[squid-users] Caching HTTPS with a parent squid
Mauricio Garavaglia
mauriciogaravaglia at gmail.com
Thu Dec 28 20:42:51 UTC 2017
Thanks for the reply!
I'm not sure I'm following. Are you suggesting to remove cache_peer in the
child, use qos_flows to mark the cache miss traffic, and then configure
routing policies to direct that to the parent squid?
Anything I could read to get more info about that approach?
On Thu, Dec 28, 2017 at 12:44 AM, Amos Jeffries <squid3 at treenet.co.nz>
wrote:
> On 2017-12-28 07:53, Mauricio Garavaglia wrote:
>
>> Hello! I have a squid 3.5 caching HTTPS doing BumpSSL, everything
>> works ok butI need to add another one as a parent (bigger storage and
>> but different SLA...) of the first one, while still allowing it to go
>> direct if the parent is not available.
>>
>> [Client]---->[Squid 1]----->[Squid 2]---->[Origin Server]
>>
>> To proper cache both, I would need to bump, but that's not available
>> per
>> https://github.com/squid-cache/squid/blob/v3.5/src/FwdState.cc#L813
>>
>> What would be the correct way to accomplish that? Tried making the
>> first one to just peek but I still want to allow to cache the
>> responses and not just bypass the connection.
>>
>
>
> The way to do this is to use MARK or TOS to label the child proxy outgoing
> traffic so routing can send it to the parent proxy where it gets re-bumped.
> Both proxies otherwise operate as stand-alone interceptors.
>
> DO NOT use cache_peer originserver connections between them - while this
> can appear to work for some traffic it removes TLS properties needed by
> many modern clients.
>
> Amos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171228/cd6b5af4/attachment.html>
More information about the squid-users
mailing list