Ich verwende dieselbe Konfiguration für Squid 5.6, die auf einem Hostcomputer und in Docker ausgeführt wird. Wenn ich es auf dem Host (Ubuntu 22.10) ausführe, funktioniert es einwandfrei, aber wenn ich es vom ubuntu/squidImage aus ausführe, erhalte ich den Fehler 502 Bad Gateway.
Squid-Konfiguration:
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*.conf
http_access allow localhost
#http_access deny all
http_access allow all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern . 0 20% 4320
http_upgrade_request_protocols OTHER allow all
debug_options ALL,1 11,3 31,3 65,3
So führe ich es über Docker aus:
docker run -v /etc/squid/squid.conf:/etc/squid/squid.conf -p 3128:3128 ubuntu/squid
Protokolle beim Ausführen von Squid auf dem Hostcomputer (funktioniert einwandfrei):
2022/11/23 13:13:56.878 kid1| 11,2| client_side.cc(1357) parseHttpRequest: HTTP Client conn7 local=x.x.x.x:3128 remote=y.y.y.y:56636 FD 11 flags=1
2022/11/23 13:13:56.891 kid1| 11,2| client_side.cc(1358) parseHttpRequest: HTTP Client REQUEST:
---------
GET https://example.com/socket.io/?EIO=3&transport=polling&t=OIadwKA&b64=1 HTTP/1.1
user-agent: node-XMLHttpRequest
accept: */*
Host: example.com:443
connection: close
----------
2022/11/23 13:13:57.233 kid1| 11,3| http.cc(2498) httpStart: GET https://example.com/socket.io/?EIO=3&transport=polling&t=OIadwKA&b64=1
2022/11/23 13:13:57.234 kid1| 11,2| http.cc(2454) sendRequest: HTTP Server conn10 local=x.x.x.x:47078 remote=z.z.z.z:443 HIER_DIRECT FD 13 flags=1
2022/11/23 13:13:57.234 kid1| 11,2| http.cc(2455) sendRequest: HTTP Server REQUEST:
---------
GET /socket.io/?EIO=3&transport=polling&t=OIadwKA&b64=1 HTTP/1.1
User-Agent: node-XMLHttpRequest
Accept: */*
Host: example.com
Via: 1.1 squid-new (squid/5.6)
X-Forwarded-For: y.y.y.y
Cache-Control: max-age=0
Connection: keep-alive
----------
2022/11/23 13:13:57.390 kid1| ctx: enter level 0: 'https://example.com/socket.io/?EIO=3&transport=polling&t=OIadwKA&b64=1'
2022/11/23 13:13:57.390 kid1| 11,3| http.cc(666) processReplyHeader: processReplyHeader: key '0100000000000000FFB9000001000000'
2022/11/23 13:13:57.390 kid1| 11,2| http.cc(720) processReplyHeader: HTTP Server conn10 local=x.x.x.x:47078 remote=z.z.z.z:443 HIER_DIRECT FD 13 flags=1
2022/11/23 13:13:57.391 kid1| 11,2| http.cc(721) processReplyHeader: HTTP Server RESPONSE:
---------
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 13:13:57 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 100
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: io=TXpnzoBUkck9fUgiAAGO; Path=/; HttpOnly
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Strict-Transport-Security: max-age=63072000
Protokolliert, wenn ich es im Docker ausführe (502-Gateway):
1669209346.964 475 y.y.y.y TCP_MISS/502 4012 GET https://example.com/socket.io/? - HIER_DIRECT/z.z.z.z text/html
2022/11/23 13:15:46.488| 11,2| client_side.cc(1357) parseHttpRequest: HTTP Client conn6 local=172.17.0.2:31288 remote=y.y.y.y:56834 FD 10 flags=1
2022/11/23 13:15:46.488| 11,2| client_side.cc(1358) parseHttpRequest: HTTP Client REQUEST:
---------
GET https://example.com/socket.io/?EIO=3&transport=polling&t=OIaeL57&b64=1 HTTP/1.1
user-agent: node-XMLHttpRequest
accept: */*
Host: example.com:443
connection: close
----------
2022/11/23 13:15:46.809| 11,3| http.cc(2498) httpStart: GET https://example.com/socket.io/?EIO=3&transport=polling&t=OIaeL57&b64=1
2022/11/23 13:15:46.810| 11,2| http.cc(2454) sendRequest: HTTP Server conn9 local=172.17.0.2:45890 remote=z.z.z.z:443 HIER_DIRECT FD 12 flags=1
2022/11/23 13:15:46.810| 11,2| http.cc(2455) sendRequest: HTTP Server REQUEST:
---------
GET /socket.io/?EIO=3&transport=polling&t=OIaeL57&b64=1 HTTP/1.1
User-Agent: node-XMLHttpRequest
Accept: */*
Host: example.com
Via: 1.1 d6850669e571 (squid/5.6)
X-Forwarded-For: y.y.y.y
Cache-Control: max-age=0
Connection: keep-alive
----------
2022/11/23 13:15:46.963| 11,2| http.cc(1291) readReply: conn9 local=172.17.0.2:45890 remote=z.z.z.z:443 HIER_DIRECT FD 12 flags=1: read failure: (0) No error.
2022/11/23 13:15:46.963| 11,2| Stream.cc(279) sendStartOfMessage: HTTP Client conn6 local=172.17.0.2:31288 remote=y.y.y.y:56834 FD 10 flags=1
2022/11/23 13:15:46.963| 11,2| Stream.cc(280) sendStartOfMessage: HTTP Client REPLY:
---------
HTTP/1.1 502 Bad Gateway
Server: squid/5.6
Mime-Version: 1.0
Date: Wed, 23 Nov 2022 13:15:46 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3637
X-Squid-Error: ERR_READ_ERROR 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from d6850669e571
X-Cache-Lookup: MISS from d6850669e571:31288
Via: 1.1 d6850669e571 (squid/5.6)
Connection: close
Antwort1
Das Problem scheint beim Ubuntu/Squid-Image zu liegen, nicht beim Docker im Allgemeinen. Das Image ist derzeit als Beta oder Edge gekennzeichnet, nicht stabil. Ich habe ein Alpine-basiertes Squid-Image erstellt und damit ist mein Problem gelöst.