[squid-users] High-Availability in Squid

Ashish Mukherjee ashish.mukherjee at gmail.com
Mon Aug 31 06:23:58 UTC 2015


Agree that Squid is a specialized proxy and more optimal architecture for
the purpose and trying to achieve HA on the Browser side is certainly a bad

Talking specifically of a reverse proxy scenario, whether one uses Squid or
Apache mod_proxy or something else may well depend upon what other features
are needed and the traffic volumes. In many reverse proxy environments
where more complex control is needed, mod_proxy seems to be often used with
modules like mod_rewrite. My understanding of Squid is that it does great
as a proxy but does not provide these features, as that is not its
purpose.  Does Squid have its own production level extensions for some
scenarios which may be typically addressed by Apache modules?


- Ashish

On Sun, Aug 30, 2015 at 8:02 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 30/08/2015 3:58 p.m., Ashish Mukherjee wrote:
> > Why should Squid take care of HA though? Isn't it the responsibility of
> the
> > Website to ensure its uptime? Even if used as a reverse proxy, Apache may
> > do a better job at this, since one can do more sophisticated
> configurations
> > with mod_proxy.
> The hint is in the name of that module: mod_*proxy*.
> HA is an outcome of using any one or more of several _proxy features_.
> Squid is a proxy. The purpose of mod_proxy is to hack/squash/ proxy
> gateway capabilities (ie Squid functionality) into a piece of origin
> server software (Apache).
> Would you expect a dedicated/designed piece of proxy software or an
> 'other' software design with add-on tacked into it to actually be better
> at the proxying functionality?
> Sure you can use the other softwares add-on *if* it performs the
> function correctly and sufficiently for your needs. But that does not
> make it the function any less a proxy mechanism.
> On the other end Browsers also have HA functionality they call "Happy
> Eyeballs". Varuous downloaders and app update serices try to do IP-based
> filovers and recovery. And it call causes no end of trouble to the real
> proxies in the middle just doing their job properly.
> Amos
> >
> > On Sun, Aug 30, 2015 at 3:56 AM, Kinkie wrote:
> >
> >> Hi,
> >>   please see http://wiki.squid-cache.org/Features/MonitorUrl.
> >> It's available in squid 2.6 , and is one of the last few features who
> >> haven't yet made it to Squid 3.X. If anyone is interested, code and
> >> sponsorships are always welcome :)
> >>
> >> On Thu, Aug 27, 2015 at 12:10 PM, Imaginovskiy wrote:
> >>
> >>> Hi all,
> >>>
> >>> Bit of a strange one but I'm wondering if it's possible to have squid
> >>> redirect a site to a secondary backend server if the primary is down.
> Yes it is. This is one of the core functionalities of proxying and so
> well integrated there is *no* special configuration needed. In fact you
> have to explicitly configure alternative if you want to avoid it.
> >>> Have
> >>> been looking into this but haven't seen much similar to this.
> Currently I
> >>> have my setup along the lines of this;
> >>>
> >>> Client -> Squid -> Backend1
> >>>
> >>> but in the event that Backend1 is down, the following should be done;
> >>>
> >>> Client -> Squid -> Backend2
> >>>
> >>> Is squid capable of monitoring connections to peer or redirecting
> based on
> >>> an ACL looking for some HTTP error code?
> I would almost bet you already have it setup in your squid.conf:
>  cache_peer Backend1.example.com ...
>  cache_peer Backend2.example.com ...
> Backend2 will be used only if Backend1 is detected as unavailable, or
> starts getting overloaded/slow (yes the HA includes latency optimization
> too), or starts returning some retriable status responses (most common
> is 502).
> Yes, simply the line order itself. Everything else is just tuning of the
> HA parameters.
> To prevent flapping there is a default of 10 requests that need to have
> failed (in a row) before the 'dead' detection kicks in to send 100% to
> Backend2. Those 10 will make TCP connect attempts to Backend1 before
> retrying with Backend2 (if enough time remains in the forward_timeout).
> That is configurable, see cache_peer documentation for timeouts and
> failure options. background-ping may also be of interest to you.
> You can improve further by using DNS-based HA availability. Pointing
> each Backend1 and Backend2 domain names at multiple IPs. But be wary of
> those Browsers and their (overly) "Happy eyeballs".
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150831/818b0c6c/attachment.html>

More information about the squid-users mailing list