Hello, We have a bit of an edge case where we want to just want a simple forward proxy for most requests, but for a select few we would like to route requests through a cloud-based reverse proxy. We've accomplished this by setting up a forward proxy on port 8080 that will remap the few requests we want to route to the cloud to an ssl reverse proxy on port 8443. Both are running in traffic server.
remap.config: map_with_recv_port https://google.com:8080 https://localhost:8443 map_with_recv_port https://google.com:8443 https://cloud.reverse.proxy.com:443 \ @plugin=conf_remap.so @pparam=proxy.config.ssl.client.private_key.filename=/etc/trafficserver/ssl/client/client.key \ @plugin=conf_remap.so @pparam=proxy.config.ssl.client.cert.filename=/etc/trafficserver/ssl/client/client.cert \ @plugin=conf_remap.so @pparam=proxy.config.ssl.client.CA.cert.filename=/etc/trafficserver/ssl/reverse_proxy_ca/ca.cert This all works brilliantly until we try to add a parent proxy to our parents.conf, which is a usecase that we have to support parent.config: dest_domain=localhost port=8443 go_direct=true dest_domain=. parent="internal.forward.proxy.com:3128" go_direct=false debug output: Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: [Oct 20 14:13:34.868] [ET_NET 2] DIAG: <ParentSelection.cc:851 (UpdateMatch)> (parent_select) Matched with 0x55e593de70f8 parent node from line 57 Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: [Oct 20 14:13:34.868] [ET_NET 2] DIAG: <ParentRoundRobin.cc:61 (selectParent)> (parent_select) In ParentRoundRobin::selectParent(): Using a round robin parent selection strategy. Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: [Oct 20 14:13:34.868] [ET_NET 2] DIAG: <ParentRoundRobin.cc:148 (selectParent)> (parent_select) cur_index: 0, result->start_parent: 0 Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: [Oct 20 14:13:34.868] [ET_NET 2] DIAG: <ParentRoundRobin.cc:152 (selectParent)> (parent_select) FailThreshold = 10 Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: [Oct 20 14:13:34.868] [ET_NET 2] DIAG: <ParentRoundRobin.cc:153 (selectParent)> (parent_select) Selecting a parent due to little failCount (faileAt: 0 failCount: 0) Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: [Oct 20 14:13:34.868] [ET_NET 2] DIAG: <ParentRoundRobin.cc:173 (selectParent)> (parent_select) status for internal.forward.proxy.com: 2 Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: [Oct 20 14:13:34.868] [ET_NET 2] DIAG: <ParentRoundRobin.cc:181 (selectParent)> (parent_select) Chosen parent = internal.forward.proxy.com.3128 Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: [Oct 20 14:13:34.868] [ET_NET 2] DIAG: <ParentSelection.cc:161 (findParent)> (parent_select) PARENT_SPECIFIED Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: [Oct 20 14:13:34.868] [ET_NET 2] DIAG: <ParentSelection.cc:162 (findParent)> (parent_select) Result for cloud.reverse.proxy.com was parent internal.forward.proxy.com:3128 Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: +++++++++ Proxy's Request +++++++++ Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: -- State Machine Id: 1 Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: GET https://cloud.reverse.proxy.com:443/ HTTP/1.1 Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: Host: google.com Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: User-Agent: curl/7.81.0 Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: Accept: */* Oct 20 14:13:34 ip-10-5-17-60 traffic_server[13443]: At this point the request just hangs; when we did a tcpdump of the traffic there was nothing leaving the box. We don't understand what might be happening here since it seems to correctly identify the parent proxy but does not reach out to it. We have confirmed this by looking at the traffic logs for internal.forward.proxy.com and could use some expertise to help us identify where to look next. [signature_1800111632] Alex LaFreniere | Principal Engineer 125 Cambridgepark Drive, Suite 500 | Cambridge, MA 02140 USA alex.lafreni...@trinetx.com<mailto:alex.lafreni...@trinetx.com> | www.trinetx.com<http://www.trinetx.com/> Disclaimer The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.
