Date: Fri, 08 Mar 2013 14:34:31 -0600 From: dweimer <dweimer@dweimer.net> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: FreeBSD Squid 3.2 Reverse Proxy with HTTPS Message-ID: <76f3b5bb87262230095c8b3c322aecb7@dweimer.net>
next in thread | raw e-mail | index | archive | help
I am stuck in a kind of desperate situation, I have been managing several FreeBSD systems as forward proxy servers with Squid on them for 13 years, and a few with reverse proxies for around 4 years. But for the last few months, I have been struggling with HTTPS uploads failing on the reverse proxies. I have personally built and destroyed over 20 virtual machines, and spent countless hours on this. Every time duplicating the problem, no matter how basic I strip the process down, I have tried FreeBSD 8.3, 9.0, 9.1, with Squid 3.2.6, 3.2.7, 3.2.8, and a couple different versions of the Squid 3.1 port. Everything installs without errors, services all start, pages load all looks great, until you try to do a POST on HTTPS. I thought at first it was just when the size was over a certain amount, but that turned out to be a wrong assumption. I have a test scenario that can duplicate the problem with exact same results every time. In the end my test is just simple HTML form that submits a file to a PHP script that saves it. I have a directory of 7 .png image files that are screenshots from some documentation I wrote for our PC support desk. 3 of the files upload successfully, and 4 of them fail. Its the same 3 and 4 every time, I can't find any thing in common between that ones that succeed and fail. They will all work if you use http going to the same exact HTML form and PHP script. If I remove Squid and go directly to the Apache process using HTTPS all files upload fine. After a lot of debugging, and painstakingly reading very long Squid debugging logs. I found out that Squid appears to continue waiting for the end of the file after the client browser has stopped sending data, for almost 5 minutes, before just returning complete, and not actually submitting the file to the Apache process. If you actually stop the browser while its sitting there waiting for a response, the file gets submitted to Apache process and saves successfully. I have a couple existing production servers that are running 9.0, with Squid 3.1.21, that are working, but I am in desperate need of updating them to meet requirements. I have posted several messages to the Squid mailing list, received some initial suggestions that didn't get anywhere, but I haven't been able to get any more help. I am hoping to find someone else out there that is running FreeBSD with Squid in a Reverse proxy setup with HTTPS that has not ran into this issue and is willing to share configurations with me, so I can possibly find out what's wrong with my setup. Or if you have also ran into this issue, perhaps we can share notes and possibly find something to will make it possible to file a bug report somewhere. Even though I can reproduce this without fail none of my debugging output actually gives an error, it just doesn't behave correctly. -- Thanks, Dean E. Weimer http://www.dweimer.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?76f3b5bb87262230095c8b3c322aecb7>