It's all about the answers!

Ask a question

Setting up squid as reverse proxy server for RTC 4 / tomcat installation


Thorsten Ferres (1357) | asked Feb 22 '13, 8:24 a.m.
I am trying to set up squid (version 3.1.8) as reverse proxy server for an RTC 4.0.1 installation based on Apache Tomcat Version 7.0.25.

I am currently using the following squid.conf:

## setup acceleration proxy
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /opt/tmp 64000 256 256
cache_mem 16384 MB
cache_store_log none
cache_peer <RTC-SERVER_URL> parent 9443 0 no-query originserver name=httpsAccel ssl login=PROXYPASS sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 3128 cert=/etc/squid/server.pem accel key=/etc/squid/privkey.pem vhost
refresh_pattern . 0 20% 4320
cachemgr_passwd disable all
maximum_object_size 1024 MB
maximum_object_size_in_memory 16 MB
buffered_logs on
visible_hostname <PROXY-SERVER-URL>

as described in the article https://jazz.net/library/article/325 but when I try to connect to the <PROXY-SERVER_URL>:3128 I finally get a time-out (after quite a long time). I have tried lots of variations of this squid.conf (used different ports both for the proxy as well as for the RTC-server, added a defaultsite for the https_port) without success.

When I use curl to connect to the proxy, even verbose-output does not give any hints what could be the cause of the hang:

[thferres@ferres4 ~]$ curl -k https://<PROXY-SERVER-URL>:3128/ccm/ -v
* About to connect() to <PROXY-SERVER-URL> port 3128 (#0)
*   Trying <PROXY-SERVER-IP>... connected
* Connected to <PROXY-SERVER-URL> (<PROXY-SERVER-IP>) port 3128 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* NSS error -5990
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

and the logs-files in /var/log/squid/ do not help either.

I am just able to use the squid reverse proxy for an apache2 based http-Server (via SSL) or a tomcat6-based server (via http only).

One answer



permanent link
sam detweiler (12.4k6173200) | answered Feb 22 '13, 11:50 p.m.
edited Feb 22 '13, 11:53 p.m.
I followed that example in https://jazz.net/library/article/325, and it worked perfectly.

here is my test squid.conf (installed on Ubuntu 12.04 64bit)

cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /usr/local/squid/var/cache 10240 256 256
cache_mem 1024 MB
cache_store_log stdio:/usr/local/squid/var/logs/cachelog
cache_peer 192.168.2.106 parent 9743 0 no-query originserver name=httpsAccel ssl login=PROXYPASS
sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 9743 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
#https_port 9843 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
refresh_pattern .              0       20%     40320
cachemgr_passwd disable all
maximum_object_size 5120 MB
maximum_object_size_in_memory 16 MB
buffered_logs on
visible_hostname 192.168.2.7

you might want to enable the cache_store_log

Your answer


Register or to post your answer.