Search squid archive

3.4.4 chroot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi - I'm having trouble getting squid 3.4.4 to run a chroot environment.

Squid runs outside the chroot environment without any problems.

I looked at the example on the wiki but it didn't work for me.

Regardless of what I do, squid complains about not being able to find
the file:

  -rw-r----- 1 squid nobody 0 May 11 23:15 access.log

But it can find the cache.log file which is in the same directory as
access.log.

Enclosed is the error message logged to /var/squid/logs/cache.log and
the squid.conf files is attached.

Any help would be greatly appreciated.

-- Cinaed

2014/05/11 20:42:37 kid1| Starting Squid Cache version 3.4.4 for
x86_64-unknown-
linux-gnu...
2014/05/11 20:42:37 kid1| Process ID 22095
2014/05/11 20:42:37 kid1| Process Roles: worker
2014/05/11 20:42:37 kid1| With 1024 file descriptors available
2014/05/11 20:42:37 kid1| Initializing IP Cache...
2014/05/11 20:42:37 kid1| DNS Socket created at [::], FD 6
2014/05/11 20:42:37 kid1| DNS Socket created at 0.0.0.0, FD 7
2014/05/11 20:42:37 kid1| Adding nameserver x.x.x.x from /etc/resolv.conf
2014/05/11 20:42:37 kid1| Adding nameserver x.x.x.x from /etc/resolv.conf
2014/05/11 20:42:37 kid1| Adding domain xxxxx.com from /etc/resolv.conf
2014/05/11 20:42:37 kid1| Logfile: opening log
daemon:/var/squid/logs/access.log
2014/05/11 20:42:37 kid1| Logfile Daemon: opening log
/var/squid/logs/access.log
2014/05/11 20:42:37 kid1| ipcCreate: /opt/squid/libexec/log_file_daemon:
(2) No
such file or directory

#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#chroot /opt/squid/chroot
#acl localhost src 127.0.0.1 
acl localnet src x.x.x.x/xx	# RFC1918 possible internal network
#acl to_localhost dst 127.0.0.0/8
#acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
#acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
#acl localnet src fc00::/7       # RFC 4193 local private network range
#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
#acl Safe_ports port 70		# gopher
#acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
#acl Safe_ports port 280		# http-mgmt
#acl Safe_ports port 488		# gss-http
#acl Safe_ports port 591		# filemaker
#acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/squid/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/squid/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:		1440	20%	10080
#refresh_pattern ^gopher:	1440	0%	1440
#refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
#refresh_pattern .		0	20%	4320
# local additions
cache deny all
cache_mgr root@localhost
ftp_user root@localhost
ftp_passive on
ftp_sanitycheck on
pconn_timeout 1 minute
request_header_max_size 64 KB
forwarded_for delete 
ignore_unknown_nameservers on
icp_port 0
icp_access deny all
htcp_port 0
htcp_access deny all
snmp_port 0
snmp_access deny all
cache_effective_user squid
cache_effective_group nobody 
# end of configuration

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux