Re: [squid-users] Redirection - How to in English fornonprogrammers...

From: Geoffrey ROBERTS <geoffrob_at_stmarks.pp.catholic.edu.au>
Date: Tue, 17 Feb 2009 12:03:42 +1030

>>> On Tuesday, 17 February 2009 at 7:52 am, in message <4999D91A.5080104_at_gci.net>,
Chris Robertson <crobertson_at_gci.net> wrote:
> Geoffrey ROBERTS wrote:

> How was the old version installed?

Tick a box when installing SLES10.
No idea of the actual method.

I eventually found squid.exe and some other squid files in /USR/SBIN
squid.conf is in /etc/squid. And I now realise that squid -v tells you where
it is...

> It appears that SUSE uses RPMs, so
> "rpm -e squid" ought to get rid if the old Squid version.

I'll try that on the test box.

> Of course, it
> will likely also remove the startup scripts, so you might not want to go
> that route without knowing how to relocate/replace them.
> http://wiki.squid-cache.org/SquidFaq/InstallingSquid has some generic
> tips for starting Squid.

Yes, I had to do some of that to get it to load at startup. I don't think that will be a problem.
(But I could be wrong)
 
>> Obviously I would much prefer that the 3.0 install simply overwrite the
>> existing 2.5 install but I have no real idea how to go about that -

> Run "squid -v" to find out how your current version of Squid was
> compiled. Compile Squid 3 using the same arguments and "make install"
> will overwrite it.

heimdal:/etc/squid # squid -v
Squid Cache: Version 2.5.STABLE12
configure options: '--prefix=/usr' '--sysconfdir=/etc/squid' '--bindir=/usr/sbin' '--sbindir=/usr/sbin'
'--localstatedir=/var' '--libexecdir=/usr/sbin' '--datadir=/usr/share/squid' '--with-dl' '--enable-snmp'
'--enable-carp' '--enable-useragent-log' '--enable-auth=basic digest ntlm'
'--enable-basic-auth-helpers=LDAP MSNT NCSA PAM SMB YP getpwnam multi-domain-NTLM'
'--enable-ntlm-auth-helpers=SMB no_check' '--enable-digest-auth-helpers=password'
'--enable-external-acl-helpers=ip_user ldap_group unix_group wbinfo_group' '--enable-ntlm-fail-open'
'--enable-referer-log' '--enable-arp-acl' '--enable-htcp' '--enable-underscores' '--enable-stacktraces'
'--enable-delay-pools' '--enable-ssl' '--enable-cache-digests' '--enable-storeio=aufs,ufs,diskd,null'
'--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--with-samba-sources=/usr/include/samba'
'--enable-x-accelerator-vary'
'CFLAGS=-O2 -march=i586 -mtune=i686 -fmessage-length=0 -Wall -D_FORTIFY_SOURCE=2 -g -fPIE -DLDAP_DEPRECATED -fno-strict-aliasing'
'LDFLAGS=-pie'

Are all of these 'arguments'? I have no idea what a lot of them are for, or even if they are necessary.

> But be aware, if you perform a software update and a
> newer Squid 2.5 package is available, your compiled version will be
> overwritten.

?? Mmm. I think I should remove it then do a clean install of 3.whatever if that's the case.
 
>> I've downloaded the squid 3 stable tar.gz and unpacked it on another SLES10
>> box that also has Squid on it (2.15 again - out of the box).

> No such version.

Well, I hate to argue with someone clearly far more clued than me, but I assure you that
the SLES10 SP2 install DVD ISO installs Squid 2.15 Stable 12 for you. I have 2 SLES10 boxes
and both have the same version and both are plain vanilla installs straight from the DVD.

> The newest branch of the Squid 2.x tree is
> 2.7.STABLE6. While this might be construed as pedantic, without using
> the same terminology, problems are REALLY hard to solve. Significant
> differences exist between 2.5, 2.6 and 2.7.

I'll take your obviously knowledgeable word for that, some of the issue I'm having appears
to be version related (the apparent lack of the url_redirect tag in 2.15 being one)

When you install SLES10 you get Squid 2.15 Stable 12
pre-installed for you, I did some minor changes (from an optimising squid performance doc I found
on the web somewhere) and it came up and has been working fine.
The SLES install (even with SP2 embedded) iso has not changed since it was released and
the online update service doesn't seem to update squid (though it seems to update just about everything else.)

What would you suggest is the best course here? 2.15 seems to be years old so it seems advisable to
upgrade, but should I wipe it out (however that should be done) and install 2.7 or go to 3.0

>> No problem with that. I just need to figure out how to do an in place
>> upgrade of the existing (working) squid 2.15 without breaking anything else.

> Assuming you really mean Squid 2.5 and further assuming the proxy is not
> internet facing, you really don't.

If you mean does it present an outside interface to the internet, no, it's inside the
firewall with an internal IP address.

> There are likely security
> vulnerabilities in 2.5, it doesn't support websites that require NTLM
> authentication

Don't think it matters. Squid here is just a proxy/cache, it's connected to the internal lan
via a transparent bridge that is the ContentKeeper appliance, which does all the logging
and authentication (to Novell eDirectory on a Netware server via LDAP).

> and that branch has been relegated to the ravages of
> history, so support will be harder to come by, but it still works. If
> the version of SUSE you are using is still supported, perhaps that
> community is able to give support.

?? SLES 10SP2 is the current version of SUSE Linux Enterprise Server.
 
> That said, upgrading to a actively developed version (2.7 or 3.0) is
> probably a good idea.

Ok. That seems like the best course.

> http://www.squid-cache.org/Doc/config/ :o) That vast majority of it
> does not need to be adjusted. The important bit is ACLs
> (http://wiki.squid-cache.org/SquidFaq/SquidAcl).

I don't think we are using ACLs, as the authentication is not handled by squid.
 
> Henrik gave you a copy (fill-in-the-variables) and paste for your
> squid.conf (that should even work in Squid 2.5) that doesn't require
> redirectors...
>
> http://www.squid-cache.org/mail-archive/squid-users/200902/0275.html

Yes, I'm going to try that next, I was going to just persist with the .pl or .php stuff
as I know the script itself is ok, but I have a window later today and I will try the
other method he supplied.

>> If you supply the actual FQDN and IP of the docushare server (on list or
> off), we can even take care of the "fill-in-the-variables" part. Put
> your squid.conf in a paste-bin and we can even tell you where in the
> config file to put those lines.

I'd rather try it myself first, if I don't I will never learn, but I'll keep that in mind.
 

>> The redirect *seemed* to be quick and easy to implement, I should have known
> >anything to do with changing *nix based stuff is rarely quick and easy.
>
> Replace "*nix" with "computer" or even "electronic"...
> http://xkcd.com/349/ :o)

Well, some are harder than others. I'm going to take a look at webmin, but YAST seems
fine for a lot of it, but the applications are another story, squid being a perfect example.
The last proxy/cache I played with other than a pizza box appliance was WASD Web Server
on VMS which is... ahem, quite different (and was much easier to configure ;^)
 
>> That much I *have* learned about it so far.
>> The mere fact you need to have squid call script files in .php or perl to do
>> the redirect is enough to put me off. I don't speak
>> C, perl, php or java.

> Again, a copy (fill-in-the-variables) and paste example was provided.
> You did state that it didn't work but didn't reply to the request for
> more information, which is the only way for us to help you fix it.

Sorry, I thought I had. The problem is not with the script, it works fine in
a command line. (I did have to change the permissions on it to execute which I would not have thought of.)
The problem does not appear to be with the script but with squid itself, which seems unable to use it,
or is not using it correctly.

>> I wish they'd just pick ONE script language and leave it at that.
>>
>
> Variety is the spice of life. :o) I'd hate to only see one car on the
> roads, or one type of house in a neighborhood and I'd HATE to be forced
> to use one scripting language for every problem.

I hate to be forced to use scripting language, period. ;^)

I have located the support group for SLES so I am posting there as well for the more
specific stuff.

Thanks again for all your help, I really appreciate it.

 

-- 
Geoff Roberts
Computer Systems Manager
Saint Mark's College
Port Pirie, South Australia
geoffrobxATstmarksxdotppxdotcatholicxdoteduxdotaux
Remove the x's
Received on Tue Feb 17 2009 - 01:34:34 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 17 2009 - 12:00:02 MST