Hi, I am setting up the transparent HTTP/HTTPS proxy cluster with whiltelist only, and stuck at having issue 'ERROR 500: Internal Server Error'. After couple days tuning and digging, I narrow down the problem to directive 'never_direct'.
After removing this line, the error message is gone. But seems sibling cache will only work for HTTP, HTTPS will not go to sibling. Here is my squid.conf snapshot. http_port 3130 http_port 3128 intercept acl allowed_http_sites dstdomain "/etc/squid3/whitelist.txt" http_access allow allowed_http_sites https_port 3129 cert=/etc/squid3/squid.crt key=/etc/squid3/squid.key ssl-bump intercept generate-host-certificates=on dynamic_cert_mem_cache_size=4MB acl SSL_port port 443 http_access allow SSL_port acl allowed_https_sites ssl::server_name "/etc/squid3/ssl_sites.txt" http_access deny all sslcrtd_program /lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 ssl_bump peek step1 ssl_bump stare step2 allowed_https_sites ssl_bump bump step3 ssl_bump terminate step2 all acl container_net src 172.18.0.0/24 tcp_outgoing_address 10.0.8.41 container_net udp_outgoing_address 10.0.8.41 container_net http_access allow container_net cache_peer 10.0.8.48 sibling 3130 3131 ssl sslcafile=/etc/ca.pem sslflags=NO_DEFAULT_CA ssloptions=NO_SSLv3 icp_port 3131 icp_access allow all never_direct allow all # Uncomment and adjust the following to add a disk cache directory. hosts_file /etc/hosts cache_replacement_policy heap LFUDA cache_dir aufs /var/spool/squid3 40000 16 256 maximum_object_size 32 MB log_icp_queries off # Leave coredumps in the first cache dir coredump_dir /var/spool/squid3 Thanks, Lei
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
