 logs...
If that line is not
On 13/07/24 04:16, Jonathan Lee wrote:
tested with removal of IP and port failed If I leave port I get this
2024/07/12 09:15:17| Processing: http_port :3128 intercept
No ":" before thr port number.
Amos
___
squid-users mailing list
squid-users@lis
So, with the below config:
https_port 443 accel protocol=HTTPS tls-cert=/usr/local/squid/client.pem
tls-key=/usr/local/squid/client.key
cache_peer public.server.fqdn parent 443 0 no-query originserver no-digest
no-netdb-exchange tls login=PASSTHRU name=myAccel
forceddomain=public.server.fqdn
ac
And, just to confirm.. if I change public.server.fqdn to that my blog
(macmule.com).. I can curl down a file from that via squid-cache fine:
curl -D - https://local.server.fqdn/AutoCasperNBI-AppCast.xml -o /dev/null
% Total% Received % Xferd Average Speed TimeTime Time Current
On 2024-07-12 13:03, Ben Toms wrote:
So the issue seems to be caching content that requires authentication
The client is getting an error response from Squid. That error is
probably not related to caching decisions. I do not recommend focusing
on caching at this stage of triage. I recommend
Thanks, Alex.
Where would I find those headers?
Looking at the origin servers apache logs.. it’s sending a 200 response.
Regards,
Ben
On Fri, 12 Jul 2024 at 18:26, Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 2024-07-12 13:03, Ben Toms wrote:
>
> > So the issue seems to be
On 2024-07-12 13:38, Ben Toms wrote:
Where would I find those headers?
If you have access to the parent Squid proxy, they will be in its
debugging cache.log. You can also get them by capturing network packets
between the parent Squid and origin, but for HTTPS traffic that requires
giving Wi
For the HTTP and https derivative is it better to use tproxy or intercept on
FreeBSD?
Sent from my iPhone
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
Hello, Jonathan,
>> Does anyone know the path to this file "modified file
'src/client_side_request.cc" so I can test it with the patches application
if it doesn’t work no big deal I can just restore it to to prior and or use
an older boot environment
You can find it in the squid sources:
tar -tvz
29 matches
Mail list logo
