[squid-users] No failover when default parent proxy fails (Squid 3.5.12)

Jens Offenbach wolle5050 at gmx.de
Wed Mar 15 06:06:53 UTC 2017


Hi,
I have two parent proxies configured, but Squid seems to stick to the default proxy even when the proxy cannot be reached:
2017/03/15 06:40:13 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:13 kid1| Detected DEAD Parent: proxy.mycompany.de
2017/03/15 06:40:13 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:13 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:13 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:13 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:13 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:13 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:43 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:43 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:43 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:43 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:43 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:43 kid1| TCP connection to proxy.mycompany.de/8080 failed
2017/03/15 06:40:43 kid1| TCP connection to proxy.mycompany.de/8080 failed

No failover takes place... I must miss someting in my config. Can someone please help me. I am on Ubuntu 16.04.2:
$ squid -v
Squid Cache: Version 3.5.12
Service Name: squid
Ubuntu linux
configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info=Ubuntu linux' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'

This is my squid.conf
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
  # OpenStack Networks
  acl localnet src 10.116.0.0/20
  acl localnet src 10.30.200.0/21
  acl localnet src 10.30.216.0/22

  # mycompany Networks
  acl to_matnet dst 139.2.0.0/16
  acl to_matnet dst 193.96.112.0/21
  acl to_matnet dst 192.109.216.0/24
  acl to_matnet dst 100.1.4.0/22
  acl to_matnet dst 10.0.0.0/8
  acl to_matnet dst 172.16.0.0/12
  acl to_matnet dst 192.168.0.0/16

  # SSL-Ports
  acl SSL_ports port 443 # https
  acl SSL_ports port 563 # snews
  acl SSL_ports port 873 # rsync

  # Safe-Ports
  acl Safe_ports port 80  # http
  acl Safe_ports port 21  # ftp
  acl Safe_ports port 443 # https
  acl Safe_ports port 70  # gopher
  acl Safe_ports port 210 # wais
  acl Safe_ports port 1025-65535 # unregistered ports
  acl Safe_ports port 280 # http-mgmt
  acl Safe_ports port 488 # gss-http
  acl Safe_ports port 591 # filemaker
  acl Safe_ports port 777 # multiling http
  acl Safe_ports port 631 # cups
  acl Safe_ports port 873 # rsync
  acl Safe_ports port 901 # SWAT

  # HTTPS
  acl CONNECT method CONNECT

  http_access deny  !Safe_ports
  http_access deny  CONNECT !SSL_ports
  http_access allow manager localhost
  http_access deny  manager
  http_access allow localnet
  http_access allow localhost
  http_access deny all

# NETWORK OPTIONS
# -----------------------------------------------------------------------------
  http_port 10.30.202.99:3128

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
  cache_peer proxy.mycompany.de parent 8080 0 no-query no-digest default
  cache_peer  roxy.mycompany.de parent 8080 0 no-query no-digest

# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------
  maximum_object_size_in_memory 8 MB
  memory_replacement_policy heap LFUDA
  cache_mem 256 MB

# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
  maximum_object_size 10 GB
  cache_replacement_policy heap GDSF
  cache_dir ufs /var/cache/squid 88894 16 256 max-size=10737418240

# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
  access_log daemon:/var/log/squid/access.log squid

# OPTIONS FOR TROUBLESHOOTING
# -----------------------------------------------------------------------------
  cache_log /var/log/squid/cache.log
  coredump_dir /var/log/squid

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
  max_stale 6 days
  shutdown_lifetime 5 seconds

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
  visible_hostname mos-proxy.mycompany.com

# OPTIONS INFLUENCING REQUEST FORWARDING 
# -----------------------------------------------------------------------------
  always_direct allow to_matnet
  never_direct  allow all

# DNS OPTIONS
# -----------------------------------------------------------------------------
  dns_nameservers 139.2.34.171
  dns_nameservers 139.2.34.37

# MISCELLANEOUS
# -----------------------------------------------------------------------------
  memory_pools off


More information about the squid-users mailing list