Hi Again,
Well my local network can't access the Internet since I had to put the vhost
option on the http_port 3128
They can access my sites internally not a problem, but the problem is they
can no longer access the internet
I have kept the original config
The only thing I have changed was adding the acceleration mode for my
backend server (sites) and add the vhost option after
the http_port 3128
like this
http_port 3128 vhost
I hope that makes more sense
Regards
Adam
----- Original Message -----
From: "Ron Wheeler" <rwheeler_at_artifact-software.com>
To: "Adam_at_Gmail" <adbasque_at_googlemail.com>; <squid-users_at_squid-cache.org>
Sent: Sunday, March 28, 2010 8:40 PM
Subject: Re: [squid-users] Help with accelerated site
> Are you trying to build an accellerator for your site or a proxy.
>
> Pick one and get it to work.
>
> The config that I sent you is an accelerator.
>
> I would suggest to stick with the accelerator and let your inside guys hit
> your server on port 80.
> 1) Put your backend server back on port 80
>
> http_port 80 accel vhost defaultsite=www.mysite.org
> cache_peer 192.168.1.3 parent 80 .... whatever I had in my config should
> be fine once you change my 81 to 80. I needed to use 81 since I had both
> apache and squid on the same machine. You do not have this problem.
>
>
> This way your inside guys are still hitting your backend the old fashioned
> way and your clients are coming through your front door with a caching
> proxy.
>
> Get rid of the acl stuff until you get it going and then decide how to
> block people.
> Check my acl settings but I do not recall doing anything to control
> access.
>
>
> KISS
>
> Good luck
> Ron
>
>
>
>
> Adam_at_Gmail wrote:
>> Hi Amos,
>> Thanks for your time
>> at the moment my config is as follow it's working as far is the
>> acceleration mode is concerned
>>
>> http_port 80 accel vhost defaultsite=www.mysite.org
>>
>> cache_peer 192.168.1.3 parent 81 0 no-query originserver name=main
>> acl out_sites dstdomain www.mysite.org www.mysite.com
>> www.mysite.net
>>
>> http_access allow our_sites
>> cache_peer_access main allow our_sites
>> cache_peer_access deny all
>>
>> I can access my 3 websites from inside my network and from the "Internet"
>> no problems
>> apart for it being a little slower than before, but it's working
>>
>> The problem I have right now is None of clients can access the internet
>> The error as before "The requested URL could not be retrieved"
>>
>> here is the other part of config
>>
>> acl manager proto cache object
>> acl localhost src 127.0.0.1/32
>> acl to_localhost dst 127.0.0.0/8.0.0.0/32
>> acl localnet src 10.0.0.0/8
>> acl localnet src 172.16.0.0/12
>> acl our_network 192.168.1.0/24
>>
>> http_access allow manager localhost
>> http_access deny manager
>>
>> http_access allow localnet
>> http_access deny all
>>
>> http_access allow our_network
>> http_access deny all
>>
>> htcp_access allow localnet
>> htcp_access deny all
>> icp_access allow localnet
>> icp_access deny all
>>
>> http_port 3128 vhost (note if I remove the vhost I won't access my
>> websites) if I leave it I can't access the internet from my local
>> network)
>>
>> No "Bind" error at this time
>>
>>
>>
>>
>> I hope that would help see if there's anything wrong with the
>> configuration
>>
>> Regards
>> Adam
>>
>>
>>
>> ----- Original Message ----- From: "Amos Jeffries" <squid3_at_treenet.co.nz>
>> To: <squid-users_at_squid-cache.org>
>> Sent: Sunday, March 28, 2010 8:06 AM
>> Subject: Re: [squid-users] Help with accelerated site
>>
>>
>>> Adam_at_Gmail wrote:
>>>> Hi Ron,
>>>> Thanks for your reply and thanks for your time
>>>>
>>>> This is perhaps the 10th time I uninstalled it and reinstalled it
>>>> And this is the very first time I could access my websites internally,
>>>> externally nothing yet, I am still getting the error
>>>
>>> This error:
>>>
>>>> The following error was encountered while trying to retrieve the URL: /
>>>>
>>>
>>> ... appearing in a reverse-proxy setup means Squid received a
>>> reverse-proxy/accelerated request intended for a web server on a port
>>> without "accel" flag configured.
>>>
>>>
>>> Please read all my notes below right to the end of the email before
>>> changing anything. I'm commenting on each fine detail and what it
>>> means...
>>>
>>>>
>>>> My clients can all access the internet, Yes I am sure that there's a
>>>> misconfiguration in my config file but I followed every tutorial
>>>>
>>>> trying desperately to get something up, after a while you're saturated
>>>> and very tired, bouncing from on issue to another
>>>>
>>>
>>> ... so, we need you to stop bouncing and concentrate on one issue at a
>>> time. When we are satisfied that you are understanding that one move on
>>> ...
>>>
>>>> I checked and triple checked my iptables rules everything looks fine so
>>>> far
>>>>
>>>> For instance, my backend server is listening right now on port 81, why
>>>> did I put it on port 81 because I was getting
>>>>
>>>> Cannot bind to .... in the log file
>>>>
>>>> so I changed it to 81 and I am getting the same error, there's
>>>> absolutely nothing else in my entire network that is using that port
>>>>
>>>> So why can't it bind to port 81? You see the type of things that can
>>>> drive you through the wall
>>>>
>>>> at the moment I have only three machines
>>>>
>>>> A is Running the Proxy and the Router (IPTABLES)
>>>>
>>>> B is the back end server
>>>>
>>>> C is the DNS/DHCP servers
>>>>
>>>> And only the backend server that is currently listening on port 81 and
>>>> before that it was listening on port 80
>>>>
>>>> no matter which port I put in my config I get the "Cannot bind to ...."
>>>> in the log file
>>>
>>> ... from the below I'd guess you are changing both the Squid http_port
>>> and the apache listening "Port" entries at the same time in your tests.
>>>
>>>
>>>>
>>>> here is a bit of my config
>>>>
>>>> *********************************************************************
>>>>
>>>> http_port 192.168.1.3:81 accel parent vhost defaultsite=www.mysite.org
>>>
>>> The tutorial and advice so far as I've seen has been to place Squid
>>> listening on "http_port 80 accel vhost" and apache listening on "Port
>>> 81".
>>>
>>> Okay stop here. Check that. Make it so. Restart both software if needed.
>>>
>>> If another "bind" error comes up during the restart let us know right
>>> now.
>>>
>>>
>>> Continue reading...
>>>
>>>>
>>>> cache_peer 192.168.1.3 parent 81 0 no-query originserver name=main
>>>>
>>>
>>> Those two lines are (or 'were' right?) a loop.
>>>
>>> Squid listening on 192.168.1.3 port 81 is to fetch requests from source
>>> server listening on 192.168.1.3 port 81.
>>>
>>> What you should have after my suggested change above is:
>>> Squid listening on port 80 fetched from server on port 81.
>>>
>>>
>>> Test this:
>>> fetch a request for http://192.168.1.3:81/
>>> EXPECTED: results in the apache "it works", or your <VirtualHost *>
>>> site.
>>>
>>> fetch a request for http://192.168.1.3/
>>>
>>> EXPECTED: results in the apache "it works", or your <VirtualHost*> site.
>>> Received through Squid.
>>>
>>>
>>> (using wget, curl, or squidclient to display the response errors the
>>> second fetch there should contains Via: header which is not present in
>>> the first fetch.)
>>>
>>>
>>> IF (and only if) there was no "bind" error, and the headers check above
>>> fails to show a Via: header properly. We work on that in next email...
>>>
>>>
>>>> acl dstdomain our_sites dstdomain www.mysite1.org www.mysite2.com
>>>> www.mysite3.net
>>>>
>>>> http_allow_access main allow our_sites
>>>>
>>>> http_peer_access main deny all
>>>>
>>>> At the moment all of these sites are running on the same server
>>>> (virtualhost)
>>>>
>>>> The only thing I am not sure of is probably the cache_peer directive
>>>>
>>>> "cache_peer 192.168.1.3 parent 81 0 no-query originserver name=main"
>>>>
>>>> If it's wrong then I don't know what to put in there
>>>
>>> The IP address and port of your Apache server.
>>>
>>>
>>> Amos
>>> --
>>> Please be using
>>> Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
>>> Current Beta Squid 3.1.0.18
>>
>>
>
Received on Sun Mar 28 2010 - 19:55:43 MDT
This archive was generated by hypermail 2.2.0 : Mon Mar 29 2010 - 12:00:06 MDT