We had several linux servers and only one could connect the internet. So I built squid proxy on the server and other servers could use the proxy via environment variables like http_proxy="", ftp_proxy="" and so on.
But suddenly I found the proxy not working for other servers. The command and response was
yangjc@jupiter ~ $ wget www.baidu.com
--2018-09-25 11:41:06-- http://www.baidu.com/
Connecting to 202.205.131.254:7777... connected.
Proxy request sent, awaiting response... 503 Service Unavailable
2018-09-25 11:41:06 ERROR 503: Service Unavailable.
yangjc@jupiter ~ $ wget https://www.baidu.com
--2018-09-25 11:41:45-- https://www.baidu.com/
Connecting to 202.205.131.254:7777... connected.
Proxy tunneling failed: Service UnavailableUnable to establish SSL connection.
202.205.131.254:7777 was the IP and port of the proxy server. Seems that the proxy server could receive the requests, but failed to respond and return the results. I made sure the squid was on and the proxy server could connect the internet.
However, when I directly gave the IP of the same page, it worked!
yangjc@jupiter ~ $ wget 119.75.216.20
--2018-09-25 11:42:25-- http://119.75.216.20/
Connecting to 202.205.131.254:7777... connected.
Proxy request sent, awaiting response... 200 OK
Cookie coming from 119.75.216.20 attempted to set domain to 119.75.216.20
Length: 2381 (2.3K) [text/html]
Saving to: 'index.html.2'
100% [======================================================================================================================================================================================================================================>] 2,381 --.-K/s in 0s
2018-09-25 11:42:25 (17.1 MB/s) - 'index.html.2' saved [2381/2381]
The DNS on the proxy server worked well and I could download pages via domain names on the proxy server. So where was the problem? Could anybody give some clues and many thanks!
By the way, our servers were under a third party managed firewall. Recently they tightened their strategy and I thought this had something to do with our problem. I discussed with them and we couldn't find the problem. So I will also be grateful if someone can tell how to find useful messages about the problem so I can discuss with them. Many thanks!
Best Answer
I might be wrong, but I think you have a problem with SSL. Unless your proxy is configured with a SSL certificate for Man In The Middle interception, you can't proxy https. The plain http fail might be because Baidu is redirecting to https ?
In any case, you should post your squid configuration, if your clients are using a transparent proxy or direct/explicit (I'm guessing explicit due to the variables), which version of Squid are you using, the network configuration of the proxy and the clients, etc. Information regarding the environment is critical to understand why something is happening.