Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Getting Squid3 to not cache *.archive.ubuntu.com

  1. #1
    Join Date
    Sep 2006
    Beans
    7,461
    Distro
    Lubuntu Development Release

    Getting Squid3 to not cache *.archive.ubuntu.com

    What is the right way to get squid3 to pass some web sites straight through and not cache them? Specifically, I'd like security.ubuntu.com and everything in the *.archive.ubuntu.com domain to pass through without caching.

  2. #2
    Join Date
    Sep 2006
    Beans
    7,461
    Distro
    Lubuntu Development Release

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    This is my guess but it seems not to be passing the requests straight through to the remote servers:

    Code:
    acl ubuntu dstdomain security.ubuntu.com
    acl ubuntu dstdomain extras.ubuntu.com
    acl ubuntu dstdomain .archive.ubuntu.com
    always_direct allow ubuntu

  3. #3
    Join Date
    Nov 2006
    Location
    Belgium
    Beans
    3,010
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    google with 'squid exclude from caching' (w/o quotes) returns someblogs and forums were a similar question is answered
    eg http://aacable.wordpress.com/2012/01...-from-caching/
    http://forums.freebsd.org/showthread.php?t=1882

    or this : http://ubuntuforums.org/showthread.php?t=1409351

    you probably need a "no-cache" or "cache deny" acl statement,
    eg like so
    Code:
    acl no_cache_server1 dstdomain .domain.com
    no_cache deny no_cache_server1
    or
    Code:
    acl NO-CACHE-SITES dstdomain "/etc/squid/not-to-cache-sites.txt"
    no_cache deny NO-CACHE-SITES
    man squid or the squid.conf file probably explain more.

  4. #4
    Join Date
    Sep 2006
    Beans
    7,461
    Distro
    Lubuntu Development Release

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    I'm trying those, too, but apt still seems to slow down and stop a little ways in to 'apt-get update'

    Code:
    ...
    Hit http://fi.archive.ubuntu.com saucy-backports Release.gpg
    Ign http://fi.archive.ubuntu.com saucy Release
    Hit http://fi.archive.ubuntu.com saucy-updates Release
    45% [Waiting for headers]
    The squid log entries are like this:

    Code:
    1371829494.873  60507 xx.yy.zz.aa TCP_MISS/503 3874 GET http://fi.archive.ubuntu.com/ubuntu/dists/saucy-backports/Release - HIER_DIRECT/130.230.54.102 text/html
    1371829494.941     65 xx.yy.zz.aa TCP_MISS/404 503 GET http://fi.archive.ubuntu.com/ubuntu/dists/saucy/main/source/Sources.diff/Index - HIER_DIRECT/130.230.54.102 text/html
    Edit: Even after waiting about 15 minutes, 'apt-get update' has not completed.
    Last edited by Lars Noodén; June 21st, 2013 at 05:04 PM.

  5. #5
    Join Date
    Dec 2007
    Beans
    416

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    Looking at the squid log, you're getting 503 and 404 errors. That's probably why apt-get is taking so long. Try a different mirror as a possible solution.

  6. #6
    Join Date
    Sep 2006
    Beans
    7,461
    Distro
    Lubuntu Development Release

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    Yes, that's what I thought they meant, too. But if I set the packet filter to skip redirection for the ip numbers of the Ubuntu repositories, APT works just fine. It seems to be tangling with Squid somehow. I'd rather handle that via Squid and not have to keep a list of ip numbers for the filter.

  7. #7
    Join Date
    Nov 2006
    Location
    Belgium
    Beans
    3,010
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    Quote Originally Posted by Lars Noodén View Post
    I set the packet filter to skip redirection for the ip numbers of the Ubuntu repositories, APT works just fine.
    You're doing transparent proxy ?

  8. #8
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,908
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    If you have a transparent proxy, one alternative to consider is using iptables to route around Squid for specific remote IP addresses. I think a rule like this placed ahead of the REDIRECT to port 3128 might work:

    Code:
    /sbin/iptables -t nat -A PREROUTING -p tcp -d ip.of.archive.site --dport 80 -j ACCEPT
    I've used a similar rule, with "-s" rather than "-d", to exempt specific internal hosts from being pushed through the Squid cache.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  9. #9
    Join Date
    Sep 2006
    Beans
    7,461
    Distro
    Lubuntu Development Release

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    Yes, this is set as a transparent proxy. APT seeems to be getting some kind of trouble from proxied repositories so I'd like to make an exception for *.archive.ubuntu.com and security.ubuntu.com

  10. #10
    Join Date
    Nov 2006
    Location
    Belgium
    Beans
    3,010
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    So we could assume that something in apt is not happy with the combination of being redirected and proxied, causing your apt-get to hang...

    I've never setup or troubleshooted transparent proxies before so I don't know the finer points and I don't immediately see where the problem might be.
    If you want to get to the bottom of this you could perhaps do tcpdumps of a regular apt-get update, a plain proxied one , and a transparant proxied session and see how they differ.


    maybe workaround :
    assuming you redirect port 80 : configure apt to use a proxy so it will use port 3128 (avoiding the redirection), then bypass it in squid with always_direct or no_cache or so ? saves you the trouble of listing the archive IP addresses in your packet filter

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •