我们正在使用Squid代理过滤出站流量HTTP / HTTPS。我们通过
在我们的应用程序服务器上显式传递Squid Proxy参数。export HTTP_PROXY=http://10.3.xx.xxx:3128
export HTTPS_PROXY=https://10.3.xx.xxx:3130
这是我的鱿鱼配置
visible_hostname 10.3.XX.XXX
#Handling HTTP requests
http_port 3128 intercept
acl allowed_http_sites dstdomain "/etc/squid/whitelist.acl"
http_access allow allowed_http_sites
#Handling HTTPS requests
https_port 3130 cert=/etc/squid/ssl/squid.pem ssl-bump intercept
acl allowed_https_sites ssl::server_name "/etc/squid/whitelist.acl"
acl step1 at_step SslBump1
acl step2 at_step SslBump2
ssl_bump peek all
ssl_bump splice allowed_https_sites
ssl_bump terminate all
乌贼服务已启动并正在运行。安全组没有问题。但是,在鱿鱼代理服务器上,我们在/var/log/squid/cache.log
下看到以下错误2019/06/08 06:51:13 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=10.3.xx.xxx:3130 remote=10.3.xx.xxx:35282 FD 12 flags=33
2019/06/08 06:51:13 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=10.3.xx.xxx:3130 remote=10.3.xx.xxx:35284 FD 12 flags=33: (2) No such file or directory
可能是什么问题?