I’m running debian Jessie. Squid 3.5.16 compiled from source with the following: ./configure --build=x86_64-linux-gnu \ --prefix=/usr \ --includedir=${prefix}/include \ --mandir=${prefix}/share/man \ --infodir=${prefix}/share/info \ --sysconfdir=/etc \ --localstatedir=/var \ --libexecdir=${prefix}/lib/squid3 \ --srcdir=. \ --disable-maintainer-mode \ --disable-dependency-tracking \ --disable-silent-rules \ --datadir=/usr/share/squid3 \ --sysconfdir=/etc/squid3 \ --mandir=/usr/share/man \ --enable-inline \ --enable-gnuregex \ --enable-xmalloc-statistics \ --enable-useragent-log \ --enable-kill-parent-hack \ --enable-htpc \ --enable-forw-via-db \ --enable-dl-malloc \ --enable-time-hack \ --enable-err-language=English \ --disable-arch-native \ --enable-async-io=8 \ --enable-storeio=ufs,aufs,diskd,rock \ --enable-removal-policies=lru,heap \ --enable-delay-pools \ --enable-cache-digests \ --enable-icap-client \ --enable-follow-x-forwarded-for \ --enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB \ --enable-auth-digest=file,LDAP \ --enable-auth-negotiate=kerberos,wrapper \ --enable-auth-ntlm=fake,smb_lm \ --enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group \ --enable-url-rewrite-helpers=fake \ --enable-eui \ --enable-esi \ --enable-icmp \ --enable-zph-qos \ --enable-ecap \ --disable-translation \ --with-swapdir=/var/spool/squid3 \ --with-logdir=/var/log/squid3 \ --with-pidfile=/var/run/squid3.pid \ --with-filedescriptors=65536 \ --with-large-files \ --with-default-user=proxy \ --enable-ssl \ --enable-ssl-crtd \ --enable-wccpv2 \ --with-openssl \ --enable-linux-netfilter \ 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' \ 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' \ 'CPPFLAGS=-D_FORTIFY_SOURCE=2' \ 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security' Here is my squid.conf #Access Lists acl internal src 192.168.200.0/21 acl wireless src 192.168.100.0/23 #Ports allowed through Squid acl Safe_ports port 80 acl Safe_ports port 443 acl SSL_ports port 443 acl CONNECT method CONNECT #allow/deny http_access allow internal http_access allow wireless http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all #Bumping acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 ssl_bump peek all ssl_bump splice all sslproxy_capath /etc/ssl/certs sslcrtd_program /usr/lib/squid3/ssl_crtd -s /etc/squid3/ssl_db -M 4MB sslcrtd_children 5 logformat mine %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %ssl::>sni %ssl::>cert_subject %>Hs %<st %Ss:%Sh #access_log syslog:daemon.info mine access_log daemon:/var/log/squid3/access.log mine #intercept http_port 3128 intercept https_port 3129 intercept ssl-bump cert=/etc/squid3/certs/squid.pem cafile=/etc/squid3/certs/squid.pem key=/etc/squid3/certs/squid.pem generate-host-cer tificates=on dynamic_cert_mem_cache_size=4MB sslflags=NO_SESSION_REUSE #nameservers dns_nameservers 192.168.201.1 8.8.8.8 #WCCPv2 items wccp_version 2 wccp2_router 192.168.200.73 wccp2_forwarding_method gre wccp2_return_method gre wccp2_service standard 0 password=LNP1 wccp2_service dynamic 70 password=LNP1 wccp2_service_info 70 protocol=tcp flags=dst_ip_hash priority=240 ports=443 -I did initialize the ssl_db -I did create certs I’m simply trying to start via : sudo squid It throws no errors nothing. The pid lives for a sec then dies. This is the only log message I get.
Apr 7 11:51:19 LNP-Proxy (squid-1): The ssl_crtd helpers are crashing too rapidly, need help! I tried deleting and recreating the ssl_db as I saw from a few other posts, did not work.
Other info: Tunnel is up: gre0: gre/ip remote any local any ttl inherit nopmtudisc wccp0: gre/ip remote 192.168.200.73 local 192.168.201.248 dev eth3 ttl inherit Iptables: bruce@LNP-Proxy:/var/log$ sudo iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http to:192.168.201.248:3128 DNAT tcp -- anywhere anywhere tcp dpt:https to:192.168.201.248:3129 Chain INPUT (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain POSTROUTING (policy ACCEPT) target prot opt source destination I’m not sure what to even check next. I cant do a sudo squid –k debug since the process doesn’t last long enough.
Thanks Bruce Markey | Network Security Analyst STEINMAN COMMUNICATIONS 717.291.8758 (o)
| bmarkey@xxxxxxxxxxxxxxxxxxxxxxxxxx 8 West King St | PO Box 1328,
Lancaster, PA 17608-1328 |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users