squid and apache
This is a discussion on squid and apache within the Linux Networking forums, part of the Linux Forums category; Hi, I though i'd try again. I am still having problems getting Squid working as a transparent proxy while ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-23-2003
|
|||
|
|||
squid and apache
Hi, I though i'd try again. I am still having problems getting Squid
working as a transparent proxy while also accelerating Apache. The server has a public and private NIC, and I'm using IPCHAINS (I'm using RH 7.1 (2.4.2-2). I have configured IPCHAINS in the following manner: IPCHAINS -A input -j REDIRECT 3128 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80 and I also have the Policy for Forward set to MASQ, the policy for input and output is ACCEPT. I have also turned on forwarding. I have told Apache to use 127.0.0.1 port 80 and I have also told Squid that that's where it can find it. (This solution/idea I found somewhere on the net, don't know if it is a good one). I have included both the squid.conf and httpd.conf in the bottom of this message (appologies to dial-up users for the length, but I feel it's necessary). At the moment Squid is working fine as a transparent cache, but when I try to access Apache from another computer on the LAN or from the server I get a message from squid but the message depends on wether I connected via telnet or via a browser (?!) the messages are: (from telnet) Connection Lifetime Expired Squid has terminated the request because it has exceeded the maximum connection lifetime. (from a browser) The following error was encountered: Connection Failed The system returned: (110) Connection timed out In the squid access.log I just see the request for the page. In the httpd error.log there is nothing. It should be noted that if I terminate Squid then I can connect (from the server offcourse) to 127.0.0.1 port 80 and get the testpage without problem. So it seems that Squid can't find the apache server. Question is..... why not? I am really stuck. So I hope someone can help me, either with configuring it this way, or by doing some other trick? Maybe bypass squid and go straight to apache, but how to do that with IPCHAINS? Also I can't seem to find any good information anywhere on how to set it up this way (i.e. transparent cache with acceleration for apache on same server with two nic's) and I am sure it has been done many times before so links are welcome!. Regards, Tobias Skytte ************************************************** ******************** squid.conf (comments grep'd out, public IP's and domain names sanitized): ************************************************** ******************** http_port 192.168.10.1:3128 http_port 192.168.10.1:80 http_port 196.28.xxx.yyy:3128 http_port 196.28.xxx.yyy:80 icp_port 0 tcp_outgoing_address 0.0.0.0 udp_incoming_address 0.0.0.0 udp_outgoing_address 0.0.0.0 cache_mem 16 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 8192 KB minimum_object_size 0 KB ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 cache_dir ufs /var/spool/squid 2000 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log ftp_user user@ ftp_passive on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 192.168.10.1-192.168.10.254/255.255.255.0 acl iznogood src 196.28.xxx.yyy/255.255.255.254 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl CONNECT method CONNECT http_access allow all icp_access allow all iznogood localhost manager cache_mgr hostmaster@nowhere hostname_aliases ftp.nowhere hostname_aliases www.nowhere hostname_aliases ns.nowhere hostname_aliases mail.nowhere httpd_accel_host 127.0.0.1 httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on ************************************************** ****************** httpd.conf (comments grep'd out, public IP's and domain names sanitized): ************************************************** ****************** ServerType standalone ServerRoot "/etc/httpd" LockFile /var/lock/httpd.lock PidFile /var/run/httpd.pid ScoreBoardFile /var/run/httpd.scoreboard Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 MinSpareServers 5 MaxSpareServers 20 StartServers 8 MaxClients 150 MaxRequestsPerChild 100 Listen 127.0.0.1:80 BindAddress 127.0.0.1 LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule env_module modules/mod_env.so LoadModule config_log_module modules/mod_log_config.so LoadModule agent_log_module modules/mod_log_agent.so LoadModule referer_log_module modules/mod_log_referer.so LoadModule mime_module modules/mod_mime.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule status_module modules/mod_status.so LoadModule info_module modules/mod_info.so LoadModule includes_module modules/mod_include.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule dir_module modules/mod_dir.so LoadModule cgi_module modules/mod_cgi.so LoadModule asis_module modules/mod_asis.so LoadModule imap_module modules/mod_imap.so LoadModule action_module modules/mod_actions.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so LoadModule anon_auth_module modules/mod_auth_anon.so LoadModule db_auth_module modules/mod_auth_db.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so LoadModule setenvif_module modules/mod_setenvif.so <IfDefine HAVE_PERL> LoadModule perl_module modules/libperl.so </IfDefine> <IfDefine HAVE_PHP> LoadModule php_module modules/mod_php.so </IfDefine> <IfDefine HAVE_PHP3> LoadModule php3_module modules/libphp3.so </IfDefine> <IfDefine HAVE_PHP4> LoadModule php4_module modules/libphp4.so </IfDefine> <IfDefine HAVE_DAV> LoadModule dav_module modules/libdav.so </IfDefine> <IfDefine HAVE_ROAMING> LoadModule roaming_module modules/mod_roaming.so </IfDefine> <IfDefine HAVE_SSL> LoadModule ssl_module modules/libssl.so </IfDefine> ClearModuleList AddModule mod_vhost_alias.c AddModule mod_env.c AddModule mod_log_config.c AddModule mod_log_agent.c AddModule mod_log_referer.c AddModule mod_mime.c AddModule mod_negotiation.c AddModule mod_status.c AddModule mod_info.c AddModule mod_include.c AddModule mod_autoindex.c AddModule mod_dir.c AddModule mod_cgi.c AddModule mod_asis.c AddModule mod_imap.c AddModule mod_actions.c AddModule mod_userdir.c AddModule mod_alias.c AddModule mod_rewrite.c AddModule mod_access.c AddModule mod_auth.c AddModule mod_auth_anon.c AddModule mod_auth_db.c AddModule mod_expires.c AddModule mod_headers.c AddModule mod_so.c AddModule mod_setenvif.c <IfDefine HAVE_PERL> AddModule mod_perl.c </IfDefine> <IfDefine HAVE_PHP> AddModule mod_php.c </IfDefine> <IfDefine HAVE_PHP3> AddModule mod_php3.c </IfDefine> <IfDefine HAVE_PHP4> AddModule mod_php4.c </IfDefine> <IfDefine HAVE_DAV> AddModule mod_dav.c </IfDefine> <IfDefine HAVE_ROAMING> AddModule mod_roaming.c </IfDefine> <IfDefine HAVE_SSL> AddModule mod_ssl.c </IfDefine> Port 80 User apache Group apache ServerAdmin hostmaster@nowhere ServerName www.nowhere DocumentRoot "/var/www/html" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/var/www/html"> Options Indexes Includes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> UserDir public_html DirectoryIndex index.html index.htm index.shtml index.php index.php4 index.php3 index.cgi AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> CacheNegotiatedDocs UseCanonicalName On TypesConfig /etc/mime.types DefaultType text/plain <IfModule mod_mime_magic.c> MIMEMagicFile conf/magic </IfModule> HostnameLookups Off ErrorLog /var/log/httpd/error_log LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog /var/log/httpd/access_log combined ServerSignature On Alias /icons/ "/var/www/icons/" <Directory "/var/www/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" <Directory "/var/www/cgi-bin"> AllowOverride None Options ExecCGI Order allow,deny Allow from all </Directory> IndexOptions FancyIndexing AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ DefaultIcon /icons/unknown.gif ReadmeName README.html HeaderName HEADER.html AddEncoding x-compress Z AddEncoding x-gzip gz tgz AddLanguage en .en AddLanguage fr .fr AddLanguage de .de AddLanguage da .da AddLanguage el .el AddLanguage it .it LanguagePriority en fr de <IfModule mod_php4.c> AddType application/x-httpd-php .php4 .php3 .phtml .php AddType application/x-httpd-php-source .phps </IfModule> <IfModule mod_php3.c> AddType application/x-httpd-php3 .php3 AddType application/x-httpd-php3-source .phps </IfModule> <IfModule mod_php.c> AddType application/x-httpd-php .phtml </IfModule> AddType application/x-tar .tgz AddType text/html .shtml AddHandler server-parsed .shtml AddHandler imap-file map BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 <IfModule mod_perl.c> Alias /perl/ /var/www/perl/ <Location /perl> SetHandler perl-script PerlHandler Apache::Registry Options +ExecCGI </Location> </IfModule> <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from .itservices.co.mz </Location> Alias /doc/ /usr/share/doc/ <Location /doc> order deny,allow deny from all allow from localhost .localdomain Options Indexes FollowSymLinks </Location> <IfDefine HAVE_SSL> Listen 443 SSLSessionCache shm:/var/cache/ssl_gcache_data(524288) <VirtualHost _default_:443> DocumentRoot "/var/www/html" SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key <Files ~ "\.(cgi|shtml)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog /var/log/httpd/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> </IfDefine> 
|
Linear Mode
