配置Squid遇到的问题和解决方法

chinaunixzcx

     这几天因公司需要研究了一下squid，要求squid支持ssl，主要遇到的问题在配置https_port上，下面是遇到的问题和解决办法，解决办法不一定适用于你的环境但是可以参考：），请大家给出宝贵意见。

1>发生了下列的错误：  
Invalid Request
无效的请求
Some aspect of the HTTP Request is invalid. Possible problems:
HTTP 请求的某些方面是无效的。可能是下列问题：

Missing or unknown request method
缺少请求方式或未知的请求方式
Missing URL
缺少网址
Missing HTTP Identifier (HTTP/1.0)
缺少 HTTP 标识（HTTP/1.0）
Request is too large
请求命令过长
Content-Length missing for POST or PUT requests
POST 或 PUT 请求缺少内容长度
Illegal character in hostname; underscores are not allowed
主机名称中包含不合法的字符；下划线是不允许的。

解答：在https_port 后加defaultsite=www.abc.com

2》443端口不listening
解答：证书不正确，请生成可以的证书

附加《1》：用下面命令可以生成测试用的证书：
openssl req -new -keyout key.pem -nodes -x509 -days 365 -out cert.pem

附加《2》：如果要生成一个证书请求用于申请正式证书请用下面两个命令：
(1)、生成私钥 openssl genrsa -out key.pem 1024
(2)、生成待签名证书 openssl req -new -out req.csr -key key.pem
然后将req.csr文件中的内容提交给证书颁发机构。

3》Unable to forward this request at this time
解答：
在配置中加下面一行
cache_peer
www.abc.com
  parent 80 0 no-query originserver


为了大家方便比较我贴出我的配置文件，供大家参考


http_port 80 transparent
https_port 443 defaultsite=www.abc.com cert=/usr/local/squid/zcxcert.pem key=/usr/local/squid/zcxkey.pem
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \? \.aspx \.ashx \.asmx
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 8192 KB
maximum_object_size_in_memory 32 KB
cache_dir ufs /usr/local/squid/var/cache 2048 16 256
#access_log /usr/local/squid/var/logs/access.log common
access_log none
cache_log /usr/local/squid/var/logs/cache.log
#cache_store_log /usr/local/squid/var/logs/store.log
cache_store_log none
emulate_httpd_log on
pid_filename /usr/local/squid/var/logs/squid.pid
hosts_file /etc/hosts
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl myip src 21.142.17.170 21.24.82.35
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl 252 dst 21.238.23.252
acl 251 dst 21.238.23.251
acl 233 dst 21.238.23.233
acl 237 dst 21.238.23.237
acl 234 dst 21.238.23.234
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager myip
http_access allow 252
http_access allow 251
http_access allow 233
http_access allow 237
http_access allow 234
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr
tech@abc.com
cache_effective_user nobody
cache_effective_group nobody
visible_hostname squid72
logfile_rotate 4
forwarded_for on
allow_underscore on
request_body_max_size 0 KB
coredump_dir /usr/local/squid/var/cache
cache_peer
www.abc.com
parent 80 0 no-query originserver



本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u1/46701/showart_381130.html