|
Hello, everyone.
I'm trying to set up a load balanced cluster of *normal* squid proxy
servers (neither reverse, nor transparent). Balancing is done by ipvs
controlled by ldirectord, ipip tunneling is used.
Most of pages load normally, but some (ex. gmail login,
serverfault.com login with OpenID, several other sides with redirects)
experience problems. When I try (for example) to log in to gmail, I
enter login & password and after a while get just a blank page. At the
same time, many sites, that use 301-redirects work OK (for example
"http://yandex.ru"; redirects to "http://www.yandex.ru"; using
301-redirect). When working through any of the cluster nodes directly,
no problems appear, so the issue is not in Squid itself.
Added later: It seems, the problem is floating. Sometimes it doesn't
allow log in, sometimes, log out, sometimes even doesn't load login
page. I'm stuck...
Suggestion that the problem is with balancing requests sent to
different servers during login was incorrect. According to Squid' s
access.log, all requests go to one server, leaving only one squid
server in ipvs in the configuration doesn't solve the problem either.
So, the question is what is wrong in my configuration? Any ideas on
additional methods of troubleshooting? Could anyone send me a working
configuration (and software versions) of cluster of similar type?
Currently I'm using squid v. 3.1.7 (built from sources), kernel
2.6.32-xen (SLES 11 SP1 distro), ipvsadm 1.2.1 (built from sources),
ldirectord v. 1.0.3 (also from sources). I also tried squid 2.7, gmail
login worked, but Gtalk chat was not available.
Here are some configs:
======= ldirectord.cf =======
ldirectord.cf:
# Global Directives
checktimeout=5
checkinterval=5
autoreload=no
logfile="/var/log/ldirectord.log"
quiescent=no
cleanstop=yes
# Virtual Server for HTTP_PROXY
virtual=10.128.0.109:8080
fallback=127.0.0.1:80
real=10.128.1.43:8080 ipip 200
real=10.128.0.106:8080 ipip 300
service=http_proxy
request="http://www.google.com/index.html";
receive="Google Search"
scheduler=sh
# persistent=60
protocol=tcp
checktype=negotiate
======= EOF ldirectord.cf =======
======= squid.conf =======
http_port 10.128.0.106:8080 # "real" IP of the node
http_port 10.128.0.109:8080 # "Virtual" IP of the cluster on tunl0 interface
http_port 127.0.0.1:8080
cache_mem 300 MB
cache_dir ufs /opt/squid/var/cache 500 16 256
cache_effective_user squid
cache_effective_group squid
visible_hostname AQUA-node
cachemgr_passwd SquidCM all
access_log /opt/squid/var/logs/access.log
logfile_rotate 5
# ICQ connect (experimental)
acl ICQ_ADDR dst 64.12.0.0/16 205.188.0.0/16
acl ICQ_PORT port 5190 443
acl CONNECT method CONNECT
acl ICQ_PROTO proto HTTPS
acl ICQ_DOMAIN dstdomain .icq.com .aol.com .aim.com
always_direct allow ICQ_DOMAIN ICQ_PORT CONNECT
always_direct allow ICQ_ADDR ICQ_PORT CONNECT
acl allnet_temp src 10.0.0.0/8
http_access allow allnet_temp
http_access deny all
======= EOF squid.conf =======
Example:
(loged in gmail, closing tab, changing proxy sennings in browser,
opening gmail.com in new tab)
(Url in browser:
"https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=
<and so on>")
======= access.log =======
1286531980.273 228 10.0.0.232 TCP_MISS/302 1069 GET
http://mail.google.com/mail/ - DIRECT/74.125.79.83 text/html
1286531990.392 10101 10.0.0.232 TCP_MISS/200 133 CONNECT
www.google.com:443 - DIRECT/74.125.87.104 -
======= EOF access.log =======
Another example:
(loged out from gmail, cleared cache&cookies, switched proxy in
browser, loged in gmail normally (chat not working), couldn' logout
("Please, wait" on screen), closed tab, trying to access gmail again,
blank page)
======= access.log =======
1286532375.042 108 10.0.0.232 TCP_MISS/302 1069 GET
http://mail.google.com/mail/ - DIRECT/74.125.79.19 text/html
======= EOF access.log =======
If any additional information is needed, just let me know.
P.S. Sorry for such a long letter.
--
HUB
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
