[squid-users] Sibling cache_peer inside docker containers
interwebbot
dasknkt+squid at gmail.com
Mon Apr 29 17:51:21 UTC 2019
Hi Amos,
I have updated the config files with the changes you suggested.
*cat /var/spool/squid-1.conf*
http_port 3128
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow localnet
http_access allow localhost
http_access deny all
coredump_dir /squid/var/cache/squid
icp_port 3130
cache_peer 172.17.0.3 sibling 3128 3130
prefer_direct off
icp_access allow all
icp_query_timeout 500
debug_options ALL,1 12,5 42,3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_store_log /var/log/squid/store.log
*cat /var/spool/squid-2.conf*
http_port 3128
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow localnet
http_access allow localhost
http_access deny all
coredump_dir /squid/var/cache/squid
icp_port 3130
cache_peer 172.17.0.2 sibling 3128 3130
prefer_direct off
icp_access allow all
icp_query_timeout 500
debug_options ALL,1 12,5 42,3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_store_log /var/log/squid/store.log
>> These squid instances are launched using the following commands
*docker stop squid-1*||true && docker run --name squid-1 --rm -d \
--publish 3131:3128 \
--hostname squid-1 \
--volume /var/spool/squid-1.conf:/etc/squid/squid.conf \
--volume /var/spool/squid-1:/var/spool/squid \
sameersbn/squid:3.5.27-1
*docker stop squid-2*||true && docker run --name squid-2 --rm -d \
--publish 3132:3128 \
--hostname squid-2 \
--volume /var/spool/squid-2.conf:/etc/squid/squid.conf \
--volume /var/spool/squid-2:/var/spool/squid \
sameersbn/squid:3.5.27-1
Localhost port *3131 is mapped to port 3128 of squid-1*
Localhost port *3132 is mapped to port 3128 of squid-2*
>> Checking the cache.log
docker exec -it *squid-1* sh -c 'cat /var/log/squid/*cache.log*'
2019/04/26 01:24:12| cannot change current directory to
/squid/var/cache/squid: (2) No such file or directory
2019/04/26 01:24:12| Current Directory is /
2019/04/26 01:24:12| Creating missing swap directories
2019/04/26 01:24:12| No cache_dir stores are configured.
2019/04/26 01:24:12| cannot change current directory to
/squid/var/cache/squid: (2) No such file or directory
2019/04/26 01:24:12| Current Directory is /
2019/04/26 01:24:12| Starting Squid Cache version 3.5.27 for
x86_64-pc-linux-gnu...
2019/04/26 01:24:12| Service Name: squid
2019/04/26 01:24:12| Process ID 1
2019/04/26 01:24:12| Process Roles: master worker
2019/04/26 01:24:12| With 1048576 file descriptors available
2019/04/26 01:24:12| Initializing IP Cache...
2019/04/26 01:24:12| DNS Socket created at [::], FD 8
2019/04/26 01:24:12| DNS Socket created at 0.0.0.0, FD 9
2019/04/26 01:24:12| Adding domain minimal from /etc/resolv.conf
2019/04/26 01:24:12| Adding nameserver 10.0.100.10 from /etc/resolv.conf
2019/04/26 01:24:12| Adding nameserver 10.0.100.11 from /etc/resolv.conf
2019/04/26 01:24:12| Logfile: opening log daemon:/var/log/squid/access.log
2019/04/26 01:24:12| Logfile Daemon: opening log /var/log/squid/access.log
2019/04/26 01:24:12| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2019/04/26 01:24:12| Logfile: opening log /var/log/squid/store.log
2019/04/26 01:24:12| WARNING: log name now starts with a module name. Use
'stdio:/var/log/squid/store.log'
2019/04/26 01:24:12| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2019/04/26 01:24:12| Target number of buckets: 1008
2019/04/26 01:24:12| Using 8192 Store buckets
2019/04/26 01:24:12| Max Mem size: 262144 KB
2019/04/26 01:24:12| Max Swap size: 0 KB
2019/04/26 01:24:12| Using Least Load store dir selection
2019/04/26 01:24:12| cannot change current directory to
/squid/var/cache/squid: (2) No such file or directory
2019/04/26 01:24:12| Current Directory is /
2019/04/26 01:24:12| Finished loading MIME types and icons.
2019/04/26 01:24:12.888| 12,2| AsyncCall.cc(26) AsyncCall: The AsyncCall
icpIncomingConnectionOpened constructed, this=0x55cb205b6bc0 [call4]
2019/04/26 01:24:12.889| 12,2| AsyncCall.cc(93) ScheduleCall:
StartListening.cc(59) will call icpIncomingConnectionOpened(local=[::]:3130
remote=[::] FD 14 flags=9, err=0) [call4]
2019/04/26 01:24:12.889| HTCP Disabled.
2019/04/26 01:24:12.889| Pinger socket opened on FD 16
2019/04/26 01:24:12.889| *Configuring Sibling 172.17.0.3/3128/3130*
2019/04/26 01:24:12.889| Squid plugin modules loaded: 0
2019/04/26 01:24:12.889| Adaptation support is off.
2019/04/26 01:24:12.889| Accepting HTTP Socket connections at
local=[::]:3128 remote=[::] FD 13 flags=9
2019/04/26 01:24:12.896| 12,2| AsyncCallQueue.cc(55) fireNext: entering
icpIncomingConnectionOpened(local=[::]:3130 remote=[::] FD 14 flags=9,
err=0)
2019/04/26 01:24:12.896| 12,2| AsyncCall.cc(38) make: make call
icpIncomingConnectionOpened [call4]
2019/04/26 01:24:12.896| *Accepting ICP messages on [::]:3130*
2019/04/26 01:24:12.896| *Sending ICP messages from [::]:3130*
2019/04/26 01:24:12.896| 12,2| AsyncCallQueue.cc(57) fireNext: leaving
icpIncomingConnectionOpened(local=[::]:3130 remote=[::] FD 14 flags=9,
err=0)
2019/04/26 01:24:12| pinger: Initialising ICMP pinger ...
2019/04/26 01:24:12| pinger: ICMP socket opened.
2019/04/26 01:24:12| pinger: ICMPv6 socket opened
2019/04/26 01:24:12.910| 42,2| IcmpPinger.cc(189) Recv: Pass [::1] off to
ICMPv6 module.
2019/04/26 01:24:12.910| 42,2| Icmp.cc(95) Log: pingerLog: 1556241852.910257
[::1] 0
2019/04/26 01:24:12.910| 42,2| IcmpPinger.cc(198) Recv: Pass 127.0.0.1 off
to ICMPv4 module.
2019/04/26 01:24:12.910| 42,2| Icmp.cc(95) Log: pingerLog: 1556241852.910324
127.0.0.1 32
2019/04/26 01:24:12.910| 42,2| Icmp.cc(95) Log: pingerLog: 1556241852.910379
[::1] 129 Echo Reply 0ms 1 hops
2019/04/26 01:24:12.910| 42,2| IcmpPinger.cc(211) SendResult: return result
to squid. len=76
2019/04/26 01:24:12.910| 42,2| IcmpPinger.cc(211) SendResult: return result
to squid. len=7990
2019/04/26 01:24:12.910| 42,2| Icmp.cc(95) Log: pingerLog: 1556241852.910412
127.0.0.1 0 Echo Reply 0ms 1 hops
2019/04/26 01:24:13| storeLateRelease: released 0 objects
2019/04/26 01:24:32.917| 42,2| IcmpPinger.cc(198) Recv: Pass 172.17.0.3 off
to ICMPv4 module.
2019/04/26 01:24:32.917| 42,2| Icmp.cc(95) Log: pingerLog: 1556241872.917292
172.17.0.3 32
2019/04/26 01:24:32.917| 42,2| IcmpPinger.cc(211) SendResult: return result
to squid. len=7991
2019/04/26 01:24:32.917| 42,2| Icmp.cc(95) Log: pingerLog: 1556241872.917510
172.17.0.3 0 Echo Reply 0ms 1 hops
docker exec -it *squid-2* sh -c 'cat /var/log/squid/*cache.log*'
2019/04/26 01:24:25| cannot change current directory to
/squid/var/cache/squid: (2) No such file or directory
2019/04/26 01:24:25| Current Directory is /
2019/04/26 01:24:25| Creating missing swap directories
2019/04/26 01:24:25| No cache_dir stores are configured.
2019/04/26 01:24:25| cannot change current directory to
/squid/var/cache/squid: (2) No such file or directory
2019/04/26 01:24:25| Current Directory is /
2019/04/26 01:24:25| Starting Squid Cache version 3.5.27 for
x86_64-pc-linux-gnu...
2019/04/26 01:24:25| Service Name: squid
2019/04/26 01:24:25| Process ID 1
2019/04/26 01:24:25| Process Roles: master worker
2019/04/26 01:24:25| With 1048576 file descriptors available
2019/04/26 01:24:25| Initializing IP Cache...
2019/04/26 01:24:25| DNS Socket created at [::], FD 8
2019/04/26 01:24:25| DNS Socket created at 0.0.0.0, FD 9
2019/04/26 01:24:25| Adding domain minimal from /etc/resolv.conf
2019/04/26 01:24:25| Adding nameserver 10.0.100.10 from /etc/resolv.conf
2019/04/26 01:24:25| Adding nameserver 10.0.100.11 from /etc/resolv.conf
2019/04/26 01:24:25| Logfile: opening log daemon:/var/log/squid/access.log
2019/04/26 01:24:25| Logfile Daemon: opening log /var/log/squid/access.log
2019/04/26 01:24:25| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2019/04/26 01:24:25| Logfile: opening log /var/log/squid/store.log
2019/04/26 01:24:25| WARNING: log name now starts with a module name. Use
'stdio:/var/log/squid/store.log'
2019/04/26 01:24:25| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2019/04/26 01:24:25| Target number of buckets: 1008
2019/04/26 01:24:25| Using 8192 Store buckets
2019/04/26 01:24:25| Max Mem size: 262144 KB
2019/04/26 01:24:25| Max Swap size: 0 KB
2019/04/26 01:24:25| Using Least Load store dir selection
2019/04/26 01:24:25| cannot change current directory to
/squid/var/cache/squid: (2) No such file or directory
2019/04/26 01:24:25| Current Directory is /
2019/04/26 01:24:25| Finished loading MIME types and icons.
2019/04/26 01:24:25.668| 12,2| AsyncCall.cc(26) AsyncCall: The AsyncCall
icpIncomingConnectionOpened constructed, this=0x5620f1da8bc0 [call4]
2019/04/26 01:24:25.669| 12,2| AsyncCall.cc(93) ScheduleCall:
StartListening.cc(59) will call icpIncomingConnectionOpened(local=[::]:3130
remote=[::] FD 14 flags=9, err=0) [call4]
2019/04/26 01:24:25.669| HTCP Disabled.
2019/04/26 01:24:25.669| Pinger socket opened on FD 16
2019/04/26 01:24:25.669| *Configuring Sibling 172.17.0.2/3128/3130*
2019/04/26 01:24:25.669| Squid plugin modules loaded: 0
2019/04/26 01:24:25.669| Adaptation support is off.
2019/04/26 01:24:25.669| Accepting HTTP Socket connections at
local=[::]:3128 remote=[::] FD 13 flags=9
2019/04/26 01:24:25.685| 12,2| AsyncCallQueue.cc(55) fireNext: entering
icpIncomingConnectionOpened(local=[::]:3130 remote=[::] FD 14 flags=9,
err=0)
2019/04/26 01:24:25.685| 12,2| AsyncCall.cc(38) make: make call
icpIncomingConnectionOpened [call4]
2019/04/26 01:24:25.685| *Accepting ICP messages on [::]:3130*
2019/04/26 01:24:25.685| *Sending ICP messages from [::]:3130*
2019/04/26 01:24:25.685| 12,2| AsyncCallQueue.cc(57) fireNext: leaving
icpIncomingConnectionOpened(local=[::]:3130 remote=[::] FD 14 flags=9,
err=0)
2019/04/26 01:24:25| pinger: Initialising ICMP pinger ...
2019/04/26 01:24:25| pinger: ICMP socket opened.
2019/04/26 01:24:25| pinger: ICMPv6 socket opened
2019/04/26 01:24:25.699| 42,2| IcmpPinger.cc(189) Recv: Pass [::1] off to
ICMPv6 module.
2019/04/26 01:24:25.699| 42,2| Icmp.cc(95) Log: pingerLog: 1556241865.699446
[::1] 0
2019/04/26 01:24:25.699| 42,2| IcmpPinger.cc(198) Recv: Pass 127.0.0.1 off
to ICMPv4 module.
2019/04/26 01:24:25.699| 42,2| Icmp.cc(95) Log: pingerLog: 1556241865.699521
127.0.0.1 32
2019/04/26 01:24:25.699| 42,2| Icmp.cc(95) Log: pingerLog: 1556241865.699575
[::1] 129 Echo Reply 0ms 1 hops
2019/04/26 01:24:25.699| 42,2| IcmpPinger.cc(211) SendResult: return result
to squid. len=76
2019/04/26 01:24:25.699| 42,2| IcmpPinger.cc(211) SendResult: return result
to squid. len=7990
2019/04/26 01:24:25.699| 42,2| Icmp.cc(95) Log: pingerLog: 1556241865.699612
127.0.0.1 0 Echo Reply 0ms 1 hops
2019/04/26 01:24:26| storeLateRelease: released 0 objects
2019/04/26 01:24:45.705| 42,2| IcmpPinger.cc(198) Recv: Pass 172.17.0.2 off
to ICMPv4 module.
2019/04/26 01:24:45.705| 42,2| Icmp.cc(95) Log: pingerLog: 1556241885.705744
172.17.0.2 32
2019/04/26 01:24:45.705| 42,2| IcmpPinger.cc(211) SendResult: return result
to squid. len=7991
2019/04/26 01:24:45.705| 42,2| Icmp.cc(95) Log: pingerLog: 1556241885.705878
172.17.0.2 0 Echo Reply 0ms 1 hops
>> Testing with the curl requests
curl -vvv -I -x http://127.0.0.1:3131 -L http://example.com
* About to connect() to proxy 127.0.0.1 port 3131 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3131 (#0)
> HEAD http://example.com/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: example.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Encoding: gzip
Content-Encoding: gzip
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Cache-Control: max-age=604800
Cache-Control: max-age=604800
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Date: Fri, 26 Apr 2019 18:06:45 GMT
Date: Fri, 26 Apr 2019 18:06:45 GMT
< ETag: "1541025663+ident"
ETag: "1541025663+ident"
< Expires: Fri, 03 May 2019 18:06:45 GMT
Expires: Fri, 03 May 2019 18:06:45 GMT
< Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
< Server: ECS (sjc/4E46)
Server: ECS (sjc/4E46)
< X-Cache: HIT
X-Cache: HIT
< Content-Length: 606
Content-Length: 606
< X-Cache: MISS from squid-1
X-Cache: MISS from squid-1
< X-Cache-Lookup: *MISS from squid-1:3128*
X-Cache-Lookup: *MISS from squid-1:3128*
< Via: 1.1 squid-1 (squid/3.5.27)
Via: 1.1 squid-1 (squid/3.5.27)
< Connection: keep-alive
Connection: keep-alive
curl -vvv -I -x http://127.0.0.1:3131 -L http://example.com
* About to connect() to proxy 127.0.0.1 port 3131 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3131 (#0)
> HEAD http://example.com/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: example.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Encoding: gzip
Content-Encoding: gzip
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Cache-Control: max-age=604800
Cache-Control: max-age=604800
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Date: Fri, 26 Apr 2019 18:06:45 GMT
Date: Fri, 26 Apr 2019 18:06:45 GMT
< ETag: "1541025663+ident"
ETag: "1541025663+ident"
< Expires: Fri, 03 May 2019 18:06:45 GMT
Expires: Fri, 03 May 2019 18:06:45 GMT
< Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
< Server: ECS (sjc/4E46)
Server: ECS (sjc/4E46)
< X-Cache: HIT
X-Cache: HIT
< Content-Length: 606
Content-Length: 606
< Age: 2
Age: 2
< X-Cache: HIT from squid-1
X-Cache: HIT from squid-1
< X-Cache-Lookup: *HIT from squid-1:3128*
X-Cache-Lookup: *HIT from squid-1:3128*
< Via: 1.1 squid-1 (squid/3.5.27)
Via: 1.1 squid-1 (squid/3.5.27)
< Connection: keep-alive
Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
curl -vvv -I -x http://127.0.0.1:3132 -L http://example.com
* About to connect() to proxy 127.0.0.1 port 3132 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3132 (#0)
> HEAD http://example.com/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: example.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Encoding: gzip
Content-Encoding: gzip
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Cache-Control: max-age=604800
Cache-Control: max-age=604800
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Date: Fri, 26 Apr 2019 18:09:06 GMT
Date: Fri, 26 Apr 2019 18:09:06 GMT
< ETag: "1541025663"
ETag: "1541025663"
< Expires: Fri, 03 May 2019 18:09:06 GMT
Expires: Fri, 03 May 2019 18:09:06 GMT
< Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
< Server: ECS (sjc/4E45)
Server: ECS (sjc/4E45)
< X-Cache: HIT
X-Cache: HIT
< Content-Length: 606
Content-Length: 606
< X-Cache: MISS from squid-2
X-Cache: MISS from squid-2
< X-Cache-Lookup: *MISS from squid-2:3128*
X-Cache-Lookup: *MISS from squid-2:3128*
< Via: 1.1 squid-2 (squid/3.5.27)
Via: 1.1 squid-2 (squid/3.5.27)
< Connection: keep-alive
Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
>> I am expecting the third curl request should result in sibling hit. If
>> that's not possible, kindly advise an alternative way to verify peer
>> caching.
Thanks
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list