I have an environment consisting of four servers networked together. One server acts as the server, and the other three act as clients for running automated tests and Linux benchmarking using Phoromatic.
The four systems are all behind a corporate firewall. If I set the "http_proxy" and "https_proxy" environment variables on the clients, they can connect to the outside world and download tests and such, however they will not connect to the server as they try to connect to the local server using the proxy. Since I wanted to cache the package downloads, tests, etc… I set up a Squid proxy on the server system, and configured it as a transparent proxy, but it only works with http requests.
What I'd like to do is have the http requests handled via the cache, and forwarded to the parent proxy as needed. Obviously I can't decrypt the ssl sessions, but I can't figure out how to have the Squid proxy forward https requests to the parent proxy. Additionally, the squid proxy is running on the same box as the Phoromatic server, which is Web based but uses a user-configurable nonstandard port, but Squid likes to block requests to said port, even when it's added to the configuration as being allowed.
I would be OK with just having the clients use the corporate firewall directly for https and ftp requests and either just using the Squid cache for http requests, or ditch the Squid proxy altogether and have the clients set to not use the proxy for local hosts.
It's really frustrating me, since most of the time I'm great at hunting down information and making things work on my own, without having to pick anyone else's brain about it, but I guess I have a rather unique situation! And yes, I have tried the Phoronix forum for Phoromatic to no avail.
Servers are SuperMicro X8DTT dual chassis systems running Fedora 24. Network configuration consists of a GbE connection to a switch (used as the connection to the outside world) as well as two 10Gb on each system, also connected through a switch, but the 10Gb system is not connected to the outside world – they're used for bandwidth testing (The drivers for the 10Gb cards is what the system is set up to test)
Best Answer
I'll be short (yeah, it doesn't look short like at all, but otherwise it would be way longer and totally unreadable).
squid
isn't scaling that well. for 10-gigs bandwidth you'll have to use SMPsquid
features, and this have it's downsides. Like unbalanced load on squid workers, SMP issues in squid internals, and so on. It may be solvable if you have previous experience withsquid
, but unlikely if you have set it up like for the first time.