[squid-users] Rewriting HTTP to HTTPS for generic package proxy
Alex Rousskov
rousskov at measurement-factory.com
Wed Jul 10 20:15:10 UTC 2024
On 2024-07-10 15:31, Fiehe, Christoph wrote:
> The problem is that the proxy just forwards the client GET request to the upstream proxy
Why does sending a GET request to the upstream proxy represent a problem
in your use case? I cannot find anything in your prior messages on this
thread that would preclude sending a GET request to the upstream proxy.
> but in that case a CONNECT is required.
Why?
Please do not interpret my response as implying that this "must send
CONNECT" requirement is wrong (or correct). At this point, I am just
trying to understand what problem(s) you are trying to solve beyond the
one you have originally described.
Thank you,
Alex.
> Working case: Upstream proxy receives a CONNECT from the downstream proxy
>
> 2024/07/10 21:06:05.355 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New connection on FD 12
> 2024/07/10 21:06:05.355 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: connection on conn482169 local=[::]:3128 remote=[::] FD 12 flags=9
> 2024/07/10 21:06:05.355 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP Request
> 2024/07/10 21:06:05.355 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 10.2.59.181 NOT found
> 2024/07/10 21:06:05.355 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: Failed to retrieve connection mark: (-1) (2) No such file or directory (Destination X.X.X.X:3128, source 10.2.59.181:40122)
> 2024/07/10 21:06:05.355 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 timeout 300
> 2024/07/10 21:06:05.355 kid1| 5,3| IoCallback.cc(112) finish: called for conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 (0, 0)
> 2024/07/10 21:06:05.355 kid1| 5,3| Read.cc(93) ReadNow: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1, size 4096, retval 213, errno 0
> 2024/07/10 21:06:05.355 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 timeout 300
> 2024/07/10 21:06:05.355 kid1| 33,3| Pipeline.cc(43) back: Pipeline 0x5651b328cb80 empty
> 2024/07/10 21:06:05.355 kid1| 11,2| client_side.cc(1332) parseHttpRequest: HTTP Client conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1
> 2024/07/10 21:06:05.355 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client REQUEST:
> ---------
> CONNECT download.docker.com:443 HTTP/1.1
> Host: download.docker.com:443
> User-Agent: curl/7.81.0
> Via: 1.1 pkg-proxy (squid/6.10)
> X-Forwarded-For: 10.2.59.102
> Cache-Control: max-age=259200
> Connection: close
>
> Not working after schema rewrite: Upstream proxy receives a GET from the proxy
>
> 2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New connection on FD 12
> 2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: connection on conn482169 local=[::]:3128 remote=[::] FD 12 flags=9
> 2024/07/10 18:24:44.031 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP Request
> 2024/07/10 18:24:44.031 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 10.2.59.181 NOT found
> 2024/07/10 18:24:44.031 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: Failed to retrieve connection mark: (-1) (2) No such file or directory (Destination X.X.X.X:3128, source 10.2.59.181:59100)
> 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300
> 2024/07/10 18:24:44.031 kid1| 5,3| IoCallback.cc(112) finish: called for conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 (0, 0)
> 2024/07/10 18:24:44.031 kid1| 5,3| Read.cc(93) ReadNow: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1, size 4096, retval 293, errno 0
> 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300
> 2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(43) back: Pipeline 0x5651b328cb80 empty
> 2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1332) parseHttpRequest: HTTP Client conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1
> 2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client REQUEST:
> ---------
> GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease HTTP/1.1
> Host: download.docker.com
> Accept: text/*
> User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive
> Via: 1.1 pkg-proxy (squid/6.10)
> X-Forwarded-For: 10.2.59.102
> Cache-Control: max-age=0
> Connection: keep-alive
>
>
>
>> -----Ursprüngliche Nachricht-----
>> Von: Alex Rousskov <rousskov at measurement-factory.com>
>> Gesendet: Mittwoch, 10. Juli 2024 18:56
>> An: squid-users at lists.squid-cache.org
>> Cc: Fiehe, Christoph <c.fiehe at eurodata.de>
>> Betreff: Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy
>>
>> On 2024-07-10 12:42, Fiehe, Christoph wrote:
>>
>>> In the next test case, I used a more modern upstream proxy server based von Squid 6.8
>> and enabled debugging.
>>>
>>> The log shows the error SQUID_TLS_ERR_CONNECT+GNUTLS_E_FATAL_ALERT_RECEIVED. I am not
>> sure, what I can do to prevent it from occurring
>>
>> I cannot help with GnuTLS, but I can recommend using Squid built with
>> OpenSSL libraries (./configure --with-openssl) instead of Squid built
>> with GnuTLS.
>>
>>
>> HTH,
>>
>> Alex.
>>
>>
>>
>>> 2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New connection on FD 12
>>> 2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: connection on
>> conn482169 local=[::]:3128 remote=[::] FD 12 flags=9
>>> 2024/07/10 18:24:44.031 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP Request
>>> 2024/07/10 18:24:44.031 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 10.2.59.181
>> NOT found
>>> 2024/07/10 18:24:44.031 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: Failed to
>> retrieve connection mark: (-1) (2) No such file or directory (Destination
>> 212.89.134.12:3128, source 10.2.59.181:59100)
>>> 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175
>> local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300
>>> 2024/07/10 18:24:44.031 kid1| 5,3| IoCallback.cc(112) finish: called for conn482175
>> local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 (0, 0)
>>> 2024/07/10 18:24:44.031 kid1| 5,3| Read.cc(93) ReadNow: conn482175
>> local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1, size 4096, retval 293,
>> errno 0
>>> 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175
>> local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300
>>> 2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(43) back: Pipeline 0x5651b328cb80 empty
>>> 2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1332) parseHttpRequest: HTTP Client
>> conn482175 local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1
>>> 2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client
>> REQUEST:
>>> ---------
>>> GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease HTTP/1.1
>>> Host: download.docker.com
>>> Accept: text/*
>>> User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive
>>> Via: 1.1 pkg-proxy (squid/6.10)
>>> X-Forwarded-For: 10.2.59.102
>>> Cache-Control: max-age=0
>>> Connection: keep-alive
>>>
>>>
>>> ----------
>>> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(1364) parseHttpRequest: complete
>> request received. prefix_sz = 293, request-line-size=77, mime-header-size=216, mime header
>> block:
>>> Host: download.docker.com
>>> Accept: text/*
>>> User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive
>>> Via: 1.1 pkg-proxy (squid/6.10)
>>> X-Forwarded-For: 10.2.59.102
>>> Cache-Control: max-age=0
>>> Connection: keep-alive
>>>
>>>
>>> ----------
>>> 2024/07/10 18:24:44.031 kid1| 87,3| clientStream.cc(139) clientStreamInsertHead:
>> clientStreamInsertHead: Inserted node 0x5651b6c14538 with data 0x5651b379ecb0 after head
>>> 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175
>> local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 86400
>>> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(1767) add: 0x5651b379dc40*3 to 0/0
>>> 2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(24) add: Pipeline 0x5651b328cb80 add
>> request 1 0x5651b379dc40*4
>>> 2024/07/10 18:24:44.031 kid1| 23,3| Uri.cc(446) parse: Split URL
>> 'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease' into proto='https',
>> host='download.docker.com', port='443', path='/linux/ubuntu/dists/jammy/InRelease'
>>> 2024/07/10 18:24:44.031 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>> 'download.docker.com': Name or service not known
>>> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(702) clientSetKeepaliveFlag: http_ver
>> = HTTP/1.1
>>> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(703) clientSetKeepaliveFlag: method =
>> GET
>>> 2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(123) ClientRequestContext:
>> ClientRequestContext constructed, this=0x5651b667b8b8
>>> 2024/07/10 18:24:44.031 kid1| 83,3| client_side_request.cc(1709) doCallouts: Doing
>> calloutContext->hostHeaderVerify()
>>> 2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(607) hostHeaderVerify:
>> validate host=download.docker.com, port=0, portStr=NULL
>>> 2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(621) hostHeaderVerify:
>> validate skipped.
>>> 2024/07/10 18:24:44.031 kid1| 83,3| client_side_request.cc(1716) doCallouts: Doing
>> calloutContext->clientAccessCheck()
>>> 2024/07/10 18:24:44.031 kid1| 28,3| Checklist.cc(69) preCheck: 0x5651b56d0d38 checking
>> slow rules
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' found
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked:
>> follow_x_forwarded_for#1 = 1
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: follow_x_forwarded_for
>> = 1
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(62) markFinished: 0x5651b56d0d38 answer
>> DENIED for match
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(162) checkCallback:
>> ACLChecklist::checkCallback: 0x5651b56d0d38 answer=DENIED
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(69) preCheck: 0x5651b5f334e8 checking
>> slow rules
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: Safe_ports = 1
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: !Safe_ports = 0
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#1 = 0
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#2 = 0
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>> found
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: localhost = 0
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#3 = 0
>>> 2024/07/10 18:24:44.032 kid1| 28,3| RegexData.cc(50) match: checking
>> 'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: manager = 0
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#4 = 0
>>> 2024/07/10 18:24:44.032 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname:
>> 'download.docker.com', flags=1
>>> 2024/07/10 18:24:44.032 kid1| 14,3| ipcache.cc(314) ipcacheRelease: ipcacheRelease:
>> Releasing entry for 'download.docker.com'
>>> 2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>> 'download.docker.com': Name or service not known
>>> 2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>> 'download.docker.com': Name or service not known
>>> 2024/07/10 18:24:44.032 kid1| 78,3| dns_internal.cc(1793) idnsALookup: idnsALookup: buf
>> is 37 bytes for download.docker.com, id = 0xc228
>>> 2024/07/10 18:24:44.032 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:
>> Attempt to send UDP packet to X.X.X.X:53 using FD 10 using Port 52871
>>> 2024/07/10 18:24:44.032 kid1| 78,3| dns_internal.cc(1729) idnsSendSlaveAAAAQuery: buf is
>> 48 bytes for download.docker.com, id = 0x798c
>>> 2024/07/10 18:24:44.032 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:
>> Attempt to send UDP packet to X.X.X.X:53 using FD 10 using Port 52871
>>> 2024/07/10 18:24:44.032 kid1| 28,3| DestinationIp.cc(78) match: can't yet compare
>> 'to_localhost' ACL for download.docker.com
>>> 2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>> 'download.docker.com': Name or service not known
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: to_localhost = -1
>> async
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#5 = -1
>> async
>>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access = -1 async
>>> 2024/07/10 18:24:44.048 kid1| 78,3| dns_internal.cc(1320) idnsRead: idnsRead: starting
>> with FD 10
>>> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1366) idnsRead: idnsRead: FD 10:
>> received 144 bytes from X.X.X.X:53
>>> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1173) idnsGrokReply: idnsGrokReply:
>> QID 0xc228, 5 answers
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 5 answers for
>> download.docker.com
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #1
>> 108.138.7.18
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #2
>> 108.138.7.33
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #3
>> 108.138.7.48
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #4
>> 108.138.7.88
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 5 answers for
>> download.docker.com
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #1
>> 108.138.7.18
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #2
>> 108.138.7.33
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #3
>> 108.138.7.48
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #4
>> 108.138.7.88
>>> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1320) idnsRead: idnsRead: starting
>> with FD 10
>>> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1366) idnsRead: idnsRead: FD 10:
>> received 315 bytes from X.X.X.X:53
>>> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1173) idnsGrokReply: idnsGrokReply:
>> QID 0x798c, 9 answers
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 9 answers for
>> download.docker.com
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #5
>> [2600:9000:2490:2200:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #6
>> [2600:9000:2490:3600:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #7
>> [2600:9000:2490:7000:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #8
>> [2600:9000:2490:d600:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #9
>> [2600:9000:2490:5a00:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #10
>> [2600:9000:2490:6600:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #11
>> [2600:9000:2490:b600:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #12
>> [2600:9000:2490:aa00:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(587) ipcacheHandleReply: done with
>> download.docker.com: 108.138.7.18 #1/12-0
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 9 answers for
>> download.docker.com
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #5
>> [2600:9000:2490:2200:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #6
>> [2600:9000:2490:3600:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #7
>> [2600:9000:2490:7000:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #8
>> [2600:9000:2490:d600:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #9
>> [2600:9000:2490:5a00:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #10
>> [2600:9000:2490:6600:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #11
>> [2600:9000:2490:b600:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #12
>> [2600:9000:2490:aa00:3:db06:4200:93a1]
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(587) ipcacheHandleReply: done with
>> download.docker.com: 108.138.7.18 #1/12-0
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(314) ipcacheRelease: ipcacheRelease:
>> Releasing entry for 'download.docker.com'
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname:
>> 'download.docker.com', flags=1
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.18' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.33' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.48' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.88' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:2200:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:3600:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:7000:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:d600:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:5a00:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:6600:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:b600:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:aa00:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: to_localhost = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| InnerNode.cc(100) resumeMatchingAt: checked:
>> http_access#5 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: PURGE = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#6 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: PURGE = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#7 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: localhost = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#8 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: nocnet = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#9 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: EXTERNAL_DEV_CLIENTS =
>> 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#10 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#11 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#12 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#13 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#14 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#15 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#16 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#17 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: Safe_ports = 1
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: !Safe_ports = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#18 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#19 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| RegexData.cc(50) match: checking
>> '/linux/ubuntu/dists/jammy/InRelease'
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: worm = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#20 = 0
>>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname:
>> 'download.docker.com', flags=1
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.18' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.33' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.48' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.88' NOT
>> found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:2200:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:3600:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:7000:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:d600:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:5a00:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:6600:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:b600:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '[2600:9000:2490:aa00:3:db06:4200:93a1]' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: SEUCHEN_IPS = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#21 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| DomainData.cc(110) match: aclMatchDomainList:
>> checking 'download.docker.com'
>>> 2024/07/10 18:24:44.049 kid1| 28,3| DomainData.cc(115) match: aclMatchDomainList:
>> 'download.docker.com' NOT found
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: SEUCHEN_DOMAINS = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#22 = 0
>>> 2024/07/10 18:24:44.049 kid1| 28,3| RegexData.cc(50) match: checking
>> 'download.docker.com'
>>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: SEUCHEN_DOMAINS_REGEX
>> = 0
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: http_access#23 = 0
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>> found
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: http_access#24 = 0
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' found
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: REPOSITORY-CLIENTS = 1
>>> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(110) match: aclMatchDomainList:
>> checking 'download.docker.com'
>>> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(115) match: aclMatchDomainList:
>> 'download.docker.com' found
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: REPOSITORY-ZIELE = 1
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: http_access#25 = 1
>>> 2024/07/10 18:24:44.050 kid1| 28,3| InnerNode.cc(100) resumeMatchingAt: checked:
>> http_access = 1
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: 0x5651b5f334e8 answer
>> ALLOWED for match
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(162) checkCallback:
>> ACLChecklist::checkCallback: 0x5651b5f334e8 answer=ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(715) clientAccessCheckDone:
>> The request GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease is ALLOWED;
>> last ACL checked: REPOSITORY-ZIELE
>>> 2024/07/10 18:24:44.050 kid1| 83,3| AccessCheck.cc(42) Start: adaptation off, skipping
>>> 2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1744) doCallouts: Doing
>> calloutContext->clientAccessCheck2()
>>> 2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(693) clientAccessCheck2: No
>> adapted_http_access configuration. default: ALLOW
>>> 2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(715) clientAccessCheckDone:
>> The request GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease is ALLOWED;
>> last ACL checked: REPOSITORY-ZIELE
>>> 2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1762) doCallouts: Doing
>> clientInterpretRequestHeaders()
>>> 2024/07/10 18:24:44.050 kid1| 85,3| client_side_request.cc(117) ~ClientRequestContext:
>> ClientRequestContext destructed, this=0x5651b667b8b8
>>> 2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1856) doCallouts: calling
>> processRequest()
>>> 2024/07/10 18:24:44.050 kid1| 87,3| clientStream.cc(178) clientStreamRead:
>> clientStreamRead: Calling 1 with cbdata 0x5651b379fd80 from node 0x5651b6c14538
>>> 2024/07/10 18:24:44.050 kid1| 73,3| HttpRequest.cc(742) storeId: sent back
>> effectiveRequestUrl: https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 20,3| Controller.cc(429) peek:
>> D3522EE27FB0ED7004DD594AF7674667
>>> 2024/07/10 18:24:44.050 kid1| 85,3| client_side_reply.cc(1523) identifyFoundObject:
>> StoreEntry is NULL - MISS
>>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(731) storeCreatePureEntry:
>> storeCreateEntry: 'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'
>>> 2024/07/10 18:24:44.050 kid1| 20,3| MemObject.cc(99) MemObject: MemObject constructed,
>> this=0x5651b3ae4fc0
>>> 2024/07/10 18:24:44.050 kid1| 88,3| MemObject.cc(82) setUris: 0x5651b3ae4fc0 storeId:
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: storeCreateEntry locked key
>> [null_store_key] e:=V/0x5651b365e210*1
>>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(537) setPrivateKey: 00
>> e:=V/0x5651b365e210*1
>>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(413) hashInsert: StoreEntry::hashInsert:
>> Inserting Entry e:=IV/0x5651b365e210*1 key '8349000000000000D107000001000000'
>>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: store_client locked key
>> 8349000000000000D107000001000000 e:=IV/0x5651b365e210*2
>>> 2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(243) copy: store_client::copy:
>> 8349000000000000D107000001000000, from 0, for length 4096, cb 1, cbdata 0x5651b379ece8
>>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: store_client::copy locked key
>> 8349000000000000D107000001000000 e:=IV/0x5651b365e210*3
>>> 2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(343) storeClientCopy2:
>> storeClientCopy2: 8349000000000000D107000001000000
>>> 2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(390) doCopy: store_client::doCopy:
>> Waiting for more
>>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(458) unlock: store_client::copy unlocking
>> key 8349000000000000D107000001000000 e:=IV/0x5651b365e210*3
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: 0x7ffef6c09e30 checking
>> fast rules
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181:59100'
>> found
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: miss_access#1 = 1
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: miss_access = 1
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: 0x7ffef6c09e30 answer
>> ALLOWED for match
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(373) Start:
>> 'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'
>>> 2024/07/10 18:24:44.050 kid1| 17,2| FwdState.cc(133) FwdState: Forwarding client request
>> conn482175 local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1,
>> url=https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: FwdState locked key
>> 8349000000000000D107000001000000 e:=IV/0x5651b365e210*3
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(140) FwdState: FwdState constructed,
>> this=0x5651b695faf8
>>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(309) peerSelect:
>> e:=IV/0x5651b365e210*3 https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: peerSelect locked key
>> 8349000000000000D107000001000000 e:=IV/0x5651b365e210*4
>>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(612) selectMore: GET
>> download.docker.com
>>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(617) selectMore: direct =
>> DIRECT_UNKNOWN (always_direct to be checked)
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: 0x5651b56d0d38 checking
>> slow rules
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' found
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: always_direct#1 = 1
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: always_direct = 1
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: 0x5651b56d0d38 answer
>> ALLOWED for match
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(162) checkCallback:
>> ACLChecklist::checkCallback: 0x5651b56d0d38 answer=ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(373) checkAlwaysDirectDone: ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(379) checkAlwaysDirectDone: direct =
>> DIRECT_YES (always_direct allow)
>>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(612) selectMore: GET
>> download.docker.com
>>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(1102) addSelection: adding
>> HIER_DIRECT#download.docker.com
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(460) resolveSelected: Find IP
>> destination for: https://download.docker.com/linux/ubuntu/dists/jammy/InRelease' via
>> download.docker.com
>>> 2024/07/10 18:24:44.050 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>> 'download.docker.com': Name or service not known
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482176 local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1, destination #1
>> for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482176
>> local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(1124) connectStart: 1+ paths to
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482177 local=0.0.0.0 remote=108.138.7.33:443 HIER_DIRECT flags=1, destination #2
>> for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482177
>> local=0.0.0.0 remote=108.138.7.33:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482178 local=0.0.0.0 remote=108.138.7.48:443 HIER_DIRECT flags=1, destination #3
>> for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482178
>> local=0.0.0.0 remote=108.138.7.48:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482179 local=0.0.0.0 remote=108.138.7.88:443 HIER_DIRECT flags=1, destination #4
>> for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482179
>> local=0.0.0.0 remote=108.138.7.88:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482180 local=[::] remote=[2600:9000:2490:2200:3:db06:4200:93a1]:443 HIER_DIRECT
>> flags=1, destination #5 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482180
>> local=[::] remote=[2600:9000:2490:2200:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482181 local=[::] remote=[2600:9000:2490:3600:3:db06:4200:93a1]:443 HIER_DIRECT
>> flags=1, destination #6 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482181
>> local=[::] remote=[2600:9000:2490:3600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482182 local=[::] remote=[2600:9000:2490:7000:3:db06:4200:93a1]:443 HIER_DIRECT
>> flags=1, destination #7 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482182
>> local=[::] remote=[2600:9000:2490:7000:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482183 local=[::] remote=[2600:9000:2490:d600:3:db06:4200:93a1]:443 HIER_DIRECT
>> flags=1, destination #8 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482183
>> local=[::] remote=[2600:9000:2490:d600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482184 local=[::] remote=[2600:9000:2490:5a00:3:db06:4200:93a1]:443 HIER_DIRECT
>> flags=1, destination #9 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482184
>> local=[::] remote=[2600:9000:2490:5a00:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482185 local=[::] remote=[2600:9000:2490:6600:3:db06:4200:93a1]:443 HIER_DIRECT
>> flags=1, destination #10 for
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482185
>> local=[::] remote=[2600:9000:2490:6600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482186 local=[::] remote=[2600:9000:2490:b600:3:db06:4200:93a1]:443 HIER_DIRECT
>> flags=1, destination #11 for
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482186
>> local=[::] remote=[2600:9000:2490:b600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>> found conn482187 local=[::] remote=[2600:9000:2490:aa00:3:db06:4200:93a1]:443 HIER_DIRECT
>> flags=1, destination #12 for
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>> ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>> DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482187
>> local=[::] remote=[2600:9000:2490:aa00:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(479) resolveSelected:
>> PeerSelector64364 found all 12 destinations for
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(480) resolveSelected: always_direct
>> = ALLOWED
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(481) resolveSelected: never_direct
>> = DUNNO
>>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(482) resolveSelected: timedout
>> = 0
>>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(241) ~PeerSelector:
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(458) unlock: peerSelect unlocking key
>> 8349000000000000D107000001000000 e:=p2IV/0x5651b365e210*4
>>> 2024/07/10 18:24:44.050 kid1| 48,3| pconn.cc(474) popStored: lookup for key
>> {108.138.7.18:443/download.docker.com} failed.
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: 0x7ffef6c0a460 checking
>> fast ACLs
>>> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(110) match: aclMatchDomainList:
>> checking 'download.docker.com'
>>> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(115) match: aclMatchDomainList:
>> 'download.docker.com' NOT found
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: SKIP_PALO_DOMAINS_FAST
>> = 0
>>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked:
>> !SKIP_PALO_DOMAINS_FAST = 1
>>> 2024/07/10 18:24:44.051 kid1| 28,3| Acl.cc(175) matches: checked: (tcp_outgoing_mark
>> 0x14 line) = 1
>>> 2024/07/10 18:24:44.051 kid1| 28,3| Acl.cc(175) matches: checked: tcp_outgoing_mark 0x14
>> = 1
>>> 2024/07/10 18:24:44.051 kid1| 28,3| Checklist.cc(62) markFinished: 0x7ffef6c0a460 answer
>> ALLOWED for match
>>> 2024/07/10 18:24:44.051 kid1| 17,3| FwdState.cc(1568) GetMarkingsToServer: from 0.0.0.0
>> tos 0 netfilter mark 20
>>> 2024/07/10 18:24:44.051 kid1| 5,3| ConnOpener.cc(42) ConnOpener: will connect to
>> conn482189 local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1 with 60 timeout
>>> 2024/07/10 18:24:44.051 kid1| 50,3| comm.cc(378) comm_openex: comm_openex: Attempt open
>> socket for: 0.0.0.0
>>> 2024/07/10 18:24:44.051 kid1| 50,3| comm.cc(420) comm_openex: comm_openex: Opened socket
>> conn482190 local=0.0.0.0 remote=[::] FD 19 flags=1 : family=2, type=1, protocol=6
>>> 2024/07/10 18:24:44.051 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 19
>> download.docker.com
>>> 2024/07/10 18:24:44.051 kid1| 50,3| QosConfig.cc(581) setSockNfmark: for FD 19 to 20
>>> 2024/07/10 18:24:44.051 kid1| 5,3| ConnOpener.cc(312) createFd: conn482189 local=0.0.0.0
>> remote=108.138.7.18:443 HIER_DIRECT flags=1 will timeout in 60
>>> 2024/07/10 18:24:44.058 kid1| 83,2| Io.cc(161) Handshake: handshake IN: Unknown
>> Handshake packet
>>> 2024/07/10 18:24:44.058 kid1| 83,2| Io.cc(163) Handshake: handshake OUT: CLIENT HELLO
>>> 2024/07/10 18:24:44.058 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482189
>> local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1 timeout 60
>>> 2024/07/10 18:24:44.064 kid1| 83,2| Io.cc(161) Handshake: handshake IN: Unknown
>> Handshake packet
>>> 2024/07/10 18:24:44.064 kid1| 83,2| Io.cc(163) Handshake: handshake OUT: CLIENT HELLO
>>> 2024/07/10 18:24:44.064 kid1| 83,2| PeerConnector.cc(279) handleNegotiationResult:
>> ERROR: Cannot establish a TLS connection to conn482189 local=X.X.X.X:36718
>> remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1:
>>> problem: failure
>>> detail: SQUID_TLS_ERR_CONNECT+GNUTLS_E_FATAL_ALERT_RECEIVED
>>> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(625) commUnsetConnTimeout: Remove timeout for
>> conn482189 local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1
>>> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482189
>> local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1 timeout -1
>>> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(850) _comm_close: start closing FD 19 by
>> Connection.cc:108
>>> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(586) commUnsetFdTimeout: Remove timeout for
>> FD 19
>>> 2024/07/10 18:24:44.064 kid1| 83,3| Session.cc(36) tls_read_method: started for
>> session=0x5651b404d2c0
>>> 2024/07/10 18:24:44.064 kid1| 51,3| fd.cc(93) fd_close: fd_close FD 19 server https
>> start
>>> 2024/07/10 18:24:44.064 kid1| 17,3| FwdState.cc(471) fail: ERR_SECURE_CONNECT_FAIL
>> "Service Unavailable"
>>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>>> 2024/07/10 18:24:44.064 kid1| 17,3| FwdState.cc(781) retryOrBail: re-forwarding (1
>> tries, 0 secs)
>>>
>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: Alex Rousskov <rousskov at measurement-factory.com>
>>>> Gesendet: Mittwoch, 10. Juli 2024 14:50
>>>> An: squid-users at lists.squid-cache.org
>>>> Cc: Fiehe, Christoph <c.fiehe at eurodata.de>
>>>> Betreff: Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy
>>>>
>>>> On 2024-07-09 18:25, Fiehe, Christoph wrote:
>>>>
>>>>> I hope that somebody has an idea, what I am doing wrong.
>>>>
>>>> AFAICT from the debugging log, it is your parent proxy that returns an
>>>> ERR_SECURE_CONNECT_FAIL error page in response to a seemingly valid
>>>> "HEAD https://..." request. Can you ask their admin to investigate? You
>>>> may also recommend that they upgrade from Squid v4 that has many known
>>>> security vulnerabiities.
>>>>
>>>> If parent is uncooperative, you can try to reproduce the problem by
>>>> temporary installing your own parent Squid instance and configuring your
>>>> child Squid to use that instead.
>>>>
>>>> HTH,
>>>>
>>>> Alex.
>>>> P.S. Unlike Amos, I do not see serious conceptual problems with
>>>> rewriting request target scheme (as a temporary compatibility measure).
>>>> It may not always work, for various reasons, but it does not necessarily
>>>> make things worse (and may make things better).
>>>>
>>>>
>>>>
>>>>
>>>> I try to build a generic package proxy with Squid and need the feature
>>>> to rewrite (not redirect) a HTTP request to a package repository
>>>> transparently to a HTTPS-based package source. I was able to get Jesred
>>>> working and defined the following rewrite rule:
>>>>>
>>>>> regex ^http:\/\/download\.docker\.com(.*)$ https://download.docker.com\1
>>>>>
>>>>> I had to use a parent upstream proxy. In my test case the rule gets applied
>>>> successfully:
>>>>>
>>>>> 1720558404.106 10.2.59.102/molecule-ubuntu-jammy.lx.mycompany.de
>>>>
>> http://download.docker.com/linux/ubuntu/dists/jammy/InRelease[http://download.docker.com/l
>>>> inux/ubuntu/dists/jammy/InRelease]
>>>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease 2
>>>>>
>>>>> I have validated that the returned URL is correct and that the resource is accessible
>>>> via my upstream proxy.
>>>>>
>>>>> But at the very end, the client receives a 503 error code. I have set "debug_options
>>>> ALL,3" and this gives the log:
>>>>>
>>>>> [...]
>>>>> 2024/07/09 23:35:40.115 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client
>>>> REQUEST:
>>>>> ---------
>>>>> HEAD
>>>>
>> http://download.docker.com/linux/ubuntu/dists/jammy/InRelease[http://download.docker.com/l
>>>> inux/ubuntu/dists/jammy/InRelease] HTTP/1.1
>>>>> Host: download.docker.com
>>>>> User-Agent: curl/7.81.0
>>>>> Accept: */*
>>>>> Proxy-Connection: Keep-Alive
>>>>>
>>>>>
>>>>> ----------
>>>>> 2024/07/09 23:35:40.115 kid1| 33,3| client_side.cc(1364) parseHttpRequest: complete
>>>> request received. prefix_sz = 174, request-line-size=77, mime-header-size=97, mime
>> header
>>>> block:
>>>>> Host: download.docker.com
>>>>> User-Agent: curl/7.81.0
>>>>> Accept: */*
>>>>> Proxy-Connection: Keep-Alive
>>>>>
>>>>>
>>>>> ----------
>>>>> 2024/07/09 23:35:40.115 kid1| 87,3| clientStream.cc(139) clientStreamInsertHead:
>>>> clientStreamInsertHead: Inserted node 0x5c3ba4154308 with data 0x5c3ba4152950 after
>> head
>>>>> 2024/07/09 23:35:40.115 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn9
>>>> local=10.2.59.103:8000 remote=10.2.59.102:56466 FD 15 flags=1 timeout 86400
>>>>> 2024/07/09 23:35:40.115 kid1| 33,3| client_side.cc(1767) add: 0x5c3ba41518e0*3 to 0/0
>>>>> 2024/07/09 23:35:40.115 kid1| 33,3| Pipeline.cc(24) add: Pipeline 0x5c3ba41501f0 add
>>>> request 1 0x5c3ba41518e0*4
>>>>> 2024/07/09 23:35:40.115 kid1| 23,3| Uri.cc(446) parse: Split URL
>>>>
>> 'http://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[http://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease'] into proto='http', host='download.docker.com',
>>>> port='80', path='/linux/ubuntu/dists/jammy/InRelease'
>>>>> 2024/07/09 23:35:40.115 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>>>> 'download.docker.com': Name or service not known
>>>>> 2024/07/09 23:35:40.115 kid1| 33,3| client_side.cc(702) clientSetKeepaliveFlag:
>> http_ver
>>>> = HTTP/1.1
>>>>> 2024/07/09 23:35:40.115 kid1| 33,3| client_side.cc(703) clientSetKeepaliveFlag: method
>> =
>>>> HEAD
>>>>> 2024/07/09 23:35:40.115 kid1| 85,3| client_side_request.cc(122) ClientRequestContext:
>>>> ClientRequestContext constructed, this=0x5c3ba4154e78
>>>>> 2024/07/09 23:35:40.115 kid1| 83,3| client_side_request.cc(1708) doCallouts: Doing
>>>> calloutContext->hostHeaderVerify()
>>>>> 2024/07/09 23:35:40.115 kid1| 85,3| client_side_request.cc(606) hostHeaderVerify:
>>>> validate host=download.docker.com, port=0, portStr=NULL
>>>>> 2024/07/09 23:35:40.115 kid1| 85,3| client_side_request.cc(620) hostHeaderVerify:
>>>> validate skipped.
>>>>> 2024/07/09 23:35:40.115 kid1| 83,3| client_side_request.cc(1715) doCallouts: Doing
>>>> calloutContext->clientAccessCheck()
>>>>> 2024/07/09 23:35:40.115 kid1| 28,3| Checklist.cc(69) preCheck: 0x5c3ba41552d8 checking
>>>> slow rules
>>>>> 2024/07/09 23:35:40.115 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '10.2.59.102:56466'
>>>> found
>>>>> 2024/07/09 23:35:40.115 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
>>>>> 2024/07/09 23:35:40.115 kid1| 28,3| Acl.cc(175) matches: checked: http_access#1 = 1
>>>>> 2024/07/09 23:35:40.115 kid1| 28,3| Acl.cc(175) matches: checked: http_access = 1
>>>>> 2024/07/09 23:35:40.115 kid1| 28,3| Checklist.cc(62) markFinished: 0x5c3ba41552d8
>> answer
>>>> ALLOWED for match
>>>>> 2024/07/09 23:35:40.115 kid1| 28,3| Checklist.cc(162) checkCallback:
>>>> ACLChecklist::checkCallback: 0x5c3ba41552d8 answer=ALLOWED
>>>>> 2024/07/09 23:35:40.115 kid1| 85,2| client_side_request.cc(714) clientAccessCheckDone:
>>>> The request HEAD
>>>>
>> http://download.docker.com/linux/ubuntu/dists/jammy/InRelease[http://download.docker.com/l
>>>> inux/ubuntu/dists/jammy/InRelease] is ALLOWED; last ACL checked: all
>>>>> 2024/07/09 23:35:40.115 kid1| 83,3| AccessCheck.cc(42) Start: adaptation off, skipping
>>>>> 2024/07/09 23:35:40.115 kid1| 83,3| client_side_request.cc(1735) doCallouts: Doing
>>>> calloutContext->clientRedirectStart()
>>>>> 2024/07/09 23:35:40.115 kid1| 78,3| dns_internal.cc(1836) idnsPTRLookup:
>> idnsPTRLookup:
>>>> buf is 42 bytes for 10.2.59.102, id = 0x8d95
>>>>> 2024/07/09 23:35:40.115 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:
>>>> Attempt to send UDP packet to 127.0.0.53:53 using FD 11 using Port 54280
>>>>> 2024/07/09 23:35:40 kid1| Starting new redirector helpers...
>>>>> current master transaction: master54
>>>>> 2024/07/09 23:35:40 kid1| helperOpenServers: Starting 1/3 'jesred' processes
>>>>> current master transaction: master54
>>>>> 2024/07/09 23:35:40.115 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 17 IPC UNIX
>> STREAM
>>>> Parent
>>>>> 2024/07/09 23:35:40.115 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 19 IPC UNIX
>> STREAM
>>>> Parent
>>>>> 2024/07/09 23:35:40.115 kid1| 54,3| ipc.cc(212) ipcCreate: ipcCreate: prfd FD 17
>>>>> 2024/07/09 23:35:40.115 kid1| 54,3| ipc.cc(213) ipcCreate: ipcCreate: pwfd FD 17
>>>>> 2024/07/09 23:35:40.115 kid1| 54,3| ipc.cc(214) ipcCreate: ipcCreate: crfd FD 19
>>>>> 2024/07/09 23:35:40.115 kid1| 54,3| ipc.cc(215) ipcCreate: ipcCreate: cwfd FD 19
>>>>> 2024/07/09 23:35:40.116 kid1| 5,3| comm.cc(850) _comm_close: start closing FD 19 by
>>>> ipc.cc:271
>>>>> 2024/07/09 23:35:40.116 kid1| 5,3| comm.cc(586) commUnsetFdTimeout: Remove timeout for
>>>> FD 19
>>>>> 2024/07/09 23:35:40.116 kid1| 21,3| tools.cc(561) leave_suid: leave_suid: PID 503746
>>>> called
>>>>> 2024/07/09 23:35:40.116 kid1| 21,3| tools.cc(651) no_suid: no_suid: PID 503746 giving
>> up
>>>> root privileges forever
>>>>> 2024/07/09 23:35:40.116 kid1| 5,3| comm.cc(586) commUnsetFdTimeout: Remove timeout for
>>>> FD 17
>>>>> 2024/07/09 23:35:40.117 kid1| 84,3| helper.cc(1310) GetFirstAvailable:
>>>> GetFirstAvailable: Least-loaded helper is fully loaded!
>>>>> 2024/07/09 23:35:40.117 kid1| 51,3| fd.cc(93) fd_close: fd_close FD 19 IPC UNIX STREAM
>>>> Parent
>>>>> 2024/07/09 23:35:40.117 kid1| 78,3| dns_internal.cc(1319) idnsRead: idnsRead: starting
>>>> with FD 11
>>>>> 2024/07/09 23:35:40.117 kid1| 78,3| dns_internal.cc(1365) idnsRead: idnsRead: FD 11:
>>>> received 92 bytes from 127.0.0.53:53
>>>>> 2024/07/09 23:35:40.117 kid1| 78,3| dns_internal.cc(1172) idnsGrokReply:
>> idnsGrokReply:
>>>> QID 0x8d95, 1 answers
>>>>> 2024/07/09 23:35:40.117 kid1| 35,3| fqdncache.cc(336) fqdncacheParse: fqdncacheParse:
>> 1
>>>> answers for '10.2.59.102'
>>>>> 2024/07/09 23:35:40.117 kid1| 5,3| IoCallback.cc(112) finish: called for conn11
>>>> local=[::] remote=[::] FD 17 flags=1 (0, 0)
>>>>> 2024/07/09 23:35:40.125 kid1| 5,3| Read.cc(148) HandleRead: FD 17, size 32767, retval
>>>> 80, errno 0
>>>>> 2024/07/09 23:35:40.125 kid1| 5,3| IoCallback.cc(112) finish: called for conn10
>>>> local=[::] remote=[::] FD 17 flags=1 (0, 0)
>>>>> 2024/07/09 23:35:40.125 kid1| 84,3| helper.cc(1022) helperHandleRead:
>> helperHandleRead:
>>>> end of reply found
>>>>> 2024/07/09 23:35:40.125 kid1| 84,3| Reply.cc(41) finalize: Parsing helper buffer
>>>>> 2024/07/09 23:35:40.125 kid1| 84,3| Reply.cc(59) finalize: Buff length is larger than
>> 2
>>>>> 2024/07/09 23:35:40.125 kid1| 84,3| Reply.cc(63) finalize: helper Result = OK
>>>>> 2024/07/09 23:35:40.125 kid1| 23,3| Uri.cc(446) parse: Split URL
>>>>
>> 'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.c
>>>> om/linux/ubuntu/dists/jammy/InRelease'] into proto='https', host='download.docker.com',
>>>> port='443', path='/linux/ubuntu/dists/jammy/InRelease'
>>>>> 2024/07/09 23:35:40.125 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>>>> 'download.docker.com': Name or service not known
>>>>> 2024/07/09 23:35:40.125 kid1| 61,2| client_side_request.cc(1235) clientRedirectDone:
>>>> URL-rewriter diverts URL from
>>>>
>> http://download.docker.com/linux/ubuntu/dists/jammy/InRelease[http://download.docker.com/l
>>>> inux/ubuntu/dists/jammy/InRelease] to
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.125 kid1| 83,3| client_side_request.cc(1743) doCallouts: Doing
>>>> calloutContext->clientAccessCheck2()
>>>>> 2024/07/09 23:35:40.125 kid1| 85,2| client_side_request.cc(692) clientAccessCheck2: No
>>>> adapted_http_access configuration. default: ALLOW
>>>>> 2024/07/09 23:35:40.125 kid1| 85,2| client_side_request.cc(714) clientAccessCheckDone:
>>>> The request HEAD
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease] is ALLOWED; last ACL checked: all
>>>>> 2024/07/09 23:35:40.126 kid1| 83,3| client_side_request.cc(1761) doCallouts: Doing
>>>> clientInterpretRequestHeaders()
>>>>> 2024/07/09 23:35:40.126 kid1| 83,3| client_side_request.cc(1770) doCallouts: Doing
>>>> calloutContext->checkNoCache()
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(69) preCheck: 0x5c3ba41552d8 checking
>>>> slow rules
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| RegexData.cc(50) match: checking
>>>>
>> 'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.c
>>>> om/linux/ubuntu/dists/jammy/InRelease']
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: no_cache = 0
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: cache#1 = 0
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '10.2.59.102:56466'
>>>> found
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: cache#2 = 1
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: cache = 1
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(62) markFinished: 0x5c3ba41552d8
>> answer
>>>> ALLOWED for match
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(162) checkCallback:
>>>> ACLChecklist::checkCallback: 0x5c3ba41552d8 answer=ALLOWED
>>>>> 2024/07/09 23:35:40.126 kid1| 85,3| client_side_request.cc(116) ~ClientRequestContext:
>>>> ClientRequestContext destructed, this=0x5c3ba4154e78
>>>>> 2024/07/09 23:35:40.126 kid1| 83,3| client_side_request.cc(1855) doCallouts: calling
>>>> processRequest()
>>>>> 2024/07/09 23:35:40.126 kid1| 87,3| clientStream.cc(178) clientStreamRead:
>>>> clientStreamRead: Calling 1 with cbdata 0x5c3ba4153e70 from node 0x5c3ba4154308
>>>>> 2024/07/09 23:35:40.126 kid1| 73,3| HttpRequest.cc(742) storeId: sent back
>>>> effectiveRequestUrl:
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| Controller.cc(429) peek:
>>>> DE850794EBC405A27A7718F51795E32A
>>>>> 2024/07/09 23:35:40.126 kid1| 73,3| HttpRequest.cc(742) storeId: sent back
>>>> effectiveRequestUrl:
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| Controller.cc(429) peek:
>>>> D3522EE27FB0ED7004DD594AF7674667
>>>>> 2024/07/09 23:35:40.126 kid1| 85,3| client_side_reply.cc(1523) identifyFoundObject:
>>>> StoreEntry is NULL - MISS
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| store.cc(730) storeCreatePureEntry:
>>>> storeCreateEntry:
>>>>
>> 'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.c
>>>> om/linux/ubuntu/dists/jammy/InRelease']
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| MemObject.cc(99) MemObject: MemObject constructed,
>>>> this=0x5c3ba416ef10
>>>>> 2024/07/09 23:35:40.126 kid1| 88,3| MemObject.cc(82) setUris: 0x5c3ba416ef10 storeId:
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| store.cc(434) lock: storeCreateEntry locked key
>>>> [null_store_key] e:=V/0x5c3ba416ee90*1
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| store.cc(536) setPrivateKey: 00
>>>> e:=V/0x5c3ba416ee90*1
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| store.cc(412) hashInsert: StoreEntry::hashInsert:
>>>> Inserting Entry e:=IV/0x5c3ba416ee90*1 key '020000000000000061AF070001000000'
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| store.cc(434) lock: store_client locked key
>>>> 020000000000000061AF070001000000 e:=IV/0x5c3ba416ee90*2
>>>>> 2024/07/09 23:35:40.126 kid1| 90,3| store_client.cc(243) copy: store_client::copy:
>>>> 020000000000000061AF070001000000, from 0, for length 4096, cb 1, cbdata 0x5c3ba4152dd8
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| store.cc(434) lock: store_client::copy locked key
>>>> 020000000000000061AF070001000000 e:=IV/0x5c3ba416ee90*3
>>>>> 2024/07/09 23:35:40.126 kid1| 90,3| store_client.cc(343) storeClientCopy2:
>>>> storeClientCopy2: 020000000000000061AF070001000000
>>>>> 2024/07/09 23:35:40.126 kid1| 90,3| store_client.cc(390) doCopy: store_client::doCopy:
>>>> Waiting for more
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| store.cc(457) unlock: store_client::copy unlocking
>>>> key 020000000000000061AF070001000000 e:=IV/0x5c3ba416ee90*3
>>>>> 2024/07/09 23:35:40.126 kid1| 17,3| FwdState.cc(373) Start:
>>>>
>> 'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.c
>>>> om/linux/ubuntu/dists/jammy/InRelease']
>>>>> 2024/07/09 23:35:40.126 kid1| 17,2| FwdState.cc(133) FwdState: Forwarding client
>> request
>>>> conn9 local=10.2.59.103:8000 remote=10.2.59.102:56466 FD 15 flags=1,
>>>>
>> url=https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker
>>>> .com/linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| store.cc(434) lock: FwdState locked key
>>>> 020000000000000061AF070001000000 e:=IV/0x5c3ba416ee90*3
>>>>> 2024/07/09 23:35:40.126 kid1| 17,3| FwdState.cc(140) FwdState: FwdState constructed,
>>>> this=0x5c3ba416fa18
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(309) peerSelect:
>>>> e:=IV/0x5c3ba416ee90*3
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| store.cc(434) lock: peerSelect locked key
>>>> 020000000000000061AF070001000000 e:=IV/0x5c3ba416ee90*4
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(612) selectMore: HEAD
>>>> download.docker.com
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(626) selectMore: direct =
>>>> DIRECT_UNKNOWN (never_direct to be checked)
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(69) preCheck: 0x5c3ba4170638 checking
>>>> slow rules
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>> '10.2.59.102:56466'
>>>> found
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: never_direct#1 = 1
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Acl.cc(175) matches: checked: never_direct = 1
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(62) markFinished: 0x5c3ba4170638
>> answer
>>>> ALLOWED for match
>>>>> 2024/07/09 23:35:40.126 kid1| 28,3| Checklist.cc(162) checkCallback:
>>>> ACLChecklist::checkCallback: 0x5c3ba4170638 answer=ALLOWED
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(345) checkNeverDirectDone: ALLOWED
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(351) checkNeverDirectDone: direct =
>>>> DIRECT_NO (never_direct allow)
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(612) selectMore: HEAD
>>>> download.docker.com
>>>>> 2024/07/09 23:35:40.126 kid1| 14,3| ipcache.cc(732) ipcache_gethostbyname:
>>>> ipcache_gethostbyname: 'download.docker.com', flags=0
>>>>> 2024/07/09 23:35:40.126 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>>>> 'download.docker.com': Name or service not known
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(286) peerSelectIcpPing:
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.126 kid1| 15,3| neighbors.cc(283) neighborsCount: neighborsCount:
>> 0
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(297) peerSelectIcpPing: counted 0
>>>> neighbors
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(833) selectSomeParent: HEAD
>>>> download.docker.com
>>>>> 2024/07/09 23:35:40.126 kid1| 15,3| neighbors.cc(350) getRoundRobinParent: returning
>>>> [nil]
>>>>> 2024/07/09 23:35:40.126 kid1| 15,3| neighbors.cc(403) getWeightedRoundRobinParent:
>>>> returning [nil]
>>>>> 2024/07/09 23:35:40.126 kid1| 15,3| neighbors.cc(309) getFirstUpParent: returning
>>>> 212.89.128.96
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(1102) addSelection: adding
>>>> FIRSTUP_PARENT/212.89.128.96
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(1095) addSelection: skipping
>>>> ANY_OLD_PARENT/212.89.128.96; have FIRSTUP_PARENT/212.89.128.96
>>>>> 2024/07/09 23:35:40.126 kid1| 15,3| neighbors.cc(493) getDefaultParent: returning
>>>> 212.89.128.96
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(1095) addSelection: skipping
>>>> DEFAULT_PARENT/212.89.128.96; have FIRSTUP_PARENT/212.89.128.96
>>>>> 2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(460) resolveSelected: Find IP
>>>> destination for:
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.co
>>>> m/linux/ubuntu/dists/jammy/InRelease'] via 212.89.128.96
>>>>> 2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector1
>> found
>>>> conn12 local=0.0.0.0 remote=212.89.128.96:3128 FIRSTUP_PARENT flags=1, destination #1
>> for
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(1180) handlePath: always_direct =
>>>> DENIED
>>>>> 2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(1181) handlePath: never_direct =
>>>> ALLOWED
>>>>> 2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(1182) handlePath: timedout = 0
>>>>> 2024/07/09 23:35:40.126 kid1| 17,3| FwdState.cc(610) noteDestination: conn12
>>>> local=0.0.0.0 remote=212.89.128.96:3128 FIRSTUP_PARENT flags=1
>>>>> 2024/07/09 23:35:40.126 kid1| 17,3| FwdState.cc(1124) connectStart: 1+ paths to
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(479) resolveSelected: PeerSelector1
>>>> found all 1 destinations for
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(480) resolveSelected: always_direct
>> =
>>>> DENIED
>>>>> 2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(481) resolveSelected: never_direct
>> =
>>>> ALLOWED
>>>>> 2024/07/09 23:35:40.126 kid1| 44,2| peer_select.cc(482) resolveSelected: timedout = 0
>>>>> 2024/07/09 23:35:40.126 kid1| 44,3| peer_select.cc(241) ~PeerSelector:
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.126 kid1| 20,3| store.cc(457) unlock: peerSelect unlocking key
>>>> 020000000000000061AF070001000000 e:=p2IV/0x5c3ba416ee90*4
>>>>> 2024/07/09 23:35:40.126 kid1| 48,3| pconn.cc(474) popStored: lookup for key
>>>> {212.89.128.96:3128} failed.
>>>>> 2024/07/09 23:35:40.126 kid1| 17,3| FwdState.cc(1568) GetMarkingsToServer: from
>> 0.0.0.0
>>>> tos 0 netfilter mark 0
>>>>> 2024/07/09 23:35:40.126 kid1| 5,3| ConnOpener.cc(42) ConnOpener: will connect to
>> conn14
>>>> local=0.0.0.0 remote=212.89.128.96:3128 FIRSTUP_PARENT flags=1 with 30 timeout
>>>>> 2024/07/09 23:35:40.126 kid1| 50,3| comm.cc(378) comm_openex: comm_openex: Attempt
>> open
>>>> socket for: 0.0.0.0
>>>>> 2024/07/09 23:35:40.126 kid1| 50,3| comm.cc(420) comm_openex: comm_openex: Opened
>> socket
>>>> conn15 local=0.0.0.0 remote=[::] FD 19 flags=1 : family=2, type=1, protocol=6
>>>>> 2024/07/09 23:35:40.126 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 19
>>>>> 2024/07/09 23:35:40.126 kid1| 5,3| ConnOpener.cc(312) createFd: conn14 local=0.0.0.0
>>>> remote=212.89.128.96:3128 FIRSTUP_PARENT flags=1 will timeout in 30
>>>>> 2024/07/09 23:35:40.127 kid1| 17,3| FwdState.cc(1197) dispatch: conn9
>>>> local=10.2.59.103:8000 remote=10.2.59.102:56466 FD 15 flags=1: Fetching HEAD
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.127 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>>>> 'download.docker.com': Name or service not known
>>>>> 2024/07/09 23:35:40.127 kid1| 78,3| dns_internal.cc(1793) idnsALookup: idnsALookup:
>> buf
>>>> is 37 bytes for download.docker.com, id = 0xe779
>>>>> 2024/07/09 23:35:40.127 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:
>>>> Attempt to send UDP packet to 127.0.0.53:53 using FD 11 using Port 54280
>>>>> 2024/07/09 23:35:40.127 kid1| 78,3| dns_internal.cc(1729) idnsSendSlaveAAAAQuery: buf
>> is
>>>> 37 bytes for download.docker.com, id = 0x8aee
>>>>> 2024/07/09 23:35:40.127 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:
>>>> Attempt to send UDP packet to 127.0.0.53:53 using FD 11 using Port 54280
>>>>> 2024/07/09 23:35:40.127 kid1| 11,3| http.cc(2516) httpStart: HEAD
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.127 kid1| 20,3| store.cc(434) lock: Client locked key
>>>> 020000000000000061AF070001000000 e:=p2IV/0x5c3ba416ee90*4
>>>>> 2024/07/09 23:35:40.127 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn14
>>>> local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1 timeout
>>>> 86400
>>>>> 2024/07/09 23:35:40.127 kid1| 22,3| refresh.cc(636) getMaxAge: getMaxAge:
>>>>
>> 'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'[https://download.docker.c
>>>> om/linux/ubuntu/dists/jammy/InRelease']
>>>>> 2024/07/09 23:35:40.127 kid1| 11,2| http.cc(2472) sendRequest: HTTP Server conn14
>>>> local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1
>>>>> 2024/07/09 23:35:40.127 kid1| 11,2| http.cc(2473) sendRequest: HTTP Server REQUEST:
>>>>> ---------
>>>>> HEAD
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease] HTTP/1.1
>>>>> Host: download.docker.com
>>>>> User-Agent: curl/7.81.0
>>>>> Accept: */*
>>>>> Via: 1.1 pkg-proxy (squid/6.6)
>>>>> X-Forwarded-For: 10.2.59.102
>>>>> Cache-Control: max-age=0
>>>>> Connection: keep-alive
>>>>>
>>>>>
>>>>> ----------
>>>>> 2024/07/09 23:35:40.127 kid1| 5,3| IoCallback.cc(112) finish: called for conn14
>>>> local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1 (0, 0)
>>>>> 2024/07/09 23:35:40.127 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn14
>>>> local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1 timeout
>> 900
>>>>> 2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1319) idnsRead: idnsRead: starting
>>>> with FD 11
>>>>> 2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1365) idnsRead: idnsRead: FD 11:
>>>> received 304 bytes from 127.0.0.53:53
>>>>> 2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1172) idnsGrokReply:
>> idnsGrokReply:
>>>> QID 0x8aee, 9 answers
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(480) ipcacheParse: 9 answers for
>>>> download.docker.com
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #1
>>>> [2600:9000:2490:6c00:3:db06:4200:93a1]
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #2
>>>> [2600:9000:2490:a600:3:db06:4200:93a1]
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #3
>>>> [2600:9000:2490:9c00:3:db06:4200:93a1]
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #4
>>>> [2600:9000:2490:6000:3:db06:4200:93a1]
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #5
>>>> [2600:9000:2490:c00:3:db06:4200:93a1]
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #6
>>>> [2600:9000:2490:5200:3:db06:4200:93a1]
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #7
>>>> [2600:9000:2490:9a00:3:db06:4200:93a1]
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #8
>>>> [2600:9000:2490:2c00:3:db06:4200:93a1]
>>>>> 2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1319) idnsRead: idnsRead: starting
>>>> with FD 11
>>>>> 2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1365) idnsRead: idnsRead: FD 11:
>>>> received 144 bytes from 127.0.0.53:53
>>>>> 2024/07/09 23:35:40.137 kid1| 78,3| dns_internal.cc(1172) idnsGrokReply:
>> idnsGrokReply:
>>>> QID 0xe779, 5 answers
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(480) ipcacheParse: 5 answers for
>>>> download.docker.com
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #9
>>>> 108.138.7.33
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #10
>>>> 108.138.7.18
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #11
>>>> 108.138.7.88
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(535) addGood: download.docker.com #12
>>>> 108.138.7.48
>>>>> 2024/07/09 23:35:40.137 kid1| 14,3| ipcache.cc(586) ipcacheHandleReply: done with
>>>> download.docker.com: [2600:9000:2490:6c00:3:db06:4200:93a1] #1/12-0
>>>>> 2024/07/09 23:35:40.137 kid1| 38,3| net_db.cc(337) netdbSendPing: netdbSendPing:
>> pinging
>>>> download.docker.com
>>>>> 2024/07/09 23:35:40.137 kid1| 37,2| IcmpSquid.cc(88) SendEcho: to
>>>> [2600:9000:2490:6c00:3:db06:4200:93a1], opcode 3, len 19
>>>>> 2024/07/09 23:35:40.137 pinger| 42,2| IcmpPinger.cc(198) Recv: Pass
>>>> [2600:9000:2490:6c00:3:db06:4200:93a1] off to ICMPv6 module.
>>>>> 2024/07/09 23:35:40 pinger| SendEcho ERROR: sending to ICMPv6 packet to
>>>> [2600:9000:2490:6c00:3:db06:4200:93a1]: (101) Network is unreachable
>>>>> 2024/07/09 23:35:40.138 pinger| 42,2| Icmp.cc(90) Log: pingerLog: 1720560940.138021
>>>> [2600:9000:2490:6c00:3:db06:4200:93a1] 0
>>>>> 2024/07/09 23:35:40.323 kid1| 5,3| IoCallback.cc(112) finish: called for conn14
>>>> local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1 (0, 0)
>>>>> 2024/07/09 23:35:40.324 kid1| 5,3| Read.cc(93) ReadNow: conn14 local=10.2.59.103:39370
>>>> remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1, size 65536, retval 348, errno 0
>>>>> 2024/07/09 23:35:40.324 kid1| 11,3| http.cc(649) processReplyHeader:
>> processReplyHeader:
>>>> key '020000000000000061AF070001000000'
>>>>> 2024/07/09 23:35:40.324 kid1| 11,2| http.cc(696) processReplyHeader: HTTP Server
>> conn14
>>>> local=10.2.59.103:39370 remote=212.89.128.96:3128 FIRSTUP_PARENT FD 19 flags=1
>>>>> 2024/07/09 23:35:40.324 kid1| 11,2| http.cc(697) processReplyHeader: HTTP Server
>>>> RESPONSE:
>>>>> ---------
>>>>> HTTP/1.1 503 Service Unavailable
>>>>> Server: squid/4.10
>>>>> Mime-Version: 1.0
>>>>> Date: Tue, 09 Jul 2024 21:35:40 GMT
>>>>> Content-Type: text/html;charset=utf-8
>>>>> Content-Length: 3879
>>>>> X-Squid-Error: ERR_SECURE_CONNECT_FAIL 71
>>>>> X-Cache: MISS from proxy-srv2
>>>>> X-Cache-Lookup: MISS from proxy-srv2:3128
>>>>> Via: 1.1 proxy-srv2 (squid/4.10)
>>>>> Connection: keep-alive
>>>>>
>>>>> ----------
>>>>> 2024/07/09 23:35:40.324 kid1| 83,3| AccessCheck.cc(42) Start: adaptation off, skipping
>>>>> 2024/07/09 23:35:40.324 kid1| 20,3| store.cc(1693) replaceHttpReply:
>>>> StoreEntry::replaceHttpReply:
>>>>
>> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease[https://download.docker.com
>>>> /linux/ubuntu/dists/jammy/InRelease]
>>>>> 2024/07/09 23:35:40.324 kid1| 11,3| http.cc(949) haveParsedReplyHeaders: HTTP CODE:
>> 503
>>>>>
>>>>> Has anybody an idea what I can do to solve the issue?
>>>>>
>>>>> This is my configuration borrowed from squid-deb-proxy:
>>>>>
>>>>> # this file contains private networks (10.0.0.0/8, 172.16.0.0/12,
>>>>> # 192.168.0.0/16) by default, you can add/remove additional allowed
>>>>> # source networks in it to customize it for your setup
>>>>> acl src_networks src "/etc/squid/acl/src-networks.acl"
>>>>>
>>>>> # this file contains the archive mirrors by default,
>>>>> # if you use a different mirror, add it there
>>>>> acl to_archive_mirrors dstdomain "/etc/squid/acl/archive-mirrors.acl"
>>>>>
>>>>> # Disable Cache for defined domains
>>>>> acl no_cache url_regex "/etc/squid/acl/no-cache.acl"
>>>>>
>>>>> # this contains the package blacklist
>>>>> acl blockedpkgs urlpath_regex "/etc/squid/pkg-blacklist-regexp.acl"
>>>>>
>>>>> # default to a different port than stock squid
>>>>> http_port 8000
>>>>>
>>>>> # -------------------------------------------------
>>>>> # settings below probably do not need customization
>>>>>
>>>>> # user visible name
>>>>> visible_hostname pkg-proxy
>>>>>
>>>>> # we need a big cache, some debs are huge
>>>>> maximum_object_size 512 MB
>>>>>
>>>>> # use a different dir than stock squid and default to 40G
>>>>> cache_dir aufs /var/cache/squid 40000 16 256
>>>>>
>>>>> cache_peer 212.89.128.96 parent 3128 0 no-query default
>>>>> never_direct allow all
>>>>>
>>>>> # use different logs
>>>>> cache_access_log /var/log/squid/access.log
>>>>> cache_log /var/log/squid/cache.log
>>>>> cache_store_log /var/log/squid/store.log
>>>>>
>>>>> # tweaks to speed things up
>>>>> cache_mem 200 MB
>>>>> maximum_object_size_in_memory 10240 KB
>>>>>
>>>>> # pid
>>>>> pid_filename /var/run/squid.pid
>>>>>
>>>>> # refresh pattern for debs and udebs
>>>>> refresh_pattern deb$ 129600 100% 129600
>>>>> refresh_pattern udeb$ 129600 100% 129600
>>>>> refresh_pattern tar.gz$ 129600 100% 129600
>>>>> refresh_pattern tar.xz$ 129600 100% 129600
>>>>> refresh_pattern tar.bz2$ 129600 100% 129600
>>>>>
>>>>> # always refresh Packages and Release files
>>>>> refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
>>>>> refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
>>>>> refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
>>>>> refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
>>>>>
>>>>> # handle meta-release and changelogs.ubuntu.com special
>>>>> # (fine to have this on debian too)
>>>>> refresh_pattern changelogs.ubuntu.com\/.* 0 1% 1
>>>>>
>>>>> # only allow connects to ports for http, https
>>>>> acl SSL_ports port 443 563
>>>>> acl Safe_ports port 80
>>>>> acl Safe_ports port 443 563
>>>>>
>>>>> # only allow ports we trust
>>>>> http_access deny !Safe_ports
>>>>>
>>>>> # do not allow to download from the pkg blacklist
>>>>> http_access deny blockedpkgs
>>>>>
>>>>> # allow access only to official archive mirrors
>>>>> # uncomment the third and fouth line to permit any unlisted domain
>>>>> http_access deny !to_archive_mirrors
>>>>>
>>>>> # allow access from our network and localhost
>>>>> http_access allow src_networks
>>>>>
>>>>> # And finally deny all other access to this proxy
>>>>> http_access deny all
>>>>>
>>>>> # don't cache domains not listed in the mirrors file
>>>>> # uncomment the third and fourth line to cache any unlisted domains
>>>>> cache deny no_cache
>>>>>
>>>>> # And finally cache everything else
>>>>> cache allow all
>>>>>
>>>>> url_rewrite_children 3 startup=0 idle=1 concurrency=1
>>>>> url_rewrite_program /usr/lib/squid/jesred
>>>>>
>>>>> debug_options ALL,3
>>>>>
>>>>> Thanks a lot.
>>>>>
>>>>> Regards,
>>>>> Christoph
>>>>> _______________________________________________
>>>>> squid-users mailing list
>>>>> squid-users at lists.squid-cache.org
>>>>> https://lists.squid-cache.org/listinfo/squid-users
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> https://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list