我对在主机和 docker 上运行的 squid 5.6 使用相同的配置。当我在主机(Ubuntu 22.10)上运行它时,它工作正常,但当我从ubuntu/squid
映像运行它时,我收到 502 错误网关错误。
鱿鱼配置:
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*.conf
http_access allow localhost
#http_access deny all
http_access allow all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern . 0 20% 4320
http_upgrade_request_protocols OTHER allow all
debug_options ALL,1 11,3 31,3 65,3
以下是我通过 docker 运行它的方法:
docker run -v /etc/squid/squid.conf:/etc/squid/squid.conf -p 3128:3128 ubuntu/squid
在主机上运行 squid 时的日志(工作正常):
2022/11/23 13:13:56.878 kid1| 11,2| client_side.cc(1357) parseHttpRequest: HTTP Client conn7 local=x.x.x.x:3128 remote=y.y.y.y:56636 FD 11 flags=1
2022/11/23 13:13:56.891 kid1| 11,2| client_side.cc(1358) parseHttpRequest: HTTP Client REQUEST:
---------
GET https://example.com/socket.io/?EIO=3&transport=polling&t=OIadwKA&b64=1 HTTP/1.1
user-agent: node-XMLHttpRequest
accept: */*
Host: example.com:443
connection: close
----------
2022/11/23 13:13:57.233 kid1| 11,3| http.cc(2498) httpStart: GET https://example.com/socket.io/?EIO=3&transport=polling&t=OIadwKA&b64=1
2022/11/23 13:13:57.234 kid1| 11,2| http.cc(2454) sendRequest: HTTP Server conn10 local=x.x.x.x:47078 remote=z.z.z.z:443 HIER_DIRECT FD 13 flags=1
2022/11/23 13:13:57.234 kid1| 11,2| http.cc(2455) sendRequest: HTTP Server REQUEST:
---------
GET /socket.io/?EIO=3&transport=polling&t=OIadwKA&b64=1 HTTP/1.1
User-Agent: node-XMLHttpRequest
Accept: */*
Host: example.com
Via: 1.1 squid-new (squid/5.6)
X-Forwarded-For: y.y.y.y
Cache-Control: max-age=0
Connection: keep-alive
----------
2022/11/23 13:13:57.390 kid1| ctx: enter level 0: 'https://example.com/socket.io/?EIO=3&transport=polling&t=OIadwKA&b64=1'
2022/11/23 13:13:57.390 kid1| 11,3| http.cc(666) processReplyHeader: processReplyHeader: key '0100000000000000FFB9000001000000'
2022/11/23 13:13:57.390 kid1| 11,2| http.cc(720) processReplyHeader: HTTP Server conn10 local=x.x.x.x:47078 remote=z.z.z.z:443 HIER_DIRECT FD 13 flags=1
2022/11/23 13:13:57.391 kid1| 11,2| http.cc(721) processReplyHeader: HTTP Server RESPONSE:
---------
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 13:13:57 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 100
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: io=TXpnzoBUkck9fUgiAAGO; Path=/; HttpOnly
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Strict-Transport-Security: max-age=63072000
当我在docker(502网关)中运行它时记录:
1669209346.964 475 y.y.y.y TCP_MISS/502 4012 GET https://example.com/socket.io/? - HIER_DIRECT/z.z.z.z text/html
2022/11/23 13:15:46.488| 11,2| client_side.cc(1357) parseHttpRequest: HTTP Client conn6 local=172.17.0.2:31288 remote=y.y.y.y:56834 FD 10 flags=1
2022/11/23 13:15:46.488| 11,2| client_side.cc(1358) parseHttpRequest: HTTP Client REQUEST:
---------
GET https://example.com/socket.io/?EIO=3&transport=polling&t=OIaeL57&b64=1 HTTP/1.1
user-agent: node-XMLHttpRequest
accept: */*
Host: example.com:443
connection: close
----------
2022/11/23 13:15:46.809| 11,3| http.cc(2498) httpStart: GET https://example.com/socket.io/?EIO=3&transport=polling&t=OIaeL57&b64=1
2022/11/23 13:15:46.810| 11,2| http.cc(2454) sendRequest: HTTP Server conn9 local=172.17.0.2:45890 remote=z.z.z.z:443 HIER_DIRECT FD 12 flags=1
2022/11/23 13:15:46.810| 11,2| http.cc(2455) sendRequest: HTTP Server REQUEST:
---------
GET /socket.io/?EIO=3&transport=polling&t=OIaeL57&b64=1 HTTP/1.1
User-Agent: node-XMLHttpRequest
Accept: */*
Host: example.com
Via: 1.1 d6850669e571 (squid/5.6)
X-Forwarded-For: y.y.y.y
Cache-Control: max-age=0
Connection: keep-alive
----------
2022/11/23 13:15:46.963| 11,2| http.cc(1291) readReply: conn9 local=172.17.0.2:45890 remote=z.z.z.z:443 HIER_DIRECT FD 12 flags=1: read failure: (0) No error.
2022/11/23 13:15:46.963| 11,2| Stream.cc(279) sendStartOfMessage: HTTP Client conn6 local=172.17.0.2:31288 remote=y.y.y.y:56834 FD 10 flags=1
2022/11/23 13:15:46.963| 11,2| Stream.cc(280) sendStartOfMessage: HTTP Client REPLY:
---------
HTTP/1.1 502 Bad Gateway
Server: squid/5.6
Mime-Version: 1.0
Date: Wed, 23 Nov 2022 13:15:46 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3637
X-Squid-Error: ERR_READ_ERROR 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from d6850669e571
X-Cache-Lookup: MISS from d6850669e571:31288
Via: 1.1 d6850669e571 (squid/5.6)
Connection: close
答案1
这似乎是 ubuntu/squid 镜像的问题,而不是 docker 本身的问题。该镜像目前标记为 beta 或 edge,不稳定。我构建了一个基于 alpine 的 squid 镜像,它解决了我的问题。