I've spent a few hours on this, and don't get it. Any help would be
appreciated as to why this error is here. (other than the obvious fact that
too few redirector processes are running:))
Below is the cache log, my mostly uncommented squid.conf and the redirector
script I am using.
On a test box, this setup runs fine. When I went to install it on a
production server, this happens. Somewhere along the line of building the
test box and going to the live one something, somewhere, changed, but I'm at
a loss as to what it is.
With the below setup, I can use squid (on the test box) and hit 3 back end
webservers in ssl mode, after being ldap auth'd, by basically going to
website.com/site1, website.com/site2, and website.com/site3 with the 3 sites
being 3 different webservers. Each site needs the webpages to all reside
within the URI (site1, site2, site3) and to the client it just looks like
one big site ie: website.com/extranet, website.com/intranet,
website.com/hr_functions, etc. Easy for the user and we only need one SSL
cert too.
==================Cache.log=================
> more /opt/squid-3/var/logs/cache.log
::::::::::::::
/opt/squid-3/var/logs/cache.log
::::::::::::::
FATAL: Too few redirector processes are running
Squid Cache (Version 3.0-PRE3-20040615): Terminated abnormally.
CPU Usage: 0.039 seconds = 0.028 user + 0.011 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena: 2796 KB
Ordinary blocks: 2703 KB 4 blks
Small blocks: 0 KB 1 blks
Holding blocks: 1388 KB 7 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 92 KB
Total in use: 4091 KB 146%
Total free: 92 KB 3%
==========end of cache.log=================
=====start of squid.conf====================
# WELCOME TO SQUID 3.0-PRE3-20040615
# ----------------------------
https_port 443 vhost cert=/opt/key/squid_cert.pem key=/opt/key/squid_key.pem
vhost
https_port 443 vhost cert=/opt/key/squid_cert.pem key=/opt/key/squid_key.pem
vhost
icp_port 3130
cache_peer 10.y.x.11 parent 80 0 originserver no-query no-digest proxy-only
login=*:password front-end-https
### added for kevin
cache_peer 10.y.x.22 parent 80 0 originserver no-query no-digest proxy-only
login=*:password front-end-https
cache_peer 10.y.x.44 parent 80 0 originserver no-query no-digest proxy-only
login=*:password front-end-https
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir aufs /opt/squid-3/var/cache 100 16 256
#Default:
# debug_options ALL,1
debug_options 11,4
redirect_program /opt/squid-3/matt-redirector.pl
redirect_children 10
redirect_rewrites_host_header on
auth_param basic program /opt/squid-3/libexec/squid_ldap_auth -u uid -D
"cn=adminuser, o=lna" -w password -b o=lna -f uid=%s 10.y.x.5:389
auth_param basic children 5
auth_param basic concurrency 0
auth_param basic realm "--> Website Rp2 <--"
auth_param basic credentialsttl 3600 second
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# REQUIRED: some ACLs to permit traffic
acl linuxbox_net src all
acl lhost src 127.0.0.1
acl authenticated proxy_auth REQUIRED
# Allow downstream proxies to access us without auth
# (they will auth themselves)
acl downstream_proxies src 10.y.x.2
http_access allow downstream_proxies
http_access allow linuxbox_net authenticated
http_access allow lhost authenticated
acl i2_host dst 10.y.x.11/255.255.255.255
cache_peer_access 10.y.x.11 allow i2_host
cache_peer_access 10.y.x.11 deny all
### added for kevin 7-6-04
acl kevin_test dst 10.y.x.22/255.255.255.255
cache_peer_access 10.y.x.22 allow kevin_test
cache_peer_access 10.y.x.22 deny all
### tws webserver
acl tws_host dst 10.y.x.44/255.255.255.255
cache_peer_access 10.y.x.44 allow tws_host
cache_peer_access 10.y.x.44 deny all
# route around cache_peer by default
acl peer_dest dst 10.y.x.11/255.255.255.255 10.y.x.22/255.255.255.255
10.y.x.44/255.255.255.255
# And finally deny all other access to this proxy
http_access deny all
# and finally allow by default
http_reply_access allow all
#Allow ICP queries from everyone
icp_access allow all
cache_effective_user nobody
#Default:
# icp_hit_stale off
icp_hit_stale on
# Leave coredumps in the first cache dir
coredump_dir /opt/squid-3/var/cache
=========end of squid.conf=============
====redirector perl script=========
#!/usr/bin/perl
# Debugging output sent to syslog -- try "tail -f /var/log/messages"
# to see the output.
use Sys::Syslog;
openlog("squid-redir-$$", "ndelay", "");
# Disable stdio buffering (you want this)
$|=1;
# This is the redirector loop--we need to handle
# each line of standard input, each is a client-sent
# URL, what we print is the redirected/transformed URL
my $url;
my $nurl;
while ($url = <>) {
chomp($url);
if($url =~
"https?://(website\.com|10\.y\.x\.1|127\.0\.0\.1)(:[\\d]+)?/intranet(/?)(.*)
") {
$nurl = "http://10.y.x.11/intranet/$4";
syslog("info", "MOD_CASE 1: got <<$url>> sending <<$nurl>>\n");
print $nurl, "\n";
next;
}
if($url =~
"https?://(website\.com|10\.y\.x\.1|127\.0\.0\.1)(:[\\d]+)?/kevin_web(/?)(.*
)") {
$nurl = "http://10.y.x.22/kevin_web/$4";
syslog("info", "MOD_CASE 2: got <<$url>> sending <<$nurl>>\n");
print $nurl, "\n";
next;
}
elsif($url =~
"https?://(website\.com|10\.y\.x\.1|127\.0\.0\.1)(:[\\d]+)?/tws_web(/?)(.*)"
) {
$nurl = "http://10.y.x.44/tws_web/$4";
syslog("info", "MOD_CASE 1: got <<$url>> sending <<$nurl>>\n");
print $nurl, "\n";
next;
}
else {
# just give the client back what it sent
syslog("info", "NO_MOD_CASE: got <<$url>> sending <<$url>>\n");
print $url, "\n";
next;
}
}
# not reached
closelog();
exit(0);
================end of perl redirector===============
Received on Mon Jul 19 2004 - 13:39:44 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT