[squid-users] The system returned: (111) Connection refused;

Amos Jeffries squid3 at treenet.co.nz
Fri May 27 12:13:33 UTC 2016 

On 27/05/2016 8:55 p.m., deepa ganu wrote:
> Hi
> I am using squid as a reverse.
> 
> #http_port  80 accel defaultsite=202.53.13.19
> https_port 443 accel  cert=/var/www/html/webrtc/imp/teleuniv.net.crt
> key=/var/www/html/webrtc/imp/teleuniv.net.key
> cafile=/var/www/html/webrtc/imp/intermediate.crt defaultsite=202.53.13.19
> no-vhost
> 
> 
> #this ACL is url path specific which accepts only portal urls and deny
> others.
> acl portal urlpath_regex ^/portal6may
> cache_peer 172.20.36.144 parent 80 0 no-query originserver name=portalserver
> cache_peer_access portalserver allow portal
> cache_peer_access portalserver deny all
> http_access allow portal
> 
> 
> cache_peer 172.20.36.150 parent 443 0 no-query originserver ssl
> sslflags=DONT_VERIFY_PEER login=PASS connection-auth=off name=teleuniv
> acl our_sites dstdomain 202.53.13.19
> http_access allow our_sites
> cache_peer_access teleuniv allow our_sites
> cache_peer_access teleuniv deny all
> 
> SO when i try to access the url https://202.53.13.19/ I get the following
> error
> "The following error was encountered while trying to retrieve the URL: The
> system returned: (111) Connection refused; The remote host or network may
> be down. Please try the request again."
> 
> It only gives for 172.20.36.144 not for the urlpath acl.

You have configured Squid to:

 1) "no-vhost" - ignore the Host header the client sent indicating what
domain name it was contacting.

 2) defaultsite=202.53.13.19 - use "202.53.13.19" as the domain *name*
for all requests received through that https_port.

Why would you expect to see anything other than https://202.53.13.19 in
the URL when you have configured those?


> But this happens
> only sometimes. When I physically go to that server (172.20.36.150) and
> click on the wired connection (one of the LAN options using linux). It
> works again. I am very confused

Your use of "physically" seems to be incorrect. You walked up to the
machine hardware and did what ?

"Clicking" seems to be that you logged in (not physically) and changed
something which affected how Squid was able to connect to it.


All traffic with the domain name "202.53.13.19" and not the path
"/portal6may" gets sent to the second cache_peer (172.20.36.150).

So what do you expect to happen when the server 172.20.36.150 receives a
request with Host: header domain name set to "202.53.13.19"  ?


It seems like the servers connectivity is a bit flakey and getting
disconnected occasionally. But the wrong Squid configuration could be
hiding some other issue.

Amos

More information about the squid-users mailing list