X squid error err dns fail 0 - Исправление ошибок и поиск оптимальных решений проблем

Sure.

The program kind of relies on squid running that responds with a 503 and returns an X-Squid-Error header.

The squid.conf is:

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8

acl SSL_ports port 443
acl SSL_ports port 2443
acl SSL_ports port 5222
acl SSL_ports port 8243
acl SSL_ports port 8280
acl SSL_ports port 9443
acl SSL_ports port 9445
acl SSL_ports port 9763
acl SSL_ports port 22
acl SSL_ports port 25
acl SSL_ports port 4120
acl SSL_ports port 4119
acl SSL_ports port 4122
acl Safe_ports port 4120
acl Safe_ports port 4119
acl Safe_ports port 4122
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 22
acl Safe_ports port 25
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|?) 0     0%      0
refresh_pattern .               0       20%     4320

To force DNS for squid to fail, I run: iptables -A OUTPUT -m owner --uid-owner squid -p udp --dport 53 -j DROP
Now the following go program runs a webserver on port 33128 which will serve a 200 response if it didn’t detect a 503/X-Squid-Error response, otherwise it will serve a 500 response with a diagnostic.

main.go:

package main

import (
	"flag"
	"fmt"
	"log"
	"net/http"
)

var listenPort = flag.Int("listen_port", 33128, "health check webserver listen port")

var healthCheckURL = flag.String("health_check_url", "http://www.google.com", "URL to perform health check on")

func main() {
	flag.Parse()

	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("Content-Type", "text/plain; charset=utf-8")

		resp, err := http.Get(*healthCheckURL)

		if err != nil {
			log.Printf("error: %v", err)
			w.WriteHeader(http.StatusInternalServerError)
			w.Write([]byte(fmt.Sprintf("error: %vn", err)))
			return
		}

		if resp.StatusCode == 503 {
			resp.Body.Close()

			squidErr := resp.Header.Get("X-Squid-Error")

			if squidErr != "" {
				log.Printf("squid failure error detected, X-Squid-Error: %s", squidErr)
				w.WriteHeader(http.StatusInternalServerError)
				w.Write([]byte(fmt.Sprintf("error detected: X-Squid-Error: %sn", squidErr)))
				return
			}
		}

		w.WriteHeader(http.StatusOK)
		w.Write([]byte("Everying OK - did not detect any squid errorsn"))
	})

	log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *listenPort), nil))
}

To run: http_proxy=http://127.0.0.1:3128 https_proxy=http://127.0.0.1:3128 go run main.go -health_check_url https://www.google.com

(change the https above to http to observe the different behaviours, whereby https will return a error on the GET and http will return a proper response)

With http://www.google.com:

# curl -v http://127.0.0.1:33128
* About to connect() to 127.0.0.1 port 33128 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 33128 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1:33128
> Accept: */*
> 
< HTTP/1.1 500 Internal Server Error
< Content-Type: text/plain; charset=utf-8
< Date: Mon, 04 Mar 2019 05:54:11 GMT
< Content-Length: 46
< 
error detected: X-Squid-Error: ERR_DNS_FAIL 0
* Connection #0 to host 127.0.0.1 left intact

With https://www.google.com:

# curl -v http://127.0.0.1:33128
* About to connect() to 127.0.0.1 port 33128 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 33128 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1:33128
> Accept: */*
> 
< HTTP/1.1 500 Internal Server Error
< Content-Type: text/plain; charset=utf-8
< Date: Mon, 04 Mar 2019 05:54:43 GMT
< Content-Length: 55
< 
error: Get https://www.google.com: Service Unavailable
* Connection #0 to host 127.0.0.1 left intact

And with https://www.google.com/ bypassing the healthcheck and using the proxy directly:

# https_proxy=http://127.0.0.1:3128/ http_proxy=http://127.0.0.1:3128/ curl -k -v https://www.google.com
* About to connect() to proxy 127.0.0.1 port 3128 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 503 Service Unavailable
< Server: squid/3.5.20
< Mime-Version: 1.0
< Date: Mon, 04 Mar 2019 05:56:07 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 3725
< X-Squid-Error: ERR_DNS_FAIL 0
< Vary: Accept-Language
< Content-Language: en
< 
* Received HTTP code 503 from proxy after CONNECT
* Connection #0 to host 127.0.0.1 left intact
curl: (56) Received HTTP code 503 from proxy after CONNECT

Источник

I developed a website and it loads in every other system but certainly not in mine … WHen i used firebug my request show 503 Service Unavailable

EDIT:

My response was,

Server squid/2.6.STABLE21
Date Sat, 27 Mar 2010 12:25:18 GMT
Content-Type text/html
Content-Length 1163
Expires Sat, 27 Mar 2010 12:25:18 GMT
X-Squid-Error ERR_DNS_FAIL 0
X-Cache MISS from xavy
X-Cache-Lookup MISS from xavy:3128
Via 1.0 xavy:3128 (squid/2.6.STABLE21)
Proxy-Connection close

quack quixote

41.7k14 gold badges104 silver badges130 bronze badges

asked Mar 27, 2010 at 12:28

Perhaps you have weird proxy settings. 503 usually signifies a temporary outage and has more possible causes than you can poke a stick at.

If it’s just your machine that’s failing, then maybe something is misconfigured in your browser, or your browser is the only one pointing to a misconfigured proxy. The squid warnings are a tell-tale. Are you running the browser on the same box as the proxy? That often causes problems due to squid’s default ACLs.

answered Mar 27, 2010 at 12:30

Marcelo CantosMarcelo Cantos

1,5012 gold badges12 silver badges16 bronze badges

It’s hard to tell from the message what the reason is. It could be that you are behind a proxy that is unable to connect to your web site (in that case, you may see the name of a proxy application somewhere on the page); or it could be that your web site somehow can’t be served to you, for whatever reason.

If it really is a server error and not a Proxy error, you would have to consult your server’s error log files to find out the reason for the problem. You will usually find a detailed explanation of the problem there.

If you’re on shared hosting, and the problem is definitely with the site, this is a case for your provider’s technical support staff.

answered Mar 27, 2010 at 12:30

PekkaPekka

2,3996 gold badges35 silver badges57 bronze badges

If this is a site hosted in IIS, you should check the Windows Application event log. You’ll find details why your web app is crashing.

answered Mar 27, 2010 at 12:30

Are the other machines on the same LAN or are they coming in from the internet

X-Squid-Error ERR_DNS_FAIL 0

That implies that there is a DNS faliure on the part of squid. what address are you using?

Reading this im a little confused as to your setup, is the squid server yours? is it running as a forward or reverse server? Is the squid box on the same LAN as your Computer?

answered Apr 20, 2010 at 14:18

ArcathArcath

4897 silver badges17 bronze badges

I had the same (in tortoisesvn), and it was definitely after I setup the proxy to access a repos. on the web, and forgot to add exceptions for internal websites:

Add exceptions for in House servers !

answered Mar 8, 2013 at 9:48

Источник

Форум русскоязычного сообщества Ubuntu »
Архив »
Архив »
Архив тем до 2018г »
странная работа nginx+apache2

Печать

Страницы: [1] Вниз

Тема: странная работа nginx+apache2 (Прочитано 309 раз)

0 Пользователей и 1 Гость просматривают эту тему.

ubumax

Всем привет!
Появилась такая странность. Сайты работаю в связке nginx+apache.
Если проверять кто отвечает, то получается следующее:
curl -I http://test.loc
HTTP/1.0 200 OK
Server: nginx/1.6.2 <—————- ок.

curl -I http://test.loc:8000
HTTP/1.0 503 Service Unavailable
Server: squid/3.1.15 <—————-раньше отвечал apache2
Mime-Version: 1.0
Date: Fri, 05 Aug 2016 14:02:57 GMT
Content-Type: text/html
Content-Length: 3229
X-Squid-Error: ERR_CONNECT_FAIL 111 <——————ошибок небыло раньше
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from AQUA-node
Via: 1.0 AQUA-node (squid/3.1.15)
Connection: close

если обращаться к другим вирт.хостам,то curl -I http://other.loc
HTTP/1.0 503 Service Unavailable
Server: squid/3.1.15 <—————-здесь должен быть nginx
Mime-Version: 1.0
Date: Fri, 05 Aug 2016 14:09:48 GMT
Content-Type: text/html
Content-Length: 3387
X-Squid-Error: ERR_DNS_FAIL 0 <——————другая ошибка
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from AQUA-node
Via: 1.0 AQUA-node (squid/3.1.15)
Connection: close

при этом все работает.
что может быть не так?
изначально ставил lamp,openssh. squid не ставил.

ТС не появлялся на Форуме более полугода по состоянию на 14/07/2019 (последняя явка: 25/10/2016). Модератором раздела принято решение закрыть тему.
—zg_nico

« Последнее редактирование: 14 Июля 2019, 01:32:16 от zg_nico »

Печать

Страницы: [1] Вверх

Форум русскоязычного сообщества Ubuntu »
Архив »
Архив »
Архив тем до 2018г »
странная работа nginx+apache2

SMF 2.0.19 |
SMF © 2011, Simple Machines | Карта форума

Страница сгенерирована за 0.117 секунд. Запросов: 23.

Источник

[SRU justification]
In some race situation, squid-deb-proxy is unable to operate and needs to be restarted.

[Impact]
Requires manual intervention from system administrator to function correctly.

[Fix]
Change the «start on» upstart statement to match the one used by squid3

[Test Case]
See Original description.

[Regression]
None expected as the same statement is already in use in the squid3 package and in the upstream debian package.

[ORiginal description of the problem]

In some specific context that I currently cannot identify (i.e. happens everytime on my server but never in VMs), after a reboot, squid-deb-proxy fails to resolve DNS entries for URL that it needs to service. The problem seems systematic on the hardware that I have.

Release : Trusty (squid-deb-proxy_0.8.6)

Test :
1) Reboot squid-deb-proxy server
2) From some client, issue :
$ telnet {squid-deb-proxy-server} 8000
GET http://fr.archive.ubuntu.com/ubuntu/dists/wily/InRelease
Trying 192.168.1.11…
Connected to avogadro.
Escape character is ‘^]’.
HTTP/1.1 503 Service Unavailable
Server: squid/3.3.8
Mime-Version: 1.0
Date: Tue, 19 May 2015 14:21:51 GMT
Content-Type: text/html
Content-Length: 3287
X-Squid-Error: ERR_DNS_FAIL 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from squid-deb-proxy
X-Cache-Lookup: MISS from squid-deb-proxy:8000
Via: 1.1 squid-deb-proxy (squid/3.3.8)
Connection: close
<!DOCTYPE html PUBLIC «-//W3C//DTD HTML 4.01//EN» «http://www.w3.org/TR/html4/strict.dtd»>
<html><head>
<meta http-equiv=»Content-Type» content=»text/html; charset=utf-8″>
<title>ERROR: The requested URL could not be retrieved</title>
<style type=»text/css»><!—
/*
Stylesheet for Squid Error pages
Adapted from design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
*/
…
<div id=»content»>
The following error was encountered while trying to retrieve the URL: <a href=»http://fr.archive.ubuntu.com/ubuntu/dists/wily/InRelease»>http://fr.archive.ubuntu.com/ubuntu/dists/wily/InRelease</a>

<blockquote id=»error»>
Unable to determine IP address from host name <q>fr.archive.ubuntu.com</q>
</blockquote>

The DNS server returned:
<blockquote id=»data»>
<pre>No DNS records</pre>
</blockquote>

This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.

Your cache administrator is <a href=»mailto:webmaster?subject=CacheErrorInfo%20-%20ERR_DNS_FAIL&body=CacheHost%3A%20squid-deb-proxy%0D%0AErrPage%3A%20ERR_DNS_FAIL%0D%0AErr%3A%20%5Bnone%5D%0D%0ADNS%20ErrMsg%3A%20No%20DNS%20records%0D%0ATimeStamp%3A%20Tue,%2019%20May%202015%2014%3A21%3A51%20GMT%0D%0A%0D%0AClientIP%3A%20192.168.1.10%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2Fubuntu%2Fdists%2Fwily%2FInRelease%20HTTP%2F0.9%0A%0D%0A%0D%0A»>webmaster</a>.

Restarting the squid-deb-proxy service fixes the problem

Источник

Я использую локальный http-сервер и локальный экземпляр Squid. Локальный http-клиент открывает сокет, соединяющийся с экземпляром squid, который, кажется, работает. Затем я пытаюсь подключиться к локальному http-серверу, выполнив следующий http-запрос:

CONNECT localhost:80 HTTP/1.1rn

Что дает заголовки ответа

Content-Language   en
Content-Length   3612
Content-Type   text/html;charset=utf-8
Date   Thu, 21 Jun 2018 17:28:10 GMT
Mime-Version   1.0
Server   squid/3.5.27
Vary   Accept-Language
X-Squid-Error   ERR_DNS_FAIL 0

Со статусом 503. Я также пробовал подключиться к 127.0.0.1, что дает такой ответ:

Content-Language   en
Content-Length   3433
Content-Type   text/html;charset=utf-8
Date   Thu, 21 Jun 2018 17:35:16 GMT
Mime-Version   1.0
Server   squid/3.5.27
Vary   Accept-Language
X-Squid-Error   ERR_CONNECT_FAIL 111

Мой squid.conf выглядит так:

http_port 3128
coredump_dir /var/spool/squid

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 1025-65535  # unregistered ports
acl CONNECT method CONNECT

acl any_host src all
acl all_dst dst all

http_access allow any_host
http_access allow all_dst

Есть ли другой способ сообщить squid о подключении к localhost?

2 ответа

Лучший ответ

Каким-то образом squid пытался преобразовать localhost в 127.0.0.1, что привело к сбою соединения. Однако указание [::1] вместо localhost работает должным образом.

user2361925
22 Июн 2018 в 12:30

Я обнаружил, что то, что не удалось, решает localhost на [::1], а не на 127.0.0.1.

Чтобы обойти /etc/hosts/, просто добавьте следующее в /etc/squid/hosts:

127.0.0.1 localhost

Затем hosts_file /etc/squid/hosts в вашем squid.conf.

Конечно, файл можно положить куда угодно.

tehmoon
1 Фев 2019 в 19:55

Источник

<img decoding="async" onError="javascript: wp_broken_images = window.wp_broken_images || function(){}; wp_broken_images(this);" src="https://forum.ubuntu.ru/Themes/ubuntu-portal/images/png/useroff.png" alt="Оффлайн" /> ubumax

2 ответа

Читайте также:

ubumax