Setting up squid as reverse proxy server for RTC 4 / tomcat installation
I am trying to set up squid (version 3.1.8) as reverse proxy server for an RTC 4.0.1 installation based on Apache Tomcat Version 7.0.25.
I am currently using the following squid.conf:
## setup acceleration proxy
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /opt/tmp 64000 256 256
cache_mem 16384 MB
cache_store_log none
cache_peer <RTC-SERVER_URL> parent 9443 0 no-query originserver name=httpsAccel ssl login=PROXYPASS sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 3128 cert=/etc/squid/server.pem accel key=/etc/squid/privkey.pem vhost
refresh_pattern . 0 20% 4320
cachemgr_passwd disable all
maximum_object_size 1024 MB
maximum_object_size_in_memory 16 MB
buffered_logs on
visible_hostname <PROXY-SERVER-URL>
as described in the article https://jazz.net/library/article/325 but when I try to connect to the <PROXY-SERVER_URL>:3128 I finally get a time-out (after quite a long time). I have tried lots of variations of this squid.conf (used different ports both for the proxy as well as for the RTC-server, added a defaultsite for the https_port) without success.
When I use curl to connect to the proxy, even verbose-output does not give any hints what could be the cause of the hang:
[thferres@ferres4 ~]$ curl -k https://<PROXY-SERVER-URL>:3128/ccm/ -v
* About to connect() to <PROXY-SERVER-URL> port 3128 (#0)
* Trying <PROXY-SERVER-IP>... connected
* Connected to <PROXY-SERVER-URL> (<PROXY-SERVER-IP>) port 3128 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* NSS error -5990
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error
and the logs-files in /var/log/squid/ do not help either.
I am just able to use the squid reverse proxy for an apache2 based http-Server (via SSL) or a tomcat6-based server (via http only).
I am currently using the following squid.conf:
## setup acceleration proxy
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /opt/tmp 64000 256 256
cache_mem 16384 MB
cache_store_log none
cache_peer <RTC-SERVER_URL> parent 9443 0 no-query originserver name=httpsAccel ssl login=PROXYPASS sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 3128 cert=/etc/squid/server.pem accel key=/etc/squid/privkey.pem vhost
refresh_pattern . 0 20% 4320
cachemgr_passwd disable all
maximum_object_size 1024 MB
maximum_object_size_in_memory 16 MB
buffered_logs on
visible_hostname <PROXY-SERVER-URL>
as described in the article https://jazz.net/library/article/325 but when I try to connect to the <PROXY-SERVER_URL>:3128 I finally get a time-out (after quite a long time). I have tried lots of variations of this squid.conf (used different ports both for the proxy as well as for the RTC-server, added a defaultsite for the https_port) without success.
When I use curl to connect to the proxy, even verbose-output does not give any hints what could be the cause of the hang:
[thferres@ferres4 ~]$ curl -k https://<PROXY-SERVER-URL>:3128/ccm/ -v
* About to connect() to <PROXY-SERVER-URL> port 3128 (#0)
* Trying <PROXY-SERVER-IP>... connected
* Connected to <PROXY-SERVER-URL> (<PROXY-SERVER-IP>) port 3128 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* NSS error -5990
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error
and the logs-files in /var/log/squid/ do not help either.
I am just able to use the squid reverse proxy for an apache2 based http-Server (via SSL) or a tomcat6-based server (via http only).
One answer
I followed that example in https://jazz.net/library/article/325, and it worked perfectly.
here is my test squid.conf (installed on Ubuntu 12.04 64bit)
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /usr/local/squid/var/cache 10240 256 256
cache_mem 1024 MB
cache_store_log stdio:/usr/local/squid/var/logs/cachelog
cache_peer 192.168.2.106 parent 9743 0 no-query originserver name=httpsAccel ssl login=PROXYPASS
sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 9743 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
#https_port 9843 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
refresh_pattern . 0 20% 40320
cachemgr_passwd disable all
maximum_object_size 5120 MB
maximum_object_size_in_memory 16 MB
buffered_logs on
visible_hostname 192.168.2.7
you might want to enable the cache_store_log
here is my test squid.conf (installed on Ubuntu 12.04 64bit)
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /usr/local/squid/var/cache 10240 256 256
cache_mem 1024 MB
cache_store_log stdio:/usr/local/squid/var/logs/cachelog
cache_peer 192.168.2.106 parent 9743 0 no-query originserver name=httpsAccel ssl login=PROXYPASS
sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 9743 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
#https_port 9843 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
refresh_pattern . 0 20% 40320
cachemgr_passwd disable all
maximum_object_size 5120 MB
maximum_object_size_in_memory 16 MB
buffered_logs on
visible_hostname 192.168.2.7
you might want to enable the cache_store_log