Question on Many Clients to Many Proxy Lists

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Question on Many Clients to Many Proxy Lists

Wire Cutter
I have an issue with a Squid config I can’t figure out. I’m trying to have a many (Hosts) to many (Up stream proxies) in a single config

I’ve created 4 ports for clients to talk to, then created ACL lists for those ports.  From there I’ve tried (and failed) to create naming groups for cacheing peers, then added those to ACLs and it fails. Any ideas?


Squid multiple ports multiple destinations
Hello there, I want to spawn one squid instance on multiple ports (which I already have). Code: http_port myip:9000 name=first http_port myip:9001

Squid multiple ports multiple destinations
Hello there, I want to spawn one squid instance on multiple ports (which I already have). Code: http_port myip:9000 name=first http_port myip:9001


Any help would be appreciated
--

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Question on Many Clients to Many Proxy Lists

Alex Rousskov
On 11/29/18 7:57 AM, Wire Cutter wrote:

> I’ve created 4 ports for clients to talk to, then created ACL lists for
> those ports.  From there I’ve tried (and failed) to create naming groups
> for cacheing peers, then added those to ACLs and it fails. Any ideas?

Use cache_peer_access to allow http_port X traffic (and only that
traffic) to peer group Y:

  # rules for peer group A
  cache_peer_access peerA1 allow receivedOnPortForPeersA
  cache_peer_access peerA2 allow receivedOnPortForPeersA
  cache_peer_access peerA3 allow receivedOnPortForPeersA
  ...
  # rules for peer group B
  cache_peer_access peerB1 allow receivedOnPortForPeersB
  cache_peer_access peerB2 allow receivedOnPortForPeersB
  ...


Depending on your traffic and needs, you may also need to allow
non-hierarchical requests to go to peer:

  nonhierarchical_direct off

and/or to prohibit direct connections for portX:

  never_direct allow receivedOnPortForPeersA
  never_direct allow receivedOnPortForPeersB


Once you get this working, please make Squid documentation improvements
that would have allowed you to figure this out on your own.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Question on Many Clients to Many Proxy Lists

Wire Cutter
So thats exactly what I did. 

#Rules for Peer group - list 1 
       cache_peer_access peerA1 allow port_8080
       cache_peer_access peerA2 allow port_8080
       cache_peer_access peerA3 allow port_8080
       cache_peer_access peerA4 allow port_8080

#cache_peer
        cache_peer 192.168.1.2 parent 8800 0 round-robin no-query name=peerA1
        cache_peer 192.168.2.2 parent 8800 0 round-robin no-query name=peerA2
        cache_peer 192.168.2.5 parent 8800 0 round-robin no-query name=peerA3
        cache_peer 192.168.2.6  parent 8800 0 round-robin no-query name=peerA4

Then this is the error I get when I start the service 

Nov 30 18:38:11 ubuntu systemd[1]: Starting LSB: Squid HTTP Proxy version 3.x...
Nov 30 18:38:11 ubuntu squid[13974]: Bungled /etc/squid/squid.conf line 3148: cache_peer_access peerA1 allow port_8080
Nov 30 18:38:11 ubuntu squid[13980]: Bungled /etc/squid/squid.conf line 3148: cache_peer_access peerA1 allow port_8080
Nov 30 18:38:11 ubuntu squid[13957]:  * FATAL: Bungled /etc/squid/squid.conf line 3148: cache_peer_access peerA1 allow port_8080
Nov 30 18:38:11 ubuntu systemd[1]: squid.service: Control process exited, code=exited status=3
Nov 30 18:38:11 ubuntu systemd[1]: squid.service: Failed with result 'exit-code'.
Nov 30 18:38:11 ubuntu systemd[1]: Failed to start LSB: Squid HTTP Proxy version 3.x.



On Thu, Nov 29, 2018 at 10:44 AM Alex Rousskov <[hidden email]> wrote:
On 11/29/18 7:57 AM, Wire Cutter wrote:

> I’ve created 4 ports for clients to talk to, then created ACL lists for
> those ports.  From there I’ve tried (and failed) to create naming groups
> for cacheing peers, then added those to ACLs and it fails. Any ideas?

Use cache_peer_access to allow http_port X traffic (and only that
traffic) to peer group Y:

  # rules for peer group A
  cache_peer_access peerA1 allow receivedOnPortForPeersA
  cache_peer_access peerA2 allow receivedOnPortForPeersA
  cache_peer_access peerA3 allow receivedOnPortForPeersA
  ...
  # rules for peer group B
  cache_peer_access peerB1 allow receivedOnPortForPeersB
  cache_peer_access peerB2 allow receivedOnPortForPeersB
  ...


Depending on your traffic and needs, you may also need to allow
non-hierarchical requests to go to peer:

  nonhierarchical_direct off

and/or to prohibit direct connections for portX:

  never_direct allow receivedOnPortForPeersA
  never_direct allow receivedOnPortForPeersB


Once you get this working, please make Squid documentation improvements
that would have allowed you to figure this out on your own.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


--
_________________________________________________________________________________

This transmission may contain information that is privileged, confidential and exempt from disclosure under applicable law.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED.  If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. 

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Question on Many Clients to Many Proxy Lists

Alex Rousskov
On 11/30/18 11:51 AM, Wire Cutter wrote:

> cache_peer_access peerA1 allow port_8080
>
> cache_peer 192.168.1.2 parent 8800 0 round-robin no-query name=peerA1


> Then this is the error I get when I start the service 
>
> Bungled /etc/squid/squid.conf line 3148: cache_peer_access peerA1 allow port_8080

Did you define peerA1 and port_8080 before (you used them on) line 3148?
If not, you should.

Alex.


> On Thu, Nov 29, 2018 at 10:44 AM Alex Rousskov wrote:
>
>     On 11/29/18 7:57 AM, Wire Cutter wrote:
>
>     > I’ve created 4 ports for clients to talk to, then created ACL
>     lists for
>     > those ports.  From there I’ve tried (and failed) to create naming
>     groups
>     > for cacheing peers, then added those to ACLs and it fails. Any ideas?
>
>     Use cache_peer_access to allow http_port X traffic (and only that
>     traffic) to peer group Y:
>
>       # rules for peer group A
>       cache_peer_access peerA1 allow receivedOnPortForPeersA
>       cache_peer_access peerA2 allow receivedOnPortForPeersA
>       cache_peer_access peerA3 allow receivedOnPortForPeersA
>       ...
>       # rules for peer group B
>       cache_peer_access peerB1 allow receivedOnPortForPeersB
>       cache_peer_access peerB2 allow receivedOnPortForPeersB
>       ...
>
>
>     Depending on your traffic and needs, you may also need to allow
>     non-hierarchical requests to go to peer:
>
>       nonhierarchical_direct off
>
>     and/or to prohibit direct connections for portX:
>
>       never_direct allow receivedOnPortForPeersA
>       never_direct allow receivedOnPortForPeersB
>
>
>     Once you get this working, please make Squid documentation improvements
>     that would have allowed you to figure this out on your own.
>
>
>     HTH,
>
>     Alex.
>     _______________________________________________
>     squid-users mailing list
>     [hidden email]
>     <mailto:[hidden email]>
>     http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> --
> _________________________________________________________________________________
>
> This transmission may contain information that is privileged,
> confidential and exempt from disclosure under applicable law.  If you
> are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is STRICTLY PROHIBITED.  If you
> received this transmission in error, please immediately contact the
> sender and destroy the material in its entirety, whether in electronic
> or hard copy format. 

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Question on Many Clients to Many Proxy Lists

Wire Cutter
Yes both were before the cache, but I wasn't calling the correct group in the ACL, which caused the issue. 


Thanks for you help. 

Now to figure out why it's slow

On Fri, Nov 30, 2018 at 2:17 PM Alex Rousskov <[hidden email]> wrote:
On 11/30/18 11:51 AM, Wire Cutter wrote:

> cache_peer_access peerA1 allow port_8080
>
> cache_peer 192.168.1.2 parent 8800 0 round-robin no-query name=peerA1


> Then this is the error I get when I start the service 
>
> Bungled /etc/squid/squid.conf line 3148: cache_peer_access peerA1 allow port_8080

Did you define peerA1 and port_8080 before (you used them on) line 3148?
If not, you should.

Alex.


> On Thu, Nov 29, 2018 at 10:44 AM Alex Rousskov wrote:
>
>     On 11/29/18 7:57 AM, Wire Cutter wrote:
>
>     > I’ve created 4 ports for clients to talk to, then created ACL
>     lists for
>     > those ports.  From there I’ve tried (and failed) to create naming
>     groups
>     > for cacheing peers, then added those to ACLs and it fails. Any ideas?
>
>     Use cache_peer_access to allow http_port X traffic (and only that
>     traffic) to peer group Y:
>
>       # rules for peer group A
>       cache_peer_access peerA1 allow receivedOnPortForPeersA
>       cache_peer_access peerA2 allow receivedOnPortForPeersA
>       cache_peer_access peerA3 allow receivedOnPortForPeersA
>       ...
>       # rules for peer group B
>       cache_peer_access peerB1 allow receivedOnPortForPeersB
>       cache_peer_access peerB2 allow receivedOnPortForPeersB
>       ...
>
>
>     Depending on your traffic and needs, you may also need to allow
>     non-hierarchical requests to go to peer:
>
>       nonhierarchical_direct off
>
>     and/or to prohibit direct connections for portX:
>
>       never_direct allow receivedOnPortForPeersA
>       never_direct allow receivedOnPortForPeersB
>
>
>     Once you get this working, please make Squid documentation improvements
>     that would have allowed you to figure this out on your own.
>
>
>     HTH,
>
>     Alex.
>     _______________________________________________
>     squid-users mailing list
>     [hidden email]
>     <mailto:[hidden email]>
>     http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> --
> _________________________________________________________________________________
>
> This transmission may contain information that is privileged,
> confidential and exempt from disclosure under applicable law.  If you
> are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is STRICTLY PROHIBITED.  If you
> received this transmission in error, please immediately contact the
> sender and destroy the material in its entirety, whether in electronic
> or hard copy format. 



--
_________________________________________________________________________________

This transmission may contain information that is privileged, confidential and exempt from disclosure under applicable law.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED.  If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. 

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users