Re: [squid-users] ultramonkey + squid settings

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 15 May 2009 17:20:45 +1200

Hiroshi Kouda wrote:
> I want to make High Availability place from ultramonkey and squid.
>
> ----------------- -----------------
> | ultramonkey 1| | ultramonkey 2|
> | (active) | | (standby) |
> ----------------- -----------------
> | |
> | |
> ----------------------------
> |
> |
> ----------------------------
> | |
> | |
> ----------------- -----------------
> | squid 1 | | squid 2 |
> ----------------- -----------------
> | |
> | |
> ----------------------------
> |
> |
> -----------------
> | web |
> -----------------
>
> ultramonkey VIP 192.168.4.104
> squid 1 192.168.4.12 VIP 192.168.4.104
> squid 1 192.168.4.13 VIP 192.168.4.104
> web 1 192.168.4.11 VIP 192.168.4.104
>
>
>
> $B",(B This composition can't connect web server
>
>
>
>
> -----------------
> | squid |
> -----------------
> |
> |
> -----------------
> | web |
> -----------------
>
>
> $B",(Bbut,This composition can connect web server
>
>
>
>
> why It is not possible to connect it when ultramonkey passing ?
>

Perhapse ultramonkey does not know what to do with requests for:
http://192.168.4.11/foo when they are forced into 192.168.4.104.

Squid being configured as an open proxy does not care. Just passes
everything to the peer without security checks.

>
>
> config are
>
>
> $B"#(Bultramonkey 1
>
>
> /etc/sysconfig/network-scripts/ifcfg-lo:0
> ----------------------------
> DEVICE=lo:0
> TYPE=Ethernet
> BOOTPROTO=static
> BROADCAST=192.168.4.255
> IPADDR=192.168.4.104
> NETMASK=255.255.255.255
> NETWORK=192.168.4.0
> ONBOOT=yes
> NAME=loopback
> ----------------------------
>
>
> /etc/ha.d/ha.cf
> -----------------------------------------------------------------
> logfile /var/log/ha-log
> logfacility local0
> keepalive 2
> deadtime 30
> warntime 10
> initdead 120
> udpport 694
> baud 19200
>
> ucast bond0 192.168.4.101
> auto_failback on
> watchdog /dev/watchdog
>
> node barancer1 barancer2
> respawn root /usr/local/bin/check_network # check script
> -------------------------------------------------------------------
>
>
> /etc/ha.d/ldirectord.cf
> -------------------------------------------------------------------
> checktimeout=3
> checkinterval=10
> autoreload=yes
> logfile="/var/log/ldirectord.log"
> quiescent=yes
>
>
> virtual=192.168.4.104:80
> real=192.168.4.12:80 gate #squid1
> real=192.168.4.13:80 gate #squid2
> scheduler=wrr
> service=none
> persistent=100
> protocol=tcp
> checktype=connect
> -------------------------------------------------------------------
>
>
> /etc/sysctl.conf
> -------------------------------------------------------------------
> # Kernel sysctl configuration file for Red Hat Linux
> #
> # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
> # sysctl.conf(5) for more details.
>
> # Controls IP packet forwarding
> net.ipv4.ip_forward = 1
>
> # Controls source route verification
> net.ipv4.conf.default.rp_filter = 1
>
> # Do not accept source routing
> net.ipv4.conf.default.accept_source_route = 0
>
> # Controls the System Request debugging functionality of the kernel
> kernel.sysrq = 0
>
> # Controls whether core dumps will append the PID to the core filename.
> # Useful for debugging multi-threaded applications.
> kernel.core_uses_pid = 1
>
> net.ipv4.vs.expire_quiescent_template = 1
> net.ipv4.conf.all.arp_ignore = 1
> net.ipv4.conf.bond0.arp_ignore = 1
> net.ipv4.conf.all.arp_announce = 2
> net.ipv4.conf.bond0.arp_announce = 2
> -------------------------------------------------------------------
>
>
>
>
>
> $B"#(B squid 1
>
> /etc/sysconfig/network-scripts/ifcfg-lo:0
> ----------------------------
> DEVICE=lo:0
> TYPE=Ethernet
> BOOTPROTO=static
> BROADCAST=192.168.4.255
> IPADDR=192.168.4.104
> NETMASK=255.255.255.255
> NETWORK=192.168.4.0
> ONBOOT=yes
> NAME=loopback
> ----------------------------
>
> /usr/local/squid/etc/squid.conf
> -------------------------------------------------------------------
> cache_effective_user squid
> cache_effective_group squid
>
> cache_dir coss /usr/local/squid/var/cache 1024 block-size=512 max-size=1048576
> cache_swap_log /usr/local/squid/var/cache/cache_swap_log
>
> http_port 192.168.4.104:80 accel defaultsite=192.168.4.11
> cache_peer 192.168.4.11 parent 80 0 no-query originserver
>
>
> cache_mem 64 MB
>
> refresh_pattern data/mails/.* 0 25% 43200 ignore-reload
> refresh_pattern data/.* 0 0 0
> refresh_pattern . 0 25% 4320 ignore-reload
>
> client_persistent_connections off
> server_persistent_connections off
>
> acl all src 0.0.0.0/0.0.0.0
> http_access allow all
>
> emulate_httpd_log on
>
> access_log /usr/local/squid/var/logs/access.log common
> cache_log /usr/local/squid/var/logs/cache.log
> cache_store_log /usr/local/squid/var/logs/store.log
>
> forwarded_for off
>
> header_access X-Cache deny all
> header_access X-Squid-Error deny all
> header_access Via deny all
> -------------------------------------------------------------------
>
>
>
> /etc/sysctl.conf
> -------------------------------------------------------------------
> # Kernel sysctl configuration file for Red Hat Linux
> #
> # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
> # sysctl.conf(5) for more details.
>
> # Controls IP packet forwarding
> net.ipv4.ip_forward = 0
>
> # Controls source route verification
> net.ipv4.conf.default.rp_filter = 1
>
> # Do not accept source routing
> net.ipv4.conf.default.accept_source_route = 0
>
> # Controls the System Request debugging functionality of the kernel
> kernel.sysrq = 0
>
> # Controls whether core dumps will append the PID to the core filename.
> # Useful for debugging multi-threaded applications.
> kernel.core_uses_pid = 1
>
> net.ipv4.conf.all.arp_ignore = 1
> net.ipv4.conf.bond0.arp_ignore = 1
> net.ipv4.conf.all.arp_announce = 2
> net.ipv4.conf.bond0.arp_announce = 2
> -------------------------------------------------------------------
>
>
> $B"#(B web
>
> /usr/local/apache2/conf/extra/httpd-vhosts.conf
> -------------------------------------------------------------------
> NameVirtualHost 192.168.4.11:80
>
> <VirtualHost 192.168.4.11:80>
> ServerName images.hogehoge.com
> DocumentRoot /var/www/webroot/common/images
> </VirtualHost>
> -------------------------------------------------------------------
>
>
>
>
>
>
>
>
>
>
> $B"-(B I think that this IP is wrong. ...?
>
>
>
> /usr/local/squid/etc/squid.conf
> -------------------------------------------------------------------
> http_port 192.168.4.104:80 accel defaultsite=192.168.4.11
> cache_peer 192.168.4.11 parent 80 0 no-query originserver
> -------------------------------------------------------------------
>
>
> /usr/local/apache2/conf/extra/httpd-vhosts.conf
> -------------------------------------------------------------------
> NameVirtualHost 192.168.4.11:80
>
> <VirtualHost 192.168.4.11:80>
> -------------------------------------------------------------------

-- 
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
  Current Beta Squid 3.1.0.7
Received on Fri May 15 2009 - 05:20:52 MDT

This archive was generated by hypermail 2.2.0 : Fri May 15 2009 - 12:00:02 MDT