<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">Hey,</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">I am trying to establish a caching squid proxy - 5.5 openssl - ( to be used with our CI/CD system and cache npm modules (we configure http_proxy in our npm configuration).</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">I've created a configuration with ssl bump-ing and aggressive npm module caching. When a client starts fetching the modules through proxy, everything works fine however quite soon the connections start stalling and all end up timeouting.</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">The logs show that clients did issue a CONNECT, however the connections are stuck (and eventually timeout) and netstat is showing exactly 10 connections in SYN_SENT state towards npm registry. I am kinda puzzled, where this number comes from.</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">I am wondering whether npm registry starts throttling me or I am hitting some networking issue or squid misconfiguration.</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">Does anyone has any idea what could be the issue? (or if someone is using squid for npm module caching, are you willing to share your working squid.conf ;))?</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">Big thank you in advance, br, Jernej</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">The "relevant" parts of my configurations are:</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">acl intermediate_fetching transaction_initiator certificate-fetching</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">http_access allow intermediate_fetching</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">http_port 80 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/certs/squid-self-signed.crt tls-key=/etc/squid/certs/squid-self-signed.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/certs/squid-self-signed_dhparam.pem disable-pmtu-discovery=transparent</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 20MB</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">sslcrtd_children 8</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">ssl_bump server-first all</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">sslproxy_cert_error deny all</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">forwarded_for delete</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">via off</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">request_header_access X-Forwarded-For deny all</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">request_header_access Via deny all</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""># dns</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">positive_dns_ttl 31 seconds</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">negative_dns_ttl 30 seconds</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">httpd_suppress_version_string on</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">connect_timeout 10 seconds</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">squid -v: </span><a href="https://pastebin.com/KRywK3rN" class="">https://pastebin.com/KRywK3rN</a><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">Full config: </span><a href="https://pastebin.com/xsgS5J38" class="">https://pastebin.com/xsgS5J38</a></body></html>