On 21/10/18 6:12 AM, Alex Rousskov wrote: > On 10/20/18 7:47 AM, houheming wrote: >> 1. Configure Squid to automatically generate origin server certificates >> (signed by a configured CA X) and send them to browsers/clients that go >> to those origin servers. > > OK. > > >> If I configure squid like: >> >> https_port 180.97.33.107:443 ... >> https_port 180.97.33.108:443 >> https_port 443 > >> when I use “squid –k reconfigure” to reconfigure squid, no error message. > > In general, avoid using "-k anything" as the primary configuration test. > It just complicates matters by introducing a different error checking > context. Use a clean start. I am _not_ saying that a clean start would > have solved your problem in this particular case. > > >> But when I check the tcp ports listening: > > [image showing the first two out of three configured :443 ports] > > If Squid did not complain about anything but did not start listening on > one of the configured ports, then there is a Squid error reporting bug > somewhere. Feel free to report it to Squid bugzilla. > > My suggestion to reorder those https_port lines was wrong. The wildcard > bind(INADDR_ANY) system call does not bind to "any available" address. > It binds to "all" addresses and, hence, fails if one of the addresses is > not available. Aye. Just double-checked, Squid does report this problem: "2018/10/21 19:12:30 kid1| ERROR: listen( FD 21, [::] [ job2], 256): (98) Address already in use" ... but only only for -k start / restart / reconfigure. The -k parse does not check it. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
