Make sure squid is not running, by doing a: "ps -aux | grep squid", and
then delete the PID file.
ALSO, do NOT comment that line out. Simply add the port(s) that you
are using to the ACL, as opposed to just port 443, by simply adding
lines.
Example for Novell's Remote Manager, etc. By default Squid only allows
selected ports in the same manner.
acl Safe_ports port 8008
acl Safe_ports port 8009
acl SSL_ports port 8009
In your case, I am assuming you should use:
acl SSL_ports port 2096
---------------------------------------------
Chad E. Naugle
Tech Support II, x. 7981
Travel Impressions, Ltd.
>>> "Charles Roper" <charlzroper_at_gmail.com> 12/28/2010 4:34 PM >>>
Ok, I've upgraded to 2.7 STABLE9, created that directory you mentioned,
and
I can get it to start via "# squid start"
For some reason, "# /etc/init.d/squid start" and "# /etc/init.d/squid
restart" just time out with "FAILED" ... but at least it's starting
now.
I'm also having problems stopping:
[root_at_maya ~]# squid stop
2010/12/28 13:24:44| Squid is already running! Process ID 3333
I think I fixed the "untrusted connection" issue by commenting out the
following line:
http_access deny CONNECT !SSL_ports
**note, I tried that in v2.6 and it didn't make a difference**
Any ideas on how I can resolve the starting/stopping problems I'm now
experiencing? Thanks!
-----Original Message-----
From: Chad Naugle [mailto:Chad.Naugle_at_travimp.com]
Sent: Tuesday, December 28, 2010 12:16 PM
To: Charles Roper
Cc: squid-users_at_squid-cache.org
Subject: RE: [squid-users] Allow untrusted ssl connections
Looks like the default settings. Perhaps someone can also chip in
some
configuration suggestions, but I do notice that the PID file directory
might
not exist, or squid doesn't have access to it.
---------------------------------------------
Chad E. Naugle
Tech Support II, x. 7981
Travel Impressions, Ltd.
>>> "Charles Roper" <charlzroper_at_gmail.com> 12/28/2010 2:28 PM >>>
Well, with a little help, I was able to update to 2.7, but now I can't
start
it. Here is cache.log:
----------------------------------------------
2010/12/28 04:20:12| Starting Squid Cache version 2.7.STABLE9 for
i386-redhat-linux-gnu...
2010/12/28 04:20:12| Process ID 3202
2010/12/28 04:20:12| With 1024 file descriptors available
2010/12/28 04:20:12| Using epoll for the IO loop
2010/12/28 04:20:12| DNS Socket created at 0.0.0.0, port 53333, FD 6
2010/12/28 04:20:12| Adding nameserver 10.10.10.1 from
/etc/resolv.conf
2010/12/28 04:20:12| User-Agent logging is disabled.
2010/12/28 04:20:12| Referer logging is disabled.
2010/12/28 04:20:12| logfileOpen: opening log
/var/log/squid/access.log
2010/12/28 04:20:12| Unlinkd pipe opened on FD 11
2010/12/28 04:20:12| Swap maxSize 2048000 + 262144 KB, estimated
177703
objects
2010/12/28 04:20:12| Target number of buckets: 8885
2010/12/28 04:20:12| Using 16384 Store buckets
2010/12/28 04:20:12| Max Mem size: 262144 KB
2010/12/28 04:20:12| Max Swap size: 2048000 KB
2010/12/28 04:20:12| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2010/12/28 04:20:12| logfileOpen: opening log /var/log/squid/store.log
2010/12/28 04:20:12| Rebuilding storage in /var/spool/squid (DIRTY)
2010/12/28 04:20:12| Using Least Load store dir selection
2010/12/28 04:20:12| Set Current Directory to /var/spool/squid
2010/12/28 04:20:12| Loaded Icons.
2010/12/28 04:20:12| Accepting proxy HTTP connections at 0.0.0.0, port
8080,
FD 13.
2010/12/28 04:20:12| Accepting ICP messages at 0.0.0.0, port 3130, FD
14.
2010/12/28 04:20:12| WCCP Disabled.
2010/12/28 04:20:12| /var/log/squid/run/squid.pid: (2) No such file or
directory
2010/12/28 04:20:12| WARNING: Could not write pid file
2010/12/28 04:20:12| Ready to serve requests.
2010/12/28 04:20:12| Done reading /var/spool/squid swaplog (747
entries)
2010/12/28 04:20:12| Finished rebuilding storage from disk.
2010/12/28 04:20:12| 747 Entries scanned
2010/12/28 04:20:12| 0 Invalid entries.
2010/12/28 04:20:12| 0 With invalid flags.
2010/12/28 04:20:12| 747 Objects loaded.
2010/12/28 04:20:12| 0 Objects expired.
2010/12/28 04:20:12| 0 Objects cancelled.
2010/12/28 04:20:12| 0 Duplicate URLs purged.
2010/12/28 04:20:12| 0 Swapfile clashes avoided.
2010/12/28 04:20:12| Took 0.3 seconds (2547.6 objects/sec).
2010/12/28 04:20:12| Beginning Validation Procedure
2010/12/28 04:20:12| Completed Validation Procedure
2010/12/28 04:20:12| Validated 747 Entries
2010/12/28 04:20:12| store_swap_size = 7200k
2010/12/28 04:20:13| storeLateRelease: released 0 objects
----------------------------------------------------------
You just want me to copy/paste squid.conf?
-----Original Message-----
From: Chad Naugle [mailto:Chad.Naugle_at_travimp.com]
Sent: Tuesday, December 28, 2010 10:47 AM
To: Charles Roper
Cc: squid-users_at_squid-cache.org
Subject: RE: [squid-users] Allow untrusted ssl connections
Okay, then please simply post the current squid.conf first -- chances
are,
it sounds like its not configured correctly, between that, and your
browser
configuration.
---------------------------------------------
Chad E. Naugle
Tech Support II, x. 7981
Travel Impressions, Ltd.
>>> "Charles Roper" <charlzroper_at_gmail.com> 12/28/2010 1:23 PM >>>
Any advice on how best to do that? This is my first linux box and I
created
it precisely to use it as a Squid Proxy. This steep learning curve is
kind
of intimidating :/
-----Original Message-----
From: Chad Naugle [mailto:Chad.Naugle_at_travimp.com]
Sent: Tuesday, December 28, 2010 10:05 AM
To: Charles Roper
Cc: squid-users_at_squid-cache.org
Subject: RE: [squid-users] Allow untrusted ssl connections
Okay ... Firstly, you should probably compile an updated version of
Squid,
using either the 2.7 or 3.1 branch from http://www.squid-cache.org, and
then
install it. That version of Squid is probably only current for your
install
of CentOS.
Then post your configuration, it should be under /etc/squid, called
squid.conf.
---------------------------------------------
Chad E. Naugle
Tech Support II, x. 7981
Travel Impressions, Ltd.
>>> "Charles Roper" <charlzroper_at_gmail.com> 12/28/2010 12:52 PM >>>
Of course, sorry.
squid-2.6.STABLE21-6.el5.i386
CentOS release 5.5 (Final)
When I try to install the latest stable version using "yum install
squid", I
get this:
------------------------------------------
# yum install squid
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: mirror.stanford.edu
* base: mirrors.usc.edu
* extras: mirror.its.uidaho.edu
* updates: mirror.its.uidaho.edu
Setting up Install Process
Package 7:squid-2.6.STABLE21-6.el5.i386 already installed and latest
version
Nothing to do
--------------------------------------------
Is there another way I should be updating?
Thanks for the reply!
-----Original Message-----
From: Chad Naugle [mailto:Chad.Naugle_at_travimp.com]
Sent: Tuesday, December 28, 2010 9:48 AM
To: Charles Roper; squid-users_at_squid-cache.org
Subject: Re: [squid-users] Allow untrusted ssl connections
Can you report back with your version of Squid, and configuration?
---------------------------------------------
Chad E. Naugle
Tech Support II, x. 7981
Travel Impressions, Ltd.
>>> Charles Roper <charlzroper_at_gmail.com> 12/28/2010 12:33 PM >>>
Hello,
I'm using Squid Proxy to access my home network while I'm away from
the
house ... I'm running into a bit of trouble with SSL connections.
Using just a plain 'ol connection to the internet, occasionally ,
Firefox
will warn me of "Untrusted Connection" on certain websites that I
visit. I
believe this is due to either invalid SSL certs or self-signed SSL
certs.
Either way, I do trust these sites ... some of them are my own! I tell
Firefox that it's ok and it will let me view the sites as normal.
The problem arises when I try to access those same sites through my
home
Squid Proxy instead of directly connecting to the internet. When I do
that,
Firefox throws a "Problem loading page error" :
------------------------------
Unable to connect
Firefox can't establish a connection to the server at 8.8.8.8:2096.
* The site could be temporarily unavailable or too busy. Try
again in a few
moments.
* If you are unable to load any pages, check your computer's
network
connection.
* If your computer or network is protected by a firewall or
proxy, make sure
that Firefox is permitted to access the Web.
-----------------------------
I'm assuming this is a security configuration, but I really need to be
able
to access those sites through Squid Proxy. For years, I've been using
OpenSSH with SpoonProxy (Windows-based) and it worked flawlessly, but
this
week I thought I'd make the switch to Squid Proxy to see if I noticed
any
improvements. I did notice many speed improvements, and this is the
only
problem that I've run into, so I'm hoping you can help me resolve it.
Thanks - look forward to your reply!
- Charles
Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and
may contain confidential or privileged information. If you are not
the
intended recipient, any disclosure, copying, use, or distribution of
the
information included in this message and any attachments is
prohibited.
If
you have received this communication in error, please notify us by
reply
e-mail and immediately and permanently delete this message and any
attachments.
Thank you."
Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and
may contain confidential or privileged information. If you are not
the
intended recipient, any disclosure, copying, use, or distribution of
the
information included in this message and any attachments is
prohibited.
If
you have received this communication in error, please notify us by
reply
e-mail and immediately and permanently delete this message and any
attachments.
Thank you."
Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and
may contain confidential or privileged information. If you are not
the
intended recipient, any disclosure, copying, use, or distribution of
the
information included in this message and any attachments is
prohibited.
If
you have received this communication in error, please notify us by
reply
e-mail and immediately and permanently delete this message and any
attachments.
Thank you."
Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and
may contain confidential or privileged information. If you are not
the
intended recipient, any disclosure, copying, use, or distribution of
the
information included in this message and any attachments is prohibited.
If
you have received this communication in error, please notify us by
reply
e-mail and immediately and permanently delete this message and any
attachments.
Thank you."
Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and may contain confidential or privileged information. If you are not
the intended recipient, any disclosure, copying, use, or distribution of
the information included in this message and any attachments is
prohibited. If you have received this communication in error, please
notify us by reply e-mail and immediately and permanently delete this
message and any attachments.
Thank you."
Received on Tue Dec 28 2010 - 21:42:38 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 29 2010 - 12:00:03 MST