Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Setting up squid as reverse proxy server for RTC 4 / tomcat installation

I am trying to set up squid (version 3.1.8) as reverse proxy server for an RTC 4.0.1 installation based on Apache Tomcat Version 7.0.25.

I am currently using the following squid.conf:

## setup acceleration proxy
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /opt/tmp 64000 256 256
cache_mem 16384 MB
cache_store_log none
cache_peer <RTC-SERVER_URL> parent 9443 0 no-query originserver name=httpsAccel ssl login=PROXYPASS sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 3128 cert=/etc/squid/server.pem accel key=/etc/squid/privkey.pem vhost
refresh_pattern . 0 20% 4320
cachemgr_passwd disable all
maximum_object_size 1024 MB
maximum_object_size_in_memory 16 MB
buffered_logs on
visible_hostname <PROXY-SERVER-URL>

as described in the article https://jazz.net/library/article/325 but when I try to connect to the <PROXY-SERVER_URL>:3128 I finally get a time-out (after quite a long time). I have tried lots of variations of this squid.conf (used different ports both for the proxy as well as for the RTC-server, added a defaultsite for the https_port) without success.

When I use curl to connect to the proxy, even verbose-output does not give any hints what could be the cause of the hang:

[thferres@ferres4 ~]$ curl -k https://<PROXY-SERVER-URL>:3128/ccm/ -v
* About to connect() to <PROXY-SERVER-URL> port 3128 (#0)
*   Trying <PROXY-SERVER-IP>... connected
* Connected to <PROXY-SERVER-URL> (<PROXY-SERVER-IP>) port 3128 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* NSS error -5990
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

and the logs-files in /var/log/squid/ do not help either.

I am just able to use the squid reverse proxy for an apache2 based http-Server (via SSL) or a tomcat6-based server (via http only).

0 votes



One answer

Permanent link
I followed that example in https://jazz.net/library/article/325, and it worked perfectly.

here is my test squid.conf (installed on Ubuntu 12.04 64bit)

cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /usr/local/squid/var/cache 10240 256 256
cache_mem 1024 MB
cache_store_log stdio:/usr/local/squid/var/logs/cachelog
cache_peer 192.168.2.106 parent 9743 0 no-query originserver name=httpsAccel ssl login=PROXYPASS
sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 9743 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
#https_port 9843 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
refresh_pattern .              0       20%     40320
cachemgr_passwd disable all
maximum_object_size 5120 MB
maximum_object_size_in_memory 16 MB
buffered_logs on
visible_hostname 192.168.2.7

you might want to enable the cache_store_log

1 vote

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 2,353
× 26
× 8

Question asked: Feb 22 '13, 8:24 a.m.

Question was seen: 9,070 times

Last updated: Feb 22 '13, 11:53 p.m.

Confirmation Cancel Confirm