Search squid archive

Re: Configuration for cache_peer doesn't work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



could there be a problem with the ssl support 
the output of `squid3 -v`

Squid Cache: Version 3.1.19

configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--enable-zph-qos' '--enable-wccpv2' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security' --with-squid=/build/squid3-nkylXD/squid3-3.1.19


I tried to recompile squid source with the following options


./configure --with-openssl --enable-ssl


When I build this binary and run, it throws error like this

~ # ~/squid -N -Y -d 5 -f /tmp/minsquid.conf 

/tandberg/squid: /lib/x86_64/libcrypto.so.1.0.0: no version information available (required by /tandberg/squid)

/tandberg/squid: /lib/x86_64/libssl.so.1.0.0: no version information available (required by /tandberg/squid)

2017/01/20 05:35:57| ERROR: MIME Config Table /usr/local/squid/etc/mime.conf: (2) No such file or directory

FATAL: MIME Config Table /usr/local/squid/etc/mime.conf: (2) No such file or directory

Squid Cache (Version 3.1.23): Terminated abnormally.

CPU Usage: 0.032 seconds = 0.031 user + 0.001 sys

Maximum Resident Size: 28368 KB

Page faults with physical i/o: 0



On 20 January 2017 at 04:01, salil GK <gksalil@xxxxxxxxx> wrote:
Could some one please provide me some information on this. This is a kind of urgent for me now. Sorry for bothering too much.

Thanks
~S


On 19 January 2017 at 21:09, salil GK <gksalil@xxxxxxxxx> wrote:
Hello

  I am new to squid and I have a use case that I need to configure a forward proxy with squid. But there will be two squid servers chained to isolate the networks. So when client machine wanted to access some internet site, they will specify proxy as my first squid server. This proxy in turn will forward the packet to squid server 2 and from there traffic will be forwarded to origin server and response will come through the same path.

  I could achieve this by configuring cache_peer.

>>>>>  configuration in SquidServer1

http_port 3223

include "/etc/squid3/blockedhosts.lst"

http_access allow all

cache_peer 10.106.251.90 parent 3223 0 no-query default 

<<<<<

So this will forward packets to SquidServer2 ( 10.106.251.90 ) and then will be forwarded further from there to origin server


Now I want to make ssl connection between SquidServer1 and SquidServer2. 

I tried the following line for cache_peer

>>>>

cache_peer 10.106.251.90 parent 3223 0 no-query default ssl sslcert="/tmp/server_90.pem" sslkey="/tmp/privkey_90.pem"

<<<<<

But this doesn't work.

when I try to start quid - it gives the following error

>>>>>>

~ # /usr/sbin/squid3 -N -Y -d 5 -f /tmp/minsquid.conf 

2017/01/19 21:04:24| parse_peer: token='ssl'

FATAL: Bungled minsquid.conf line 12: cache_peer 10.106.251.90 parent 3223 0 no-query default ssl sslcert="/tmp/server_90.pem" sslkey="/tmp/privkey_90.pem"

Squid Cache (Version 3.1.19): Terminated abnormally.

CPU Usage: 0.004 seconds = 0.004 user + 0.000 sys

Maximum Resident Size: 28224 KB

Page faults with physical i/o: 0

<<<<<<

what could be the issue .

-----

In SquidServer2 I think I need to specify https port for the client to access. I have put this line in config file

>>>>>

https_port 3224  cert=self_s_cert.pem key=key.pem

<<<<<

There while executing squid, getting the following error


>>>>

~ # /usr/sbin/squid3 -N -Y -d 5 -f /tmp/minsquid.conf

2017/01/19 15:37:40| cache_cf.cc(381) parseOneConfigFile: minsquid.conf:4 unrecognized: 'https_port'

<<<< 


Thanks

~S



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux