From: waryhint <waryhint@gmail.com> To: sysadmins@lists.altlinux.org Subject: [Sysadmins] Squid и Apache не работают Date: Fri, 02 Nov 2012 15:59:44 +0300 Message-ID: <op.wm5ctafr3gk07y@mb1> (raw) Добрый день! Подскажите пожалуйста что неправильно делаю? Есть точка доступа на которой подняты dns (bind), прокси (squid), samba, и веб сервер (apache). Сетевая карта имеет два адреса 192.168.1.2 и 192.168.2.1, первым смотрит на модем, вторим в локальную сеть. Столкнулся с проблемой в работе Apache. Сервер очень долго обрабатывает запросы, подозреваю что с этим связан прокси Squid. Когда пускаю Интернет мимо Squid (в nat убираю строку iptables -I PREROUTING -t nat -s 192.168.2.0/24 -p tcp --dport 80 -j DNAT --to 192.168.2.1:3128 \) Apache начинает нормально работать… Подскажите пожалуста, что нужно убрать или поменять в squid.conf что б сервер нормально работал? Вот мой конфиг: visible_hostname BRDA acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 acl localnet src 192.168.2.0/24 acl Safe_ports port 901 # SWAT acl Safe_ports port 488 # GSS-HTTP acl Safe_ports port 777 # Multilingual HTTP acl Safe_ports port 70 # GOPHER acl Safe_ports port 443 # HTTPS acl Safe_ports port 631 # CUPS acl SSL_ports port 8080 # Alterator acl Safe_ports port 1025-65535 # Other ports acl Safe_ports port 873 # RSYNC acl Safe_ports port 591 # Filemaker acl Safe_ports port 280 # HTTP-MGMT acl SSL_ports port 443 # HTTPS (C) acl Safe_ports port 80 # HTTP acl SSL_ports port 563 # SNEWS (C) acl SSL_ports port 5222-5223 # Jabber acl Safe_ports port 210 # WAIS acl Safe_ports port 21 # FTP acl Safe_ports port 563 # SNEWS acl SSL_ports port 873 # RSYNC (C) http_access allow manager localhost http_access deny manager http_access deny !Safe_ports acl CONNECT method CONNECT http_access deny CONNECT !SSL_ports acl mb2 src 192.168.2.107 http_access allow mb2 acl mb1 src 192.168.2.5 http_access allow mb1 acl anya src 192.168.2.27 http_access allow anya acl maks src 192.168.2.17 http_access allow maks acl urvd1 src 192.168.2.25 http_access allow urvd1 acl golova src 192.168.2.30 http_access allow golova #доступ для OTHER-NET-USER acl othernetuser src 192.168.2.2-192.168.2.30 acl sblock dstdomain "/etc/squid/block.acl" # Определяем ACL флэш контента acl media rep_mime_type video/flv video/x-flv acl mediapr urlpath_regex \.flv(\?.*)?$ acl media rep_mime_type application/x-shockwave-flash acl mediapr urlpath_regex \.swf(\?.*)?$ # Закрываем доступ к Flash http_access deny mediapr http_reply_access deny media http_access deny othernetuser sblock http_access allow othernetuser http_port 3128 transparent hierarchy_stoplist cgi-bin ? cache_dir ufs /var/spool/squid 2048 16 256 maximum_object_size 65536 KB access_log /var/log/squid/access.log squid cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log debug_options ALL,1 acl QUERY urlpath_regex cgi-bin \? cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache retry_on_error on coredump_dir /var/spool/squid
next reply other threads:[~2012-11-02 12:59 UTC|newest] Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-11-02 12:59 waryhint [this message] 2012-11-03 15:47 ` Michael Shigorin 2012-11-14 12:05 ` Pavel
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=op.wm5ctafr3gk07y@mb1 \ --to=waryhint@gmail.com \ --cc=sysadmins@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux sysadmins discussion This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \ sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com public-inbox-index sysadmins Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.sysadmins AGPL code for this site: git clone https://public-inbox.org/public-inbox.git