Search squid archive

Squid 3.5.2 will only start with empty cache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have been trying to get Squid 3.5.2 to work with the Smoothwall Express 3.1 Linux firewall distribution. Specifically, I have modified the Squid version included with Smoothwall Express 3.1 to enable HTTPS caching. I have had this working successfully up to Squid version 3.4.10. Now with trying to upgrade to Squid 3.5.2 I am having problems that I didn't encounter with prior versions of Squid.

The first issue I had, which is now resolved, was improper permissions of the shm folder (in SWE found in /dev/shm). Changing the folder permissions to Squid user and group allowed Squid 3.5.2 to start. However, now it will only start with an empty cache directory. Once it starts with an empty cache directory, it seems to function correctly as far as caching SSL encrypted web pages. However, if Squid needs to be restarted for any reason, it will not restart until the cache directory (/var/spool/squid/cache) is emptied.

The error I am getting when trying to start Squid 3.5.2 without an empty cache is

2015/03/14 00:29:47 kid1| Current Directory is /
2015/03/14 00:29:47 kid1| Starting Squid Cache version 3.5.2 for i586-pc-linux-gnu...
2015/03/14 00:29:47 kid1| Service Name: squid
2015/03/14 00:29:47 kid1| Process ID 7261
2015/03/14 00:29:47 kid1| Process Roles: worker
2015/03/14 00:29:47 kid1| With 1024 file descriptors available
2015/03/14 00:29:47 kid1| Initializing IP Cache...
2015/03/14 00:29:47 kid1| DNS Socket created at 0.0.0.0, FD 8
2015/03/14 00:29:47 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2015/03/14 00:29:47 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
FATAL: Ipc::Mem::Segment::open failed to shm_open(/squid-ssl_session_cache.shm): (2) No such file or directory

Squid Cache (Version 3.5.2): Terminated abnormally.
CPU Usage: 0.027 seconds = 0.020 user + 0.007 sys
Maximum Resident Size: 26752 KB
Page faults with physical i/o: 0
2015/03/14 00:29:47.830 kid1| Acl.cc(380) ~ACL: freeing ACL 

This is my squid.conf file with SSL caching using ssl-bump enabled.

visible_hostname smoothwall

# Uncomment the following to send debug info to /var/log/squid/cache.log
debug_options ALL,1 33,2 28,9

# ACCESS CONTROLS
# ----------------------------------------------------------------
acl localhostgreen src 192.168.100.1
acl localnetgreen src 192.168.100.0/24

acl SSL_ports port 445 443 441 563
acl Safe_ports port 80      # http
acl Safe_ports port 81      # smoothwall http
acl Safe_ports port 21      # ftp 
acl Safe_ports port 445 443 441 563 # https, snews
acl Safe_ports port 70      # gopher
acl Safe_ports port 210         # wais  
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http 
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http

acl CONNECT method CONNECT

# TAG: http_access
# ----------------------------------------------------------------


http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localnetgreen
http_access allow CONNECT localnetgreen

http_access allow localhostgreen
http_access allow CONNECT localhostgreen

# http_port and https_port
#----------------------------------------------------------------------------

# A random port for forward-proxy port needed for SSL
http_port 8081

http_port 192.168.100.1:800 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem

https_port 192.168.100.1:808 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem

sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
ssl_bump server-first all

ssl_bump none localhostgreen
sslcrtd_program /var/smoothwall/mods/proxy/libexec/ssl_crtd -s /var/smoothwall/mods/proxy/lib/ssl_db -M 4MB
sslcrtd_children 5

sslproxy_session_cache_size 4 MB

http_access deny all

cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF

# CACHE OPTIONS
# ----------------------------------------------------------------------------
cache_effective_user squid
cache_effective_group squid

cache_swap_high 100
cache_swap_low 80

cache_mem 8 MB
maximum_object_size_in_memory 512 KB

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
error_directory /usr/share/errors/en-us
log_mime_hdrs off

cache_dir diskd /var/spool/squid/cache 1024 16 256 Q1=64 Q2=72

request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Connection allow all
request_header_access All allow all

maximum_object_size 33 MB

minimum_object_size 0 KB


request_body_max_size 0 KB

# OTHER OPTIONS
# ----------------------------------------------------------------------------
forwarded_for off

pid_filename /var/run/squid.pid

shutdown_lifetime 3 seconds
icp_port 3130

half_closed_clients off

umask 022

logfile_rotate 0

strip_query_terms off

Any help would be greatly appresciated.

Stan

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux