<div dir="ltr">In our network we are behind a proxy that I don't have access to. In order to speed up deployments and development I am trying to set up a caching squid proxy for yum and maven repositories.<br>Naturally, this proxy needs to be configured to use our company's global proxy as parent.<br><br>I have successfully set it up to the point where it works when e.g. downloading files using wget. However when using it with an actual maven build, the build hangs when trying to download pom or jar files.<div><br>After having increased the log level I found out that my squid does not use the parent proxy in such cases, and tries to connect to the internet which is not possible since we can only connect through the global proxy.</div><div>A closer look at the logs revealed that maven issued HEAD instead of GET requests in my case. I could hence reproduce the problem without maven using this command line:<br><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">curl -I <a href="http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom">http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom</a></blockquote><br>In this example we would normally get a 404 (maven tries out a configured list of servers to find a particular resource), however the same problem applies with existing resources.<div><br></div><div>To me it seems like my squid does not understand it needs to use the global proxy for HEAD requests as well as for GET. But I could not find any reference to this particular problem anywhere in the web.</div><div><br></div><div>I've appended all information that seems relevant below. Now I would really like to know: what am I doing wrong? </div><div><br></div><div>Cheers,</div><div><br></div><div>Martin</div><div><br></div><div><u><b>Appendix: system information, log messages and configuration.</b></u></div><div><br></div><div>I am using squid 3.1.23 on an Oracle Linux 6.7 system (an RHEL6 variant). I have reproduced the same problem on an Oracle Linux 7.1 system with squid 3.5.3 with basically the same configuration.</div><div><br>Here's a snippet of what I find in the log after such an unsuccessful request:<br><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">2015/09/15 12:29:06.364| peerSelectFoo: 'HEAD <a href="http://repo.springsource.org">repo.springsource.org</a>'<br>2015/09/15 12:29:06.364| peerSelectFoo: direct = DIRECT_MAYBE<br>2015/09/15 12:29:06.364| peerSelectIcpPing: <a href="http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom">http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom</a><br>2015/09/15 12:29:06.364| peerAddFwdServer: adding DIRECT DIRECT<br>2015/09/15 12:29:06.364| peerSelectCallback: <a href="http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom">http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom</a><br>2015/09/15 12:29:06.364| cbdataReferenceValid: 0x7fa2dbf5f3c8<br>2015/09/15 12:29:06.364| cbdataUnlock: 0x7fa2dbf5f3c8=1<br>2015/09/15 12:29:06.364| fwdStartComplete: <a href="http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom">http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom</a><br>2015/09/15 12:29:06.364| fwdConnectStart: <a href="http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom">http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom</a><br>2015/09/15 12:29:06.364| PconnPool::key(<a href="http://repo.springsource.org">repo.springsource.org</a>,80,(no domain),[::]is {<a href="http://repo.springsource.org:80">repo.springsource.org:80</a>}</blockquote><br>In contrast, when I issue the above command without '-I', I get a different log output:<br><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">2015/09/15 12:32:54.348| peerSelectFoo: 'GET <a href="http://repo.springsource.org">repo.springsource.org</a>'<br>2015/09/15 12:32:54.348| peerSelectFoo: direct = DIRECT_MAYBE<br>2015/09/15 12:32:54.348| peerDigestLookup: peer proxy.local.lan<br>2015/09/15 12:32:54.348| peerDigestLookup: gone!<br>2015/09/15 12:32:54.348| neighborsDigestSelect: choices: 0 (0)<br>2015/09/15 12:32:54.348| peerNoteDigestLookup: peer <none>, lookup: LOOKUP_NONE<br>2015/09/15 12:32:54.348| peerSelectIcpPing: <a href="http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom">http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom</a><br>2015/09/15 12:32:54.348| neighborsCount: 0<br>2015/09/15 12:32:54.348| peerSelectIcpPing: counted 0 neighbors<br>2015/09/15 12:32:54.348| peerGetSomeParent: GET <a href="http://repo.springsource.org">repo.springsource.org</a><br>2015/09/15 12:32:54.348| neighbors.cc(339) getRoundRobinParent: returning NULL<br>2015/09/15 12:32:54.348| getWeightedRoundRobinParent: returning NULL<br>2015/09/15 12:32:54.348| neighborUp: UP (no-query): proxy.local.lan (<a href="http://172.16.8.250:3130">172.16.8.250:3130</a>)<br>2015/09/15 12:32:54.348| neighborUp: UP (no-query): proxy.local.lan (<a href="http://172.16.8.250:3130">172.16.8.250:3130</a>)<br>2015/09/15 12:32:54.348| getFirstUpParent: returning proxy.local.lan<br>2015/09/15 12:32:54.348| peerSelect: FIRST_UP_PARENT/proxy.local.lan<br>2015/09/15 12:32:54.348| peerAddFwdServer: adding proxy.local.lan FIRST_UP_PARENT<br>2015/09/15 12:32:54.348| cbdataLock: 0x7fa2dbca0d58=1<br>2015/09/15 12:32:54.348| peerAddFwdServer: adding DIRECT DIRECT<br>2015/09/15 12:32:54.348| peerSelectCallback: <a href="http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom">http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom</a><br>2015/09/15 12:32:54.348| cbdataReferenceValid: 0x7fa2dbf5f3c8<br>2015/09/15 12:32:54.348| cbdataUnlock: 0x7fa2dbf5f3c8=1<br>2015/09/15 12:32:54.348| fwdStartComplete: <a href="http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom">http://repo.springsource.org/snapshot/org/springframework/boot/spring-boot-starter-parent/1.2.2.RELEASE/spring-boot-starter-parent-1.2.2.RELEASE.pom</a></blockquote><div><br></div><div>As we see, in the second example the parent proxy is used, while in the first it is not (and hence trying to connect <a href="http://repo.springsource.org">repo.springsource.org</a> fails).</div><div><br></div><div>Here is what I changed to the default configuration:</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="monospace, monospace">#acl localnet src <a href="http://172.16.0.0/12">172.16.0.0/12</a> # RFC1918 possible internal network<br>#acl localnet src <a href="http://192.168.0.0/16">192.168.0.0/16</a>        # RFC1918 possible internal network<br>[...] </font></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><font face="monospace, monospace">cache_dir ufs /var/cache/squid 1000 16 256 </font></div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="monospace, monospace">[...] </font></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="monospace, monospace">cache_mem 64 MB<br>cache_log /var/log/squid/cache.log<br>cache_store_log /var/log/squid/store.log<br>cache_effective_user squid<br>cache_effective_group squid<br>emulate_httpd_log on<br>debug_options ALL,10<br>refresh_pattern ^ftp:           1440    20%     10080<br>refresh_pattern ^gopher:        1440    0%      1440<br>refresh_pattern -i (/cgi-bin/|\?) 0     0%      0<br>refresh_pattern .               0       20%     4320<br>cache_peer proxy.dermalog.hh parent 3128 3130 no-query no-digest no-netdb-exchange<br>prefer_direct off</font></blockquote><div><br></div><div><br></div><div><br></div><div><br></div><br>-- <br>---------- <a href="mailto:MDietze@gmail.com">MDietze@gmail.com</a> --/-- <a href="mailto:martin@the-little-red-haired-girl.org">martin@the-little-red-haired-girl.org</a> ----<br>------------- / <a href="http://herbert.the-little-red-haired-girl.org">http://herbert.the-little-red-haired-girl.org</a> / -------------</div></div></div>