Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Getting Squid3 to not cache *.archive.ubuntu.com

  1. #11
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    9,810
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    I never use the *.archive.ubuntu.com hosts. The US ones are routinely slower than mirrors. I usually pick either a local university from the mirror list or a high-bandwidth site like mirrors.xx.kernel.org and use that instead. Taking that approach limits the number of IP address for which you'd need to write a rule. For instance, mirrors.us.kernel.org resolves to just two IPs, 149.20.20.135 and 149.20.4.71.

    For security.ubuntu.com, I get these IPv4 addresses:

    Code:
    $ host security.ubuntu.com
    security.ubuntu.com has address 91.189.92.201
    security.ubuntu.com has address 91.189.92.202
    security.ubuntu.com has address 91.189.91.13
    security.ubuntu.com has address 91.189.91.14
    security.ubuntu.com has address 91.189.91.15
    security.ubuntu.com has address 91.189.92.181
    security.ubuntu.com has address 91.189.92.184
    security.ubuntu.com has address 91.189.92.190
    Rather than writing separate rules for each host, I'd just route 91.189.91.0/24 and 91.189.92.0/24 around the Squid proxy using the method I described above.
    Last edited by SeijiSensei; June 23rd, 2013 at 02:57 PM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  2. #12
    Join Date
    Sep 2006
    Beans
    8,032
    Distro
    Ubuntu 14.04 Trusty Tahr

    squid.conf

    Here are the three ways I am trying within squid. Maybe I have made a mistake with them because even with these rules APT is still hitting the cache.

    Code:
    acl ubuntu dstdomain security.ubuntu.com
    acl ubuntu dstdomain extras.ubuntu.com
    acl ubuntu dstdomain fi.archive.ubuntu.com
    always_direct allow ubuntu
    cache deny ubuntu
    
    acl straight_through dstdomain security.ubuntu.com
    acl straight_through dstdomain extras.ubuntu.com
    acl straight_through dstdomain fi.archive.ubuntu.com
    cache deny straight_through
    
    acl NO-CACHE-SITES dstdomain "/etc/squid/not-to-cache-sites.txt"
    cache deny NO-CACHE-SITES
    '/etc/squid/not-to-cache-sites.txt' contains the above domains.

    extras and security don't seem to have as much trouble with proxying as *.archive.ubuntu.com does. Have I written it correctly?
    The Truth Shall Make Ye Fret.

  3. #13
    Join Date
    Nov 2006
    Location
    Belgium
    Beans
    3,023
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: squid.conf

    Quote Originally Posted by Lars Noodén View Post
    Here are the three ways I am trying within squid. Maybe I have made a mistake with them because even with these rules APT is still hitting the cache.

    Code:
    acl NO-CACHE-SITES dstdomain "/etc/squid/not-to-cache-sites.txt"
    cache deny NO-CACHE-SITES
    '/etc/squid/not-to-cache-sites.txt' contains the above domains.

    extras and security don't seem to have as much trouble with proxying as *.archive.ubuntu.com does. Have I written it correctly?
    I don't see '*.archive.ubuntu.com' in your post. In any case, squid doesn't require a wildcard * ; '.archive.ubuntu.com' matches all hosts aans subdomains in the given domain (note the leading dot)

    You should also distinguish between proxy and cache : I don't think you can bypass the proxy since your iptables will redirect the traffic towards it. The only thing you control is how squid handles the requests


    Other idea :
    While aimlesly wandering around, i came across this :

    Code:
    disable-pmtu-discovery=
    			Control Path-MTU discovery usage:
    			    off		lets OS decide on what to do (default).
    			    transparent	disable PMTU discovery when transparent
    					support is enabled.
    			    always	disable always PMTU discovery.
    
    			In many setups of transparently intercepting proxies
    			Path-MTU discovery can not work on traffic towards the
    			clients. This is the case when the intercepting device
    			does not fully track connections and fails to forward
    			ICMP must fragment messages to the cache server. If you
    			have such setup and experience that certain clients
    			sporadically hang or never complete requests set
    			disable-pmtu-discovery option to 'transparent'.
    it's an option to "port",
    http://www.squid-cache.org/Versions/...http_port.html

    assuming apt or the linux tcp/ip stack tries to do download optimizations wrt MTU discovery or something along those lines, a proxy interfering with MTU discovery (and the client being unaware of this situation because of the transparent redirect) might be what"s causing apt-get to hang. Meybe it's worth a shot.

  4. #14
    Join Date
    Sep 2006
    Beans
    8,032
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    I've restore the domain to .archive.ubuntu.com

    disable-pmtu-discovery sounds like it has potential. Would the syntax for the option be like this?

    http_port 127.0.0.1:3128 intercept disable-pmtu-discovery=transparent
    The Truth Shall Make Ye Fret.

  5. #15
    Join Date
    Nov 2006
    Location
    Belgium
    Beans
    3,023
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    Quote Originally Posted by Lars Noodén View Post
    Would the syntax for the option be like this?

    http_port 127.0.0.1:3128 intercept disable-pmtu-discovery=transparent
    that's also what i understood from that manual.
    check what version of squid you're using too, apparently a lot is new in squid3; i don't know what the current version in Ubuntu is.

  6. #16
    Join Date
    Sep 2006
    Beans
    8,032
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Getting Squid3 to not cache *.archive.ubuntu.com

    Only the client is Lubuntu. Squid is ver 3.2.11 on OpenBSD 5.3-stable.

    I have another client running Debian Wheezy and it also doesn't like running APT through Squid. Both it and Lubuntu get stuck during 'apt-get update'
    The Truth Shall Make Ye Fret.

Page 2 of 2 FirstFirst 12

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •