[squid-users] stale-if-error returning a 502

Robin Carlisle robin.carlisle at framestore.com
Thu Feb 1 17:03:38 UTC 2024 

Hi, I am having trouble with stale-if-error response.  I am making calls
using curl to an API (under my control) on Amazon AWS.  Config and details
below ...


# /etc/squid/squid.conf :

acl to_aws dstdomain .amazonaws.com

acl from_local src localhost

http_access allow to_aws

http_access allow from_local

cache allow all

cache_dir ufs /var/cache/squid 1024 16 256

http_port 3129 ssl-bump cert=/etc/squid/maul.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

sslcrtd_program /usr/lib/squid/security_file_certgen -s
/var/lib/squid/ssl_db -M 4MB

acl step1 at_step SslBump1

ssl_bump bump step1

ssl_bump bump all

sslproxy_cert_error deny all

cache_store_log stdio:/var/log/squid/store.log

logfile_rotate 0

shutdown_lifetime 3 seconds

# /usr/bin/proxy-test :

#!/bin/bash

curl --proxy http://localhost:3129 \

  --cacert /etc/squid/stuff.pem \

  -v "https://stuff.amazonaws.com/api/v1/stuff/stuff.json" \

  -H "Authorization: token MYTOKEN" \

  -H "Content-Type: application/json" \

  --output "/tmp/stuff.json"


Tests  ..........

At this point in time the network cable is unattached.  Squid returns the
cached object it got when the network was online earlier. The Age of this
object is just still under the max_age of 3600.     Previously I was using
offline_mode but I found that it did not try to revalidate from the origin
after the object expired (defined via max-age response).   My understanding
is that stale-if-error should work under my circumstances.

# /var/log/squid/access.log

1706799404.440      6 127.0.0.1 NONE_NONE/200 0 CONNECT
stuff.amazonaws.com:443 - HIER_NONE/- -

1706799404.440      0 127.0.0.1 TCP_MEM_HIT/200 20726 GET
https://stuff.amazonaws.com/stuff.json - HIER_NONE/- application/json

# extract from /usr/bin/proxy-test

< HTTP/1.1 200 OK

< Date: Thu, 01 Feb 2024 13:57:11 GMT

< Content-Type: application/json

< Content-Length: 20134

< x-amzn-RequestId: 3a2d3b26-df73-4b30-88cb-1a9268fa0df2

< Last-Modified: 2024-02-01T13:00:45.000Z

< Access-Control-Allow-Origin: *

< x-amz-apigw-id: SdZwpG7qiYcERUQ=

< Cache-Control: public, max-age=3600, stale-if-error=31536000

< ETag: "cec102b43372840737ab773c2e77858b"

< X-Amzn-Trace-Id: Root=1-65bba337-292be751134161b03555cdd6

< Age: 3573

< X-Cache: HIT from labs-maul-st-31

< X-Cache-Lookup: HIT from labs-maul-st-31:3129

< Via: 1.1 labs-maul-st-31 (squid/5.7)

< Connection: keep-alive



Below .. the curl script executes again.  The Age has gone over the max-age
so squid attempted to refresh from the origin.  The machine is still
offline so the refresh failed.   I expected that the stale-if-error
response would instruct squid to return the cached object as a 200.

# /var/log/squid/access.log

1706799434.464      5 127.0.0.1 NONE_NONE/200 0 CONNECT
stuff.amazonaws.com:443 - HIER_NONE/- -

1706799434.464      0 127.0.0.1 TCP_REFRESH_FAIL_ERR/502 4235 GET
https://stuff.amazonaws.com/stuff.json - HIER_NONE/- text/html

# extract from /usr/bin/proxy-test

< HTTP/1.1 502 Bad Gateway

< Server: squid/5.7

< Mime-Version: 1.0

< Date: Thu, 01 Feb 2024 14:57:14 GMT

< Content-Type: text/html;charset=utf-8

< Content-Length: 3853

< X-Squid-Error: ERR_READ_ERROR 0

< Vary: Accept-Language

< Content-Language: en

< X-Cache: MISS from labs-maul-st-31

< X-Cache-Lookup: HIT from labs-maul-st-31:3129

< Via: 1.1 labs-maul-st-31 (squid/5.7)

< Connection: close


Hope someone can help me with this.  All the best,

Robin Carlisle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240201/5e93b7bd/attachment-0001.htm>

More information about the squid-users mailing list