Squid proxy not working when upgrade from 27 to 3.5

classic Classic list List threaded Threaded
36 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Squid proxy not working when upgrade from 27 to 3.5

Angus J.
Squid proxy not working when upgrade from 27 to 3.5

Squid proxy not working when upgrade to 3.5 and it will not caching anything

----------------------------------------------------------------------------

#Default:
# windows_ipaddrchangemonitor on

visible_hostname oul163.hkbb.edu.hk
http_port 3128 accel vhost defaultsite=oul163.hkbb.edu.hk
https_port 80 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8000 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8004 accel cert=/etc/squid/certs/ouhk2.crt
key=/etc/squid/certs/ouhk2.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8005 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8005 accel cert=/etc/squid/certs/ouhk3.crt
key=/etc/squid/certs/ouhk3.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#ssl_bump allow all
#              Disable the following one
#ssl_bump options=NO_SSLv3
#always_direct allow all
#              Disable the following one
#sslproxy_cert_error allow all
sslproxy_options NO_SSLv3:NO_SSLv2
access_log /var/log/squid/access.log squid
cache_effective_user squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

# the proxy-only indicates that caching will not be performed.
cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
cache_peer_domain prdhrms prdhrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only   name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain uathrms uathrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only   name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain sithrms sithrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only  name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
cache_peer_domain devhrms devhrms.hkbb.edu.hk

# Create an additional ACL for local network access
acl localip src 192.168.31.0/24

# access control list
acl hrmsacl dstdomain .hkbb.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.hkbb.edu.hk
#cache_peer_access devhrms allow hrmsacl2
cache_peer_access prdhrms allow hrmsacl
cache_peer_access uathrms allow hrmsacl
cache_peer_access sithrms allow hrmsacl
cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports

# Additional ACL definitions
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl CONNECT method CONNECT

# Restrictions
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny all

# Disable caching
cache deny all

logfile_rotate 10

oul163:/etc/squid # vi  squid.conf
cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
cache_peer_domain prdhrms prdhrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain uathrms uathrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain sithrms sithrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
cache_peer_domain devhrms devhrms.hkbb.edu.hk

# Create an additional ACL for local network access
acl localip src 192.168.31.0/24

# access control list
acl hrmsacl dstdomain .hkbb.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.hkbb.edu.hk
#cache_peer_access devhrms allow hrmsacl2
cache_peer_access prdhrms allow hrmsacl
cache_peer_access uathrms allow hrmsacl
cache_peer_access sithrms allow hrmsacl
cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports

# Additional ACL definitions
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl CONNECT method CONNECT

# Restrictions
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny all

# Disable caching
cache deny all

logfile_rotate 10





--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Amos Jeffries
Administrator
On 23/10/18 4:28 PM, Angus J. wrote:
> Squid proxy not working when upgrade from 27 to 3.5
>

Please run "squid -k parse" with the new Squid version. It is especially
important when jumping many versions like a 2.x to 3.5 does.

All issues it highlights as FATAL and ERROR must be fixed before you can
expect Squid to run properly. Anything labeled WARNING should also be
looked into and fixed where possible to avoid odd or annoying behaviours.

Have you checked the release notes for all the skipped Squid-3.x versions?
 While Squid operates mostly the same there have been some significant
changes to both HTTP and TLS/SSL in the last decade that result in some
very different visible behaviours at times.



If the problem(s) remain after doing the above please explain "not working".

What you do see _exactly_ which makes you think something is going
wrong? we need details of the problem to provide any useful help.


> Squid proxy not working when upgrade to 3.5 and it will not caching anything
>

The lack of caching is easily explained by reading the comments in your
config file(s):

> # Disable caching
> cache deny all

and

> # the proxy-only indicates that caching will not be performed.
> cache_peer ... proxy-only ...


You display two config files below. How does this relate to your Squid?
are you running two proxies and how are they related?


> ----------------------------------------------------------------------------
>
> #Default:
> # windows_ipaddrchangemonitor on
>
> visible_hostname oul163.hkbb.edu.hk
> http_port 3128 accel vhost defaultsite=oul163.hkbb.edu.hk

> https_port 80 accel cert=/etc/squid/certs/ouhk.crt
> key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
> protocol=https options=NO_SSLv3:NO_SSLv2

Port 80 is a reserved port for HTTP traffic. Not for HTTPS traffic.


> https_port 8000 accel cert=/etc/squid/certs/ouhk.crt
> key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
> protocol=https options=NO_SSLv3:NO_SSLv2
> #https_port 8004 accel cert=/etc/squid/certs/ouhk.crt
> key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
> protocol=https options=NO_SSLv3:NO_SSLv2
> https_port 8004 accel cert=/etc/squid/certs/ouhk2.crt
> key=/etc/squid/certs/ouhk2.key defaultsite=oul163.hkbb.edu.hk vhost
> protocol=https options=NO_SSLv3:NO_SSLv2
> #https_port 8005 accel cert=/etc/squid/certs/ouhk.crt
> key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
> protocol=https options=NO_SSLv3:NO_SSLv2
> https_port 8005 accel cert=/etc/squid/certs/ouhk3.crt
> key=/etc/squid/certs/ouhk3.key defaultsite=oul163.hkbb.edu.hk vhost
> protocol=https options=NO_SSLv3:NO_SSLv2

FYI: Squid does understands line wrapping in the config. For very long
lines you can end a line with slash '\' and start the next with
whitespace to make it easier to read.


> #ssl_bump allow all
> #              Disable the following one
> #ssl_bump options=NO_SSLv3
> #always_direct allow all
> #              Disable the following one
> #sslproxy_cert_error allow all
> sslproxy_options NO_SSLv3:NO_SSLv2
> access_log /var/log/squid/access.log squid
> cache_effective_user squid
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
>
> # the proxy-only indicates that caching will not be performed.
> cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
> cache_peer_domain prdhrms prdhrms.hkbb.edu.hk

> cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
> proxy-only   name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
> #cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
> proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
> cache_peer_domain uathrms uathrms.hkbb.edu.hk
> cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
> proxy-only   name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
> cache_peer_domain sithrms sithrms.hkbb.edu.hk
> cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
> proxy-only  name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
> #cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
> name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
> cache_peer_domain devhrms devhrms.hkbb.edu.hk


NP: cache_peer_domain is deprecated and has been removed from Squid-4
and later. You should replace these with cache_peer_access lines in
Squid-3 to avoid further problems on later upgrades.


Also, you are using reverse-proxy ports (accel vhost) but do not have
originserver set for any of the enabled cache_peer.

This is one of the major changes between HTTP/1.0 (Squid-2.x) and
HTTP/1.1 (Squid-3.x) that the origin servers have different syntax to
proxy traffic. Squid should be told accurately what type of peer it is
communicating with to properly optimize traffic performance and protocol
behaviours for the channel.


>
> # Create an additional ACL for local network access
> acl localip src 192.168.31.0/24
>

Squid-3 and later configs define the above as an ACL called "localnet".


> # access control list
> acl hrmsacl dstdomain .hkbb.edu.hk
> http_access allow hrmsacl
> #acl hrmsacl2 dstdomain devhrms.hkbb.edu.hk
> #cache_peer_access devhrms allow hrmsacl2
> cache_peer_access prdhrms allow hrmsacl
> cache_peer_access uathrms allow hrmsacl
> cache_peer_access sithrms allow hrmsacl
> cache_peer_access devhrms allow hrmsacl
> #cache_peer_access secure allow SSL_ports
>
> # Additional ACL definitions
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> acl purge method PURGE
> acl CONNECT method CONNECT


All of the above common ACL definitions are now built-in to Squid and
can be removed from the config file. They were incrementally changed
though, so see the output of squid -k parse for which ones in your
particular release.

>
> # Restrictions
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny all

These can be simplified to:

 http_access deny !localhost
 http_access allow manager
 http_access allow purge
 http_access deny all

>
> # Disable caching
> cache deny all
>
> logfile_rotate 10
>

The logfile_rotate default value is 10 unless your Squid has explicitly
been patched to use a different value (eg. as done by Debian/Ubuntu).

In Squid-3 and later there is no need to define anything to its default
value. So the above line can probably be removed.


The below appears to be a different config file, but contains all the
same issues with cache_peer.


> oul163:/etc/squid # vi  squid.conf
> cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
> cache_peer_domain prdhrms prdhrms.hkbb.edu.hk
> cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
> proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
> #cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
> proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
> cache_peer_domain uathrms uathrms.hkbb.edu.hk
> cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
> proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
> cache_peer_domain sithrms sithrms.hkbb.edu.hk
> cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
> proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
> #cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
> name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
> cache_peer_domain devhrms devhrms.hkbb.edu.hk
>
> # Create an additional ACL for local network access
> acl localip src 192.168.31.0/24
>
> # access control list
> acl hrmsacl dstdomain .hkbb.edu.hk
> http_access allow hrmsacl
> #acl hrmsacl2 dstdomain devhrms.hkbb.edu.hk
> #cache_peer_access devhrms allow hrmsacl2
> cache_peer_access prdhrms allow hrmsacl
> cache_peer_access uathrms allow hrmsacl
> cache_peer_access sithrms allow hrmsacl
> cache_peer_access devhrms allow hrmsacl
> #cache_peer_access secure allow SSL_ports
>
> # Additional ACL definitions
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> acl purge method PURGE
> acl CONNECT method CONNECT
>
> # Restrictions
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny all
>
> # Disable caching
> cache deny all
>
> logfile_rotate 10
>
>


Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
The result of squid -k parse

oul163:/etc/squid # squid -k parse
2018/10/23 16:51:05| Startup: Initializing Authentication Schemes ...
2018/10/23 16:51:05| Startup: Initialized Authentication Scheme 'basic'
2018/10/23 16:51:05| Startup: Initialized Authentication Scheme 'digest'
2018/10/23 16:51:05| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/23 16:51:05| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/23 16:51:05| Startup: Initialized Authentication.
2018/10/23 16:51:05| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/23 16:51:05| Processing: acl localnet src 10.0.0.0/8
2018/10/23 16:51:05| Processing: acl localnet src 172.16.0.0/12
2018/10/23 16:51:05| Processing: acl localnet src 192.168.0.0/16
2018/10/23 16:51:05| Processing: acl localnet src fc00::/7
2018/10/23 16:51:05| Processing: acl localnet src fe80::/10
2018/10/23 16:51:05| Processing: acl localnet src 192.168.31.0/24
2018/10/23 16:51:05| WARNING: (A) '192.168.31.0/24' is a subnetwork of (B)
'192.168.0.0/16'
2018/10/23 16:51:05| WARNING: because of this '192.168.31.0/24' is ignored
to keep splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '192.168.31.0/24'
from the ACL named 'localnet'
2018/10/23 16:51:05| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/23 16:51:05| Processing: acl Safe_ports port 80
2018/10/23 16:51:05| Processing: acl Safe_ports port 21
2018/10/23 16:51:05| Processing: acl Safe_ports port 443
2018/10/23 16:51:05| Processing: acl Safe_ports port 70
2018/10/23 16:51:05| Processing: acl Safe_ports port 210
2018/10/23 16:51:05| Processing: acl Safe_ports port 1025-65535
2018/10/23 16:51:05| Processing: acl Safe_ports port 280
2018/10/23 16:51:05| Processing: acl Safe_ports port 488
2018/10/23 16:51:05| Processing: acl Safe_ports port 591
2018/10/23 16:51:05| Processing: acl Safe_ports port 777
2018/10/23 16:51:05| Processing: acl CONNECT method CONNECT
2018/10/23 16:51:05| Processing: access_log /var/log/squid/access.log
2018/10/23 16:51:05| Processing: http_access allow localnet
2018/10/23 16:51:05| Processing: http_access allow localhost
2018/10/23 16:51:05| Processing: http_port 3128
2018/10/23 16:51:05| Processing: coredump_dir /var/cache/squid
2018/10/23 16:51:05| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/23 16:51:05| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/23 16:51:05| Processing: refresh_pattern -i  (/cgi-bin/|\?) 0 0 0
2018/10/23 16:51:05| Processing: refresh_pattern . 0 20 4320
2018/10/23 16:51:05| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/23 16:51:05| Processing: cache_log /var/log/squid/cache.log
2018/10/23 16:51:05| Processing: cache_mem 8 MB
2018/10/23 16:51:05| Processing: cache_mgr webmaster
2018/10/23 16:51:05| Processing: cache_replacement_policy lru
2018/10/23 16:51:05| Processing: cache_store_log /var/log/squid/store.log
2018/10/23 16:51:05| Processing: cache_swap_high 95
2018/10/23 16:51:05| Processing: cache_swap_low 90
2018/10/23 16:51:05| Processing: client_lifetime 1 days
2018/10/23 16:51:05| Processing: connect_timeout 2 minutes
2018/10/23 16:51:05| Processing: error_directory /usr/share/squid/errors/en
2018/10/23 16:51:05| Processing: ftp_passive on
2018/10/23 16:51:05| Processing: maximum_object_size 4096 KB
2018/10/23 16:51:05| Processing: memory_replacement_policy lru
2018/10/23 16:51:05| Processing: minimum_object_size 0 KB
2018/10/23 16:51:05| Processing: visible_hostname oul299.ouhk.edu.hk
2018/10/23 16:51:05| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/23 16:51:05| Processing: https_port 80 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: https_port 8000 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: https_port 8004 accel
cert=/etc/squid/certs/ouhk2.crt key=/etc/squid/certs/ouhk2.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: https_port 8005 accel
cert=/etc/squid/certs/ouhk3.crt key=/etc/squid/certs/ouhk3.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: access_log /var/log/squid/access.log squid
2018/10/23 16:51:05| Processing: cache_effective_user squid
2018/10/23 16:51:05| Processing: cache_log /var/log/squid/cache.log
2018/10/23 16:51:05| Processing: cache_store_log /var/log/squid/store.log
2018/10/23 16:51:05| Processing: cache_peer 192.168.31.113 parent 8001 0
proxy-only name=prdhrms
2018/10/23 16:51:05| Processing: cache_peer_domain prdhrms
prdhrms.ouhk.edu.hk
2018/10/23 16:51:05| Processing: cache_peer 192.168.31.134 parent 8005 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=uathrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: cache_peer_domain uathrms
uathrms.ouhk.edu.hk
2018/10/23 16:51:05| Processing: cache_peer 192.168.31.134 parent 8004 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=sithrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: cache_peer_domain sithrms
sithrms.ouhk.edu.hk
2018/10/23 16:51:05| Processing: cache_peer 192.168.31.134 parent 8000 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=devhrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: cache_peer_domain devhrms
devhrms.ouhk.edu.hk
2018/10/23 16:51:05| Processing: acl localip src 192.168.31.0/24
2018/10/23 16:51:05| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/23 16:51:05| Processing: http_access allow hrmsacl
2018/10/23 16:51:05| Processing: cache_peer_access prdhrms allow hrmsacl
2018/10/23 16:51:05| Processing: cache_peer_access uathrms allow hrmsacl
2018/10/23 16:51:05| Processing: cache_peer_access sithrms allow hrmsacl
2018/10/23 16:51:05| Processing: cache_peer_access devhrms allow hrmsacl
2018/10/23 16:51:05| Processing: acl all src all
2018/10/23 16:51:05| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2018/10/23 16:51:05| WARNING: because of this '::/0' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '::/0' from the ACL
named 'all'
2018/10/23 16:51:05| Processing: acl manager proto cache_object
2018/10/23 16:51:05| UPGRADE: ACL 'manager' is now a built-in ACL. Remove it
from your config file.
2018/10/23 16:51:05| Processing: acl localhost src 127.0.0.1/32
2018/10/23 16:51:05| WARNING: (B) '127.0.0.1' is a subnetwork of (A)
'127.0.0.1'
2018/10/23 16:51:05| WARNING: because of this '127.0.0.1' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '127.0.0.1' from
the ACL named 'localhost'
2018/10/23 16:51:05| WARNING: (B) '127.0.0.1' is a subnetwork of (A)
'127.0.0.1'
2018/10/23 16:51:05| WARNING: because of this '127.0.0.1' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '127.0.0.1' from
the ACL named 'localhost'
2018/10/23 16:51:05| Processing: acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
2018/10/23 16:51:05| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A)
'127.0.0.0/8'
2018/10/23 16:51:05| WARNING: because of this '127.0.0.0/8' is ignored to
keep splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '127.0.0.0/8' from
the ACL named 'to_localhost'
2018/10/23 16:51:05| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2018/10/23 16:51:05| WARNING: because of this '0.0.0.0' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '0.0.0.0' from the
ACL named 'to_localhost'
2018/10/23 16:51:05| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2018/10/23 16:51:05| WARNING: because of this '0.0.0.0' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '0.0.0.0' from the
ACL named 'to_localhost'
2018/10/23 16:51:05| Processing: acl purge method PURGE
2018/10/23 16:51:05| Processing: acl CONNECT method CONNECT
2018/10/23 16:51:05| Processing: http_access allow manager localhost
2018/10/23 16:51:05| Processing: http_access deny manager
2018/10/23 16:51:05| Processing: http_access allow purge localhost
2018/10/23 16:51:05| Processing: http_access deny purge
2018/10/23 16:51:05| Processing: http_access deny all
2018/10/23 16:51:05| Processing: logfile_rotate 10
2018/10/23 16:51:05| Initializing https proxy context
2018/10/23 16:51:05| Initializing cache_peer uathrms SSL context
2018/10/23 16:51:05| Initializing cache_peer sithrms SSL context
2018/10/23 16:51:05| Initializing cache_peer devhrms SSL context
2018/10/23 16:51:05| Initializing https_port [::]:80 SSL context
2018/10/23 16:51:05| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/23 16:51:05| Initializing https_port [::]:8000 SSL context
2018/10/23 16:51:05| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/23 16:51:05| Initializing https_port [::]:8004 SSL context
2018/10/23 16:51:05| Using certificate in /etc/squid/certs/ouhk2.crt
2018/10/23 16:51:05| Initializing https_port [::]:8005 SSL context
2018/10/23 16:51:05| Using certificate in /etc/squid/certs/ouhk3.crt




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Matus UHLAR - fantomas
What does mean "Squid proxy not working"?
On 23.10.18 03:52, Angus J. wrote:
>The result of squid -k parse

did you read this output?
did you do other thing Amos has recommended to you?

according to logs down, squid DOES listen for connections.

>oul163:/etc/squid # squid -k parse

>2018/10/23 16:51:05| Processing: acl localnet src 192.168.0.0/16

>2018/10/23 16:51:05| Processing: acl localnet src 192.168.31.0/24
>2018/10/23 16:51:05| WARNING: (A) '192.168.31.0/24' is a subnetwork of (B)
>'192.168.0.0/16'
>2018/10/23 16:51:05| WARNING: because of this '192.168.31.0/24' is ignored
>to keep splay tree searching predictable
>2018/10/23 16:51:05| WARNING: You should probably remove '192.168.31.0/24'
>from the ACL named 'localnet'

... there's no point in adding 192.168.0.0/16 and 192.168.31.0/24 both
- squid recommends you to remove 192.168.31.0/24

>2018/10/23 16:51:05| Processing: acl all src all

>2018/10/23 16:51:05| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
>2018/10/23 16:51:05| WARNING: because of this '::/0' is ignored to keep
>splay tree searching predictable
>2018/10/23 16:51:05| WARNING: You should probably remove '::/0' from the ACL
>named 'all'

acl "all" is built-in, you don't have to define it.


>2018/10/23 16:51:05| Processing: acl manager proto cache_object
>2018/10/23 16:51:05| UPGRADE: ACL 'manager' is now a built-in ACL. Remove it
>from your config file.

...the same applies for "manager" acl.

>2018/10/23 16:51:05| Processing: acl localhost src 127.0.0.1/32
>2018/10/23 16:51:05| WARNING: (B) '127.0.0.1' is a subnetwork of (A)
>'127.0.0.1'
>2018/10/23 16:51:05| WARNING: because of this '127.0.0.1' is ignored to keep
>splay tree searching predictable
>2018/10/23 16:51:05| WARNING: You should probably remove '127.0.0.1' from
>the ACL named 'localhost'

seems that you have localhost defined two times.

>2018/10/23 16:51:05| Processing: acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
>2018/10/23 16:51:05| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A)
>'127.0.0.0/8'
>2018/10/23 16:51:05| WARNING: because of this '127.0.0.0/8' is ignored to
>keep splay tree searching predictable
>2018/10/23 16:51:05| WARNING: You should probably remove '127.0.0.0/8' from
>the ACL named 'to_localhost'

... and same applies to to_localhost


--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
Hi

I have revised the squid.conf

oul163:/etc/squid # squid -k parse
2018/10/23 18:12:35| Startup: Initializing Authentication Schemes ...
2018/10/23 18:12:35| Startup: Initialized Authentication Scheme 'basic'
2018/10/23 18:12:35| Startup: Initialized Authentication Scheme 'digest'
2018/10/23 18:12:35| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/23 18:12:35| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/23 18:12:35| Startup: Initialized Authentication.
2018/10/23 18:12:35| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/23 18:12:35| Processing: acl localnet src 10.0.0.0/8
2018/10/23 18:12:35| Processing: acl localnet src 172.16.0.0/12
2018/10/23 18:12:35| Processing: acl localnet src 192.168.0.0/16
2018/10/23 18:12:35| Processing: acl localnet src fc00::/7
2018/10/23 18:12:35| Processing: acl localnet src fe80::/10
2018/10/23 18:12:35| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/23 18:12:35| Processing: acl Safe_ports port 80
2018/10/23 18:12:35| Processing: acl Safe_ports port 21
2018/10/23 18:12:35| Processing: acl Safe_ports port 443
2018/10/23 18:12:35| Processing: acl Safe_ports port 70
2018/10/23 18:12:35| Processing: acl Safe_ports port 210
2018/10/23 18:12:35| Processing: acl Safe_ports port 1025-65535
2018/10/23 18:12:35| Processing: acl Safe_ports port 280
2018/10/23 18:12:35| Processing: acl Safe_ports port 488
2018/10/23 18:12:35| Processing: acl Safe_ports port 591
2018/10/23 18:12:35| Processing: acl Safe_ports port 777
2018/10/23 18:12:35| Processing: acl CONNECT method CONNECT
2018/10/23 18:12:35| Processing: access_log /var/log/squid/access.log
2018/10/23 18:12:35| Processing: http_access allow localnet
2018/10/23 18:12:35| Processing: http_access allow localhost
2018/10/23 18:12:35| Processing: http_port 3128
2018/10/23 18:12:35| Processing: coredump_dir /var/cache/squid
2018/10/23 18:12:35| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/23 18:12:35| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/23 18:12:35| Processing: refresh_pattern -i  (/cgi-bin/|\?) 0 0 0
2018/10/23 18:12:35| Processing: refresh_pattern . 0 20 4320
2018/10/23 18:12:35| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/23 18:12:35| Processing: cache_log /var/log/squid/cache.log
2018/10/23 18:12:35| Processing: cache_mem 8 MB
2018/10/23 18:12:35| Processing: cache_mgr webmaster
2018/10/23 18:12:35| Processing: cache_replacement_policy lru
2018/10/23 18:12:35| Processing: cache_store_log /var/log/squid/store.log
2018/10/23 18:12:35| Processing: cache_swap_high 95
2018/10/23 18:12:35| Processing: cache_swap_low 90
2018/10/23 18:12:35| Processing: client_lifetime 1 days
2018/10/23 18:12:35| Processing: connect_timeout 2 minutes
2018/10/23 18:12:35| Processing: error_directory /usr/share/squid/errors/en
2018/10/23 18:12:35| Processing: ftp_passive on
2018/10/23 18:12:35| Processing: maximum_object_size 4096 KB
2018/10/23 18:12:35| Processing: memory_replacement_policy lru
2018/10/23 18:12:35| Processing: minimum_object_size 0 KB
2018/10/23 18:12:35| Processing: visible_hostname oul299.ouhk.edu.hk
2018/10/23 18:12:35| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/23 18:12:35| Processing: https_port 80 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: https_port 8000 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: https_port 8004 accel
cert=/etc/squid/certs/ouhk2.crt key=/etc/squid/certs/ouhk2.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: https_port 8005 accel
cert=/etc/squid/certs/ouhk3.crt key=/etc/squid/certs/ouhk3.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: access_log /var/log/squid/access.log squid
2018/10/23 18:12:35| Processing: cache_effective_user squid
2018/10/23 18:12:35| Processing: cache_log /var/log/squid/cache.log
2018/10/23 18:12:35| Processing: cache_store_log /var/log/squid/store.log
2018/10/23 18:12:35| Processing: cache_peer 192.168.31.113 parent 8001 0
proxy-only name=prdhrms
2018/10/23 18:12:35| Processing: cache_peer_domain prdhrms
prdhrms.ouhk.edu.hk
2018/10/23 18:12:35| Processing: cache_peer 192.168.31.134 parent 8005 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=uathrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: cache_peer_domain uathrms
uathrms.ouhk.edu.hk
2018/10/23 18:12:35| Processing: cache_peer 192.168.31.134 parent 8004 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=sithrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: cache_peer_domain sithrms
sithrms.ouhk.edu.hk
2018/10/23 18:12:35| Processing: cache_peer 192.168.31.134 parent 8000 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=devhrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: cache_peer_domain devhrms
devhrms.ouhk.edu.hk
2018/10/23 18:12:35| Processing: acl localip src 192.168.31.0/24
2018/10/23 18:12:35| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/23 18:12:35| Processing: http_access allow hrmsacl
2018/10/23 18:12:35| Processing: cache_peer_access prdhrms allow hrmsacl
2018/10/23 18:12:35| Processing: cache_peer_access uathrms allow hrmsacl
2018/10/23 18:12:35| Processing: cache_peer_access sithrms allow hrmsacl
2018/10/23 18:12:35| Processing: cache_peer_access devhrms allow hrmsacl
2018/10/23 18:12:35| Processing: acl purge method PURGE
2018/10/23 18:12:35| Processing: acl CONNECT method CONNECT
2018/10/23 18:12:35| Processing: http_access deny all
2018/10/23 18:12:35| Processing: logfile_rotate 10
2018/10/23 18:12:35| Initializing https proxy context
2018/10/23 18:12:35| Initializing cache_peer uathrms SSL context
2018/10/23 18:12:35| Initializing cache_peer sithrms SSL context
2018/10/23 18:12:35| Initializing cache_peer devhrms SSL context
2018/10/23 18:12:35| Initializing https_port [::]:80 SSL context
2018/10/23 18:12:35| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/23 18:12:35| Initializing https_port [::]:8000 SSL context
2018/10/23 18:12:35| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/23 18:12:35| Initializing https_port [::]:8004 SSL context
2018/10/23 18:12:35| Using certificate in /etc/squid/certs/ouhk2.crt
2018/10/23 18:12:35| Initializing https_port [::]:8005 SSL context
2018/10/23 18:12:35| Using certificate in /etc/squid/certs/ouhk3.crt




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Amos Jeffries
Administrator
On 23/10/18 11:13 PM, Angus J. wrote:
> Hi
>
> I have revised the squid.conf
>


But still no hints about what "not working" means?


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
This error in IE browser when the connection is go through the squid proxy
server


This site can’t be reached
uathrms.oubb.edu.hk refused to connect.
Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
oul163:/etc/squid # squid -k parse
2018/10/24 11:24:38| Startup: Initializing Authentication Schemes ...
2018/10/24 11:24:38| Startup: Initialized Authentication Scheme 'basic'
2018/10/24 11:24:38| Startup: Initialized Authentication Scheme 'digest'
2018/10/24 11:24:38| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/24 11:24:38| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/24 11:24:38| Startup: Initialized Authentication.
2018/10/24 11:24:38| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/24 11:24:38| Processing: acl localnet src 10.0.0.0/8
2018/10/24 11:24:38| Processing: acl localnet src 172.16.0.0/12
2018/10/24 11:24:38| Processing: acl localnet src 192.168.0.0/16
2018/10/24 11:24:38| Processing: acl localnet src fc00::/7
2018/10/24 11:24:38| Processing: acl localnet src fe80::/10
2018/10/24 11:24:38| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/24 11:24:38| Processing: acl Safe_ports port 80
2018/10/24 11:24:38| Processing: acl Safe_ports port 21
2018/10/24 11:24:38| Processing: acl Safe_ports port 443
2018/10/24 11:24:38| Processing: acl Safe_ports port 70
2018/10/24 11:24:38| Processing: acl Safe_ports port 210
2018/10/24 11:24:38| Processing: acl Safe_ports port 1025-65535
2018/10/24 11:24:38| Processing: acl Safe_ports port 280
2018/10/24 11:24:38| Processing: acl Safe_ports port 488
2018/10/24 11:24:38| Processing: acl Safe_ports port 591
2018/10/24 11:24:38| Processing: acl Safe_ports port 777
2018/10/24 11:24:38| Processing: acl CONNECT method CONNECT
2018/10/24 11:24:38| Processing: access_log /var/log/squid/access.log
2018/10/24 11:24:38| Processing: http_access deny !Safe_ports
2018/10/24 11:24:38| Processing: http_access deny CONNECT !SSL_ports
2018/10/24 11:24:38| Processing: http_access allow localhost manager
2018/10/24 11:24:38| Processing: http_access deny manager
2018/10/24 11:24:38| Processing: http_access allow localnet
2018/10/24 11:24:38| Processing: http_access allow localhost
2018/10/24 11:24:38| Processing: http_access deny all
2018/10/24 11:24:38| Processing: http_port 3128
2018/10/24 11:24:38| Processing: coredump_dir /var/cache/squid
2018/10/24 11:24:38| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/24 11:24:38| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/24 11:24:38| Processing: refresh_pattern -i  (/cgi-bin/|\?) 0 0 0
2018/10/24 11:24:38| Processing: refresh_pattern . 0 20 4320
2018/10/24 11:24:38| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/24 11:24:38| Processing: cache_log /var/log/squid/cache.log
2018/10/24 11:24:38| Processing: cache_mem 8 MB
2018/10/24 11:24:38| Processing: cache_mgr webmaster
2018/10/24 11:24:38| Processing: cache_replacement_policy lru
2018/10/24 11:24:38| Processing: cache_store_log /var/log/squid/store.log
2018/10/24 11:24:38| Processing: cache_swap_high 95
2018/10/24 11:24:38| Processing: cache_swap_low 90
2018/10/24 11:24:38| Processing: client_lifetime 1 days
2018/10/24 11:24:38| Processing: connect_timeout 2 minutes
2018/10/24 11:24:38| Processing: error_directory /usr/share/squid/errors/en
2018/10/24 11:24:38| Processing: ftp_passive on
2018/10/24 11:24:38| Processing: maximum_object_size 4096 KB
2018/10/24 11:24:38| Processing: memory_replacement_policy lru
2018/10/24 11:24:38| Processing: minimum_object_size 0 KB
2018/10/24 11:24:38| Processing: visible_hostname oul163.ouhk.edu.hk
2018/10/24 11:24:38| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/24 11:24:38| Processing: https_port 80 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: https_port 8000 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: https_port 8004 accel
cert=/etc/squid/certs/ouhk2.crt key=/etc/squid/certs/ouhk2.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: https_port 8005 accel
cert=/etc/squid/certs/ouhk3.crt key=/etc/squid/certs/ouhk3.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: cache_peer 192.168.31.113 parent 8001 0
proxy-only name=prdhrms
2018/10/24 11:24:38| Processing: cache_peer_domain prdhrms
prdhrms.ouhk.edu.hk
2018/10/24 11:24:38| Processing: cache_peer 192.168.31.134 parent 8005 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=uathrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: cache_peer_domain uathrms
uathrms.ouhk.edu.hk
2018/10/24 11:24:38| Processing: cache_peer 192.168.31.134 parent 8004 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=sithrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: cache_peer_domain sithrms
sithrms.ouhk.edu.hk
2018/10/24 11:24:38| Processing: cache_peer 192.168.31.134 parent 8000 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=devhrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: cache_peer_domain devhrms
devhrms.ouhk.edu.hk
2018/10/24 11:24:38| Processing: acl localip src 192.168.31.0/24
2018/10/24 11:24:38| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/24 11:24:38| Processing: http_access allow hrmsacl
2018/10/24 11:24:38| Processing: cache_peer_access prdhrms allow hrmsacl
2018/10/24 11:24:38| Processing: cache_peer_access uathrms allow hrmsacl
2018/10/24 11:24:38| Processing: cache_peer_access sithrms allow hrmsacl
2018/10/24 11:24:38| Processing: cache_peer_access devhrms allow hrmsacl
2018/10/24 11:24:38| Initializing https proxy context
2018/10/24 11:24:38| Initializing cache_peer uathrms SSL context
2018/10/24 11:24:38| Initializing cache_peer sithrms SSL context
2018/10/24 11:24:38| Initializing cache_peer devhrms SSL context
2018/10/24 11:24:38| Initializing https_port [::]:80 SSL context
2018/10/24 11:24:38| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/24 11:24:38| Initializing https_port [::]:8000 SSL context
2018/10/24 11:24:38| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/24 11:24:38| Initializing https_port [::]:8004 SSL context
2018/10/24 11:24:38| Using certificate in /etc/squid/certs/ouhk2.crt
2018/10/24 11:24:38| Initializing https_port [::]:8005 SSL context
2018/10/24 11:24:38| Using certificate in /etc/squid/certs/ouhk3.crt




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Matus UHLAR - fantomas
In reply to this post by Angus J.
On 23.10.18 22:15, Angus J. wrote:

>This error in IE browser when the connection is go through the squid proxy
>server
>
>
>This site can’t be reached
>uathrms.oubb.edu.hk refused to connect.
>Try:
>
>Checking the connection
>Checking the proxy and the firewall
>ERR_CONNECTION_REFUSED

1. How is squid confdigured in windows (IE uses windows proxy settings)?
2. whats's in squid access and cache logs?
3. we have repeatedly asked you: why do you insist on using port 80 for
   HTTPS, when port 80 is HTTP non-SSL port?


--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
1. How is squid confdigured in windows (IE uses windows proxy settings)?
NO
 
2. whats's in squid access and cache logs?
-rw-r----- 1 squid squid      0 Oct 22 12:21 access.log
-rw-r----- 1 squid squid      0 Oct 22 13:02 netdb.state
-rw-r----- 1 squid squid   6498 Oct 24 11:29 store.log
-rw-r----- 1 squid squid 141946 Oct 24 11:29 cache.log

2018/10/24 11:27:34 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507
objects
2018/10/24 11:27:34 kid1| Target number of buckets: 425
2018/10/24 11:27:34 kid1| Using 8192 Store buckets
2018/10/24 11:27:34 kid1| Max Mem  size: 8192 KB
2018/10/24 11:27:34 kid1| Max Swap size: 102400 KB
2018/10/24 11:27:34 kid1| Rebuilding storage in /var/cache/squid (dirty log)
2018/10/24 11:27:34 kid1| Using Least Load store dir selection
2018/10/24 11:27:34 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:27:34 kid1| Finished loading MIME types and icons.
2018/10/24 11:27:34 kid1| HTCP Disabled.
2018/10/24 11:27:34 kid1| commBind: Cannot bind socket FD 24 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:27:34 kid1| commBind: Cannot bind socket FD 25 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:27:34 kid1| ERROR: Failed to create helper child read FD:
UDP[::1]
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.113/8001/0
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8005/0
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8004/0
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8000/0
2018/10/24 11:27:34 kid1| Squid plugin modules loaded: 0
2018/10/24 11:27:34 kid1| Adaptation support is off.
2018/10/24 11:27:34 kid1| Accepting HTTP Socket connections at
local=[::]:3128 remote=[::] FD 18 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTP Socket connections at
local=[::]:3128 remote=[::] FD 19 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:80 remote=[::] FD 20 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8000 remote=[::] FD 21 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8004 remote=[::] FD 22 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8005 remote=[::] FD 23 flags=9
2018/10/24 11:27:34 kid1| Done reading /var/cache/squid swaplog (0 entries)
2018/10/24 11:27:34 kid1| Store rebuilding is 0.00% complete
2018/10/24 11:27:34 kid1| Finished rebuilding storage from disk.
2018/10/24 11:27:34 kid1|         0 Entries scanned
2018/10/24 11:27:34 kid1|         0 Invalid entries.
2018/10/24 11:27:34 kid1|         0 With invalid flags.
2018/10/24 11:27:34 kid1|         0 Objects loaded.
2018/10/24 11:27:34 kid1|         0 Objects expired.
2018/10/24 11:27:34 kid1|         0 Objects cancelled.
2018/10/24 11:27:34 kid1|         0 Duplicate URLs purged.
2018/10/24 11:27:34 kid1|         0 Swapfile clashes avoided.
2018/10/24 11:27:34 kid1|   Took 0.02 seconds (  0.00 objects/sec).
2018/10/24 11:27:34 kid1| Beginning Validation Procedure
2018/10/24 11:27:34 kid1| ERROR: listen( FD 19, [::] [ job2], 1024): (98)
Address already in use
2018/10/24 11:27:34 kid1|   Completed Validation Procedure
2018/10/24 11:27:34 kid1|   Validated 0 Entries
2018/10/24 11:27:34 kid1|   store_swap_size = 0.00 KB
2018/10/24 11:27:35 kid1| storeLateRelease: released 0 objects
2018/10/24 11:29:31| Set Current Directory to /var/cache/squid
2018/10/24 11:29:31 kid1| Killing master process, pid 8464
2018/10/24 11:29:31 kid1| Preparing for shutdown after 0 requests
2018/10/24 11:29:31 kid1| Waiting 30 seconds for active connections to
finish
2018/10/24 11:29:31 kid1| Closing HTTP port [::]:3128
2018/10/24 11:29:31 kid1| Closing HTTP port [::]:3128
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:80
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8000
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8004
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8005
2018/10/24 11:29:32 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:29:32 kid1| Starting Squid Cache version 3.5.21 for
x86_64-suse-linux-gnu...
2018/10/24 11:29:32 kid1| Service Name: squid
2018/10/24 11:29:32 kid1| Process ID 8497
2018/10/24 11:29:32 kid1| Process Roles: worker
2018/10/24 11:29:32 kid1| With 4096 file descriptors available
2018/10/24 11:29:32 kid1| Initializing IP Cache...
2018/10/24 11:29:32 kid1| DNS Socket created at [::], FD 6
2018/10/24 11:29:32 kid1| DNS Socket created at 0.0.0.0, FD 7
2018/10/24 11:29:32 kid1| Adding domain ouhk.edu.hk from /etc/resolv.conf
2018/10/24 11:29:32 kid1| Adding nameserver 192.207.91.2 from
/etc/resolv.conf
2018/10/24 11:29:32 kid1| Adding nameserver 192.207.91.1 from
/etc/resolv.conf
2018/10/24 11:29:32 kid1| Logfile: opening log /var/log/squid/access.log
2018/10/24 11:29:32 kid1| WARNING: log name now starts with a module name.
Use 'stdio:/var/log/squid/access.log'
2018/10/24 11:29:32 kid1| Unlinkd pipe opened on FD 14
2018/10/24 11:29:32 kid1| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2018/10/24 11:29:32 kid1| Logfile: opening log /var/log/squid/store.log
2018/10/24 11:29:32 kid1| WARNING: log name now starts with a module name.
Use 'stdio:/var/log/squid/store.log'
2018/10/24 11:29:32 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507
objects
2018/10/24 11:29:32 kid1| Target number of buckets: 425
2018/10/24 11:29:32 kid1| Using 8192 Store buckets
2018/10/24 11:29:32 kid1| Max Mem  size: 8192 KB
2018/10/24 11:29:32 kid1| Max Swap size: 102400 KB
2018/10/24 11:29:32 kid1| Rebuilding storage in /var/cache/squid (dirty log)
2018/10/24 11:29:32 kid1| Using Least Load store dir selection
2018/10/24 11:29:32 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:29:32 kid1| Finished loading MIME types and icons.
2018/10/24 11:29:32 kid1| HTCP Disabled.
2018/10/24 11:29:32 kid1| commBind: Cannot bind socket FD 24 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:29:32 kid1| commBind: Cannot bind socket FD 25 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:29:32 kid1| ERROR: Failed to create helper child read FD:
UDP[::1]
2018/10/24 11:29:32 kid1| Configuring Parent 192.168.31.113/8001/0
2018/10/24 11:29:32 kid1| Configuring Parent 192.168.31.134/8005/0
2018/10/24 11:29:32 kid1| Configuring Parent 192.168.31.134/8004/0
2018/10/24 11:29:32 kid1| Configuring Parent 192.168.31.134/8000/0
2018/10/24 11:29:32 kid1| Squid plugin modules loaded: 0
2018/10/24 11:29:32 kid1| Adaptation support is off.
2018/10/24 11:29:32 kid1| Accepting HTTP Socket connections at
local=[::]:3128 remote=[::] FD 18 flags=9
2018/10/24 11:29:32 kid1| Accepting reverse-proxy HTTP Socket connections at
local=[::]:3128 remote=[::] FD 19 flags=9
2018/10/24 11:29:32 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:80 remote=[::] FD 20 flags=9
2018/10/24 11:29:32 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8000 remote=[::] FD 21 flags=9
2018/10/24 11:29:32 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8004 remote=[::] FD 22 flags=9
2018/10/24 11:29:32 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8005 remote=[::] FD 23 flags=9
2018/10/24 11:29:32 kid1| Done reading /var/cache/squid swaplog (0 entries)
2018/10/24 11:29:32 kid1| Store rebuilding is 0.00% complete
2018/10/24 11:29:32 kid1| Finished rebuilding storage from disk.
2018/10/24 11:29:32 kid1|         0 Entries scanned
2018/10/24 11:29:32 kid1|         0 Invalid entries.
2018/10/24 11:29:32 kid1|         0 With invalid flags.
2018/10/24 11:29:32 kid1|         0 Objects loaded.
2018/10/24 11:29:32 kid1|         0 Objects expired.
2018/10/24 11:29:32 kid1|         0 Objects cancelled.
2018/10/24 11:29:32 kid1|         0 Duplicate URLs purged.
2018/10/24 11:29:32 kid1|         0 Swapfile clashes avoided.
2018/10/24 11:29:32 kid1|   Took 0.02 seconds (  0.00 objects/sec).
2018/10/24 11:29:32 kid1| Beginning Validation Procedure
2018/10/24 11:29:32 kid1| ERROR: listen( FD 19, [::] [ job2], 1024): (98)
Address already in use
2018/10/24 11:29:32 kid1|   Completed Validation Procedure
2018/10/24 11:29:32 kid1|   Validated 0 Entries
2018/10/24 11:29:32 kid1|   store_swap_size = 0.00 KB
2018/10/24 11:29:33 kid1| storeLateRelease: released 0 objects
2018/10/24 11:29:34| Set Current Directory to /var/cache/squid
2018/10/24 11:29:34 kid1| Killing master process, pid 8495
2018/10/24 11:29:34 kid1| Preparing for shutdown after 0 requests
2018/10/24 11:29:34 kid1| Waiting 30 seconds for active connections to
finish
2018/10/24 11:29:34 kid1| Closing HTTP port [::]:3128
2018/10/24 11:29:34 kid1| Closing HTTP port [::]:3128
2018/10/24 11:29:34 kid1| Closing HTTPS port [::]:80
2018/10/24 11:29:34 kid1| Closing HTTPS port [::]:8000
2018/10/24 11:29:34 kid1| Closing HTTPS port [::]:8004
2018/10/24 11:29:34 kid1| Closing HTTPS port [::]:8005
2018/10/24 11:29:34 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:29:34 kid1| Starting Squid Cache version 3.5.21 for
x86_64-suse-linux-gnu...
2018/10/24 11:29:34 kid1| Service Name: squid
2018/10/24 11:29:34 kid1| Process ID 8525
2018/10/24 11:29:34 kid1| Process Roles: worker
2018/10/24 11:29:34 kid1| With 4096 file descriptors available
2018/10/24 11:29:34 kid1| Initializing IP Cache...
2018/10/24 11:29:34 kid1| DNS Socket created at [::], FD 6
2018/10/24 11:29:34 kid1| DNS Socket created at 0.0.0.0, FD 7
2018/10/24 11:29:34 kid1| Adding domain ouhk.edu.hk from /etc/resolv.conf
2018/10/24 11:29:34 kid1| Adding nameserver 192.207.91.2 from
/etc/resolv.conf
2018/10/24 11:29:34 kid1| Adding nameserver 192.207.91.1 from
/etc/resolv.conf
2018/10/24 11:29:34 kid1| Logfile: opening log /var/log/squid/access.log
2018/10/24 11:29:34 kid1| WARNING: log name now starts with a module name.
Use 'stdio:/var/log/squid/access.log'
2018/10/24 11:29:34 kid1| Unlinkd pipe opened on FD 14
2018/10/24 11:29:34 kid1| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2018/10/24 11:29:34 kid1| Logfile: opening log /var/log/squid/store.log
2018/10/24 11:29:34 kid1| WARNING: log name now starts with a module name.
Use 'stdio:/var/log/squid/store.log'
2018/10/24 11:29:34 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507
objects
2018/10/24 11:29:34 kid1| Target number of buckets: 425
2018/10/24 11:29:34 kid1| Using 8192 Store buckets
2018/10/24 11:29:34 kid1| Max Mem  size: 8192 KB
2018/10/24 11:29:34 kid1| Max Swap size: 102400 KB
2018/10/24 11:29:34 kid1| Rebuilding storage in /var/cache/squid (dirty log)
2018/10/24 11:29:34 kid1| Using Least Load store dir selection
2018/10/24 11:29:34 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:29:34 kid1| Finished loading MIME types and icons.
2018/10/24 11:29:34 kid1| HTCP Disabled.
2018/10/24 11:29:34 kid1| commBind: Cannot bind socket FD 24 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:29:34 kid1| commBind: Cannot bind socket FD 25 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:29:34 kid1| ERROR: Failed to create helper child read FD:
UDP[::1]
2018/10/24 11:29:34 kid1| Configuring Parent 192.168.31.113/8001/0
2018/10/24 11:29:34 kid1| Configuring Parent 192.168.31.134/8005/0
2018/10/24 11:29:34 kid1| Configuring Parent 192.168.31.134/8004/0
2018/10/24 11:29:34 kid1| Configuring Parent 192.168.31.134/8000/0
2018/10/24 11:29:34 kid1| Squid plugin modules loaded: 0
2018/10/24 11:29:34 kid1| Adaptation support is off.
2018/10/24 11:29:34 kid1| Accepting HTTP Socket connections at
local=[::]:3128 remote=[::] FD 18 flags=9
2018/10/24 11:29:34 kid1| Accepting reverse-proxy HTTP Socket connections at
local=[::]:3128 remote=[::] FD 19 flags=9
2018/10/24 11:29:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:80 remote=[::] FD 20 flags=9
2018/10/24 11:29:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8000 remote=[::] FD 21 flags=9
2018/10/24 11:29:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8004 remote=[::] FD 22 flags=9
2018/10/24 11:29:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8005 remote=[::] FD 23 flags=9
2018/10/24 11:29:34 kid1| Done reading /var/cache/squid swaplog (0 entries)
2018/10/24 11:29:34 kid1| Store rebuilding is 0.00% complete
2018/10/24 11:29:34 kid1| Finished rebuilding storage from disk.
2018/10/24 11:29:34 kid1|         0 Entries scanned
2018/10/24 11:29:34 kid1|         0 Invalid entries.
2018/10/24 11:29:34 kid1|         0 With invalid flags.
2018/10/24 11:29:34 kid1|         0 Objects loaded.
2018/10/24 11:29:34 kid1|         0 Objects expired.
2018/10/24 11:29:34 kid1|         0 Objects cancelled.
2018/10/24 11:29:34 kid1|         0 Duplicate URLs purged.
2018/10/24 11:29:34 kid1|         0 Swapfile clashes avoided.
2018/10/24 11:29:34 kid1|   Took 0.02 seconds (  0.00 objects/sec).
2018/10/24 11:29:34 kid1| Beginning Validation Procedure
2018/10/24 11:29:34 kid1| ERROR: listen( FD 19, [::] [ job2], 1024): (98)
Address already in use
2018/10/24 11:29:34 kid1|   Completed Validation Procedure
2018/10/24 11:29:34 kid1|   Validated 0 Entries
2018/10/24 11:29:34 kid1|   store_swap_size = 0.00 KB
2018/10/24 11:29:35 kid1| storeLateRelease: released 0 objects




3. we have repeatedly asked you: why do you insist on using port 80 for
   HTTPS, when port 80 is HTTP non-SSL port?  I will use 8005 for https



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Amos Jeffries
Administrator

On 25/10/18 10:19 PM, Angus J. wrote:

> 1. How is squid confdigured in windows (IE uses windows proxy settings)?
> NO
>  
> 2. whats's in squid access and cache logs?
> -rw-r----- 1 squid squid      0 Oct 22 12:21 access.log
> -rw-r----- 1 squid squid      0 Oct 22 13:02 netdb.state
> -rw-r----- 1 squid squid   6498 Oct 24 11:29 store.log
> -rw-r----- 1 squid squid 141946 Oct 24 11:29 cache.log
>
> 2018/10/24 11:27:34 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507
> objects
> 2018/10/24 11:27:34 kid1| Target number of buckets: 425
> 2018/10/24 11:27:34 kid1| Using 8192 Store buckets
> 2018/10/24 11:27:34 kid1| Max Mem  size: 8192 KB
> 2018/10/24 11:27:34 kid1| Max Swap size: 102400 KB
> 2018/10/24 11:27:34 kid1| Rebuilding storage in /var/cache/squid (dirty log)
> 2018/10/24 11:27:34 kid1| Using Least Load store dir selection
> 2018/10/24 11:27:34 kid1| Set Current Directory to /var/cache/squid
> 2018/10/24 11:27:34 kid1| Finished loading MIME types and icons.
> 2018/10/24 11:27:34 kid1| HTCP Disabled.
> 2018/10/24 11:27:34 kid1| commBind: Cannot bind socket FD 24 to [::1]: (99)
> Cannot assign requested address
> 2018/10/24 11:27:34 kid1| commBind: Cannot bind socket FD 25 to [::1]: (99)
> Cannot assign requested address
> 2018/10/24 11:27:34 kid1| ERROR: Failed to create helper child read FD:
> UDP[::1]

Hmm, that is odd. I expect there is something wrong with the pinger
install and/or its security permissions.

But seems not to be having too much impact on the proxy. So looking into
it can be delayed to later.



> 2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.113/8001/0
> 2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8005/0
> 2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8004/0
> 2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8000/0
> 2018/10/24 11:27:34 kid1| Squid plugin modules loaded: 0
> 2018/10/24 11:27:34 kid1| Adaptation support is off.
> 2018/10/24 11:27:34 kid1| Accepting HTTP Socket connections at
> local=[::]:3128 remote=[::] FD 18 flags=9
> 2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTP Socket connections at
> local=[::]:3128 remote=[::] FD 19 flags=9


Two http_port lines using port number 3128 ...

> 2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
> at local=[::]:80 remote=[::] FD 20 flags=9
> 2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
> at local=[::]:8000 remote=[::] FD 21 flags=9
> 2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
> at local=[::]:8004 remote=[::] FD 22 flags=9
> 2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
> at local=[::]:8005 remote=[::] FD 23 flags=9
...
> 2018/10/24 11:27:34 kid1| ERROR: listen( FD 19, [::] [ job2], 1024): (98)
> Address already in use

FD 18 and FD 19 both conflicting over who gets to listen on port 3128
and what type of traffic is arriving there.

This port is a registered port for forward-proxy use. Reverse-proxy
(accel mode) traffic has a *different syntax* - the URLs and types of
message that can be delivered are different. So cannot be sharing a port
with forward-proxy traffic.


Log says "ERROR" but is actually something FATAL. That is a bug we need
to fix in the logging and error display.


> 2018/10/24 11:29:31 kid1| Preparing for shutdown after 0 requests
> 2018/10/24 11:29:31 kid1| Waiting 30 seconds for active connections to
> finish
> 2018/10/24 11:29:31 kid1| Closing HTTP port [::]:3128
> 2018/10/24 11:29:31 kid1| Closing HTTP port [::]:3128
> 2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:80
> 2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8000
> 2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8004
> 2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8005
> 2018/10/24 11:29:32 kid1| Set Current Directory to /var/cache/squid
> 2018/10/24 11:29:32 kid1| Starting Squid Cache version 3.5.21 for
> x86_64-suse-linux-gnu...


... and the auto-restart cycle continues.



Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
Hi Amos

# Squid normally listens to port 3128
http_port 3128


http_port 3128 accel vhost defaultsite=oul163.ouhk.edu.hk


This two line of squid.conf , they will cause the ERROR" ?




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
In reply to this post by Amos Jeffries


I have remarked this line , the  port 3128 problem is solved?

# Squid normally listens to port 3128
#http_port 3128



oul163:/var/log/squid # cat cache.log
2018/10/26 10:06:47| Set Current Directory to /var/cache/squid
2018/10/26 10:06:47 kid1| Set Current Directory to /var/cache/squid
2018/10/26 10:06:47 kid1| Starting Squid Cache version 3.5.21 for
x86_64-suse-li                                                                                                
nux-gnu...
2018/10/26 10:06:47 kid1| Service Name: squid
2018/10/26 10:06:47 kid1| Process ID 16743
2018/10/26 10:06:47 kid1| Process Roles: worker
2018/10/26 10:06:47 kid1| With 4096 file descriptors available
2018/10/26 10:06:47 kid1| Initializing IP Cache...
2018/10/26 10:06:47 kid1| DNS Socket created at [::], FD 6
2018/10/26 10:06:47 kid1| DNS Socket created at 0.0.0.0, FD 7
2018/10/26 10:06:47 kid1| Adding domain ouhk.edu.hk from /etc/resolv.conf
2018/10/26 10:06:47 kid1| Adding nameserver 192.207.91.2 from
/etc/resolv.conf
2018/10/26 10:06:47 kid1| Adding nameserver 192.207.91.1 from
/etc/resolv.conf
2018/10/26 10:06:47 kid1| Logfile: opening log /var/log/squid/access.log
2018/10/26 10:06:47 kid1| WARNING: log name now starts with a module name.
Use '                                                                                                
stdio:/var/log/squid/access.log'
2018/10/26 10:06:47 kid1| Unlinkd pipe opened on FD 14
2018/10/26 10:06:47 kid1| Local cache digest enabled; rebuild/rewrite every
3600                                                                                                
/3600 sec
2018/10/26 10:06:47 kid1| Logfile: opening log /var/log/squid/store.log
2018/10/26 10:06:47 kid1| WARNING: log name now starts with a module name.
Use '                                                                                                
stdio:/var/log/squid/store.log'
2018/10/26 10:06:47 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507
objects
2018/10/26 10:06:47 kid1| Target number of buckets: 425
2018/10/26 10:06:47 kid1| Using 8192 Store buckets
2018/10/26 10:06:47 kid1| Max Mem  size: 8192 KB
2018/10/26 10:06:47 kid1| Max Swap size: 102400 KB
2018/10/26 10:06:47 kid1| Rebuilding storage in /var/cache/squid (dirty log)
2018/10/26 10:06:47 kid1| Using Least Load store dir selection
2018/10/26 10:06:47 kid1| Set Current Directory to /var/cache/squid
2018/10/26 10:06:47 kid1| Finished loading MIME types and icons.
2018/10/26 10:06:47 kid1| HTCP Disabled.
2018/10/26 10:06:47 kid1| commBind: Cannot bind socket FD 23 to [::1]: (99)
Cann                                                                                                
ot assign requested address
2018/10/26 10:06:47 kid1| commBind: Cannot bind socket FD 24 to [::1]: (99)
Cann                                                                                                
ot assign requested address
2018/10/26 10:06:47 kid1| ERROR: Failed to create helper child read FD:
UDP[::1]
2018/10/26 10:06:47 kid1| Configuring Parent 192.168.31.113/8001/0
2018/10/26 10:06:47 kid1| Configuring Parent 192.168.31.134/8005/0
2018/10/26 10:06:47 kid1| Configuring Parent 192.168.31.134/8004/0
2018/10/26 10:06:47 kid1| Configuring Parent 192.168.31.134/8000/0
2018/10/26 10:06:47 kid1| Squid plugin modules loaded: 0
2018/10/26 10:06:47 kid1| Adaptation support is off.
2018/10/26 10:06:47 kid1| Accepting reverse-proxy HTTP Socket connections at
loc                                                                                                
al=[::]:3128 remote=[::] FD 18 flags=9
2018/10/26 10:06:47 kid1| Accepting reverse-proxy HTTPS Socket connections
at lo                                                                                                
cal=[::]:80 remote=[::] FD 19 flags=9
2018/10/26 10:06:47 kid1| Accepting reverse-proxy HTTPS Socket connections
at lo                                                                                                
cal=[::]:8000 remote=[::] FD 20 flags=9
2018/10/26 10:06:47 kid1| Accepting reverse-proxy HTTPS Socket connections
at lo                                                                                                
cal=[::]:8004 remote=[::] FD 21 flags=9
2018/10/26 10:06:47 kid1| Accepting reverse-proxy HTTPS Socket connections
at lo                                                                                                
cal=[::]:8005 remote=[::] FD 22 flags=9
2018/10/26 10:06:47 kid1| Done reading /var/cache/squid swaplog (0 entries)
2018/10/26 10:06:47 kid1| Store rebuilding is 0.00% complete
2018/10/26 10:06:47 kid1| Finished rebuilding storage from disk.
2018/10/26 10:06:47 kid1|         0 Entries scanned
2018/10/26 10:06:47 kid1|         0 Invalid entries.
2018/10/26 10:06:47 kid1|         0 With invalid flags.
2018/10/26 10:06:47 kid1|         0 Objects loaded.
2018/10/26 10:06:47 kid1|         0 Objects expired.
2018/10/26 10:06:47 kid1|         0 Objects cancelled.
2018/10/26 10:06:47 kid1|         0 Duplicate URLs purged.
2018/10/26 10:06:47 kid1|         0 Swapfile clashes avoided.
2018/10/26 10:06:47 kid1|   Took 0.02 seconds (  0.00 objects/sec).
2018/10/26 10:06:47 kid1| Beginning Validation Procedure
2018/10/26 10:06:47 kid1|   Completed Validation Procedure
2018/10/26 10:06:47 kid1|   Validated 0 Entries
2018/10/26 10:06:47 kid1|   store_swap_size = 0.00 KB
2018/10/26 10:06:48 kid1| storeLateRelease: released 0 objects
oul163:/var/log/squid #




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
oul163:/etc/squid # squid -k parse
2018/10/26 10:14:14| Startup: Initializing Authentication Schemes ...
2018/10/26 10:14:14| Startup: Initialized Authentication Scheme 'basic'
2018/10/26 10:14:14| Startup: Initialized Authentication Scheme 'digest'
2018/10/26 10:14:14| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/26 10:14:14| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/26 10:14:14| Startup: Initialized Authentication.
2018/10/26 10:14:14| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/26 10:14:14| Processing: acl localnet src 10.0.0.0/8
2018/10/26 10:14:14| Processing: acl localnet src 172.16.0.0/12
2018/10/26 10:14:14| Processing: acl localnet src 192.168.0.0/16
2018/10/26 10:14:14| Processing: acl localnet src fc00::/7
2018/10/26 10:14:14| Processing: acl localnet src fe80::/10
2018/10/26 10:14:14| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/26 10:14:14| Processing: acl Safe_ports port 80
2018/10/26 10:14:14| Processing: acl Safe_ports port 21
2018/10/26 10:14:14| Processing: acl Safe_ports port 443
2018/10/26 10:14:14| Processing: acl Safe_ports port 70
2018/10/26 10:14:14| Processing: acl Safe_ports port 210
2018/10/26 10:14:14| Processing: acl Safe_ports port 1025-65535
2018/10/26 10:14:14| Processing: acl Safe_ports port 280
2018/10/26 10:14:14| Processing: acl Safe_ports port 488
2018/10/26 10:14:14| Processing: acl Safe_ports port 591
2018/10/26 10:14:14| Processing: acl Safe_ports port 777
2018/10/26 10:14:14| Processing: acl CONNECT method CONNECT
2018/10/26 10:14:14| Processing: access_log /var/log/squid/access.log
2018/10/26 10:14:14| Processing: http_access deny !Safe_ports
2018/10/26 10:14:14| Processing: http_access deny CONNECT !SSL_ports
2018/10/26 10:14:14| Processing: http_access allow localhost manager
2018/10/26 10:14:14| Processing: http_access deny manager
2018/10/26 10:14:14| Processing: http_access allow localnet
2018/10/26 10:14:14| Processing: http_access allow localhost
2018/10/26 10:14:14| Processing: http_access deny all
2018/10/26 10:14:14| Processing: coredump_dir /var/cache/squid
2018/10/26 10:14:14| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/26 10:14:14| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/26 10:14:14| Processing: refresh_pattern -i  (/cgi-bin/|\?) 0 0 0
2018/10/26 10:14:14| Processing: refresh_pattern . 0 20 4320
2018/10/26 10:14:14| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/26 10:14:14| Processing: cache_log /var/log/squid/cache.log
2018/10/26 10:14:14| Processing: cache_mem 8 MB
2018/10/26 10:14:14| Processing: cache_mgr webmaster
2018/10/26 10:14:14| Processing: cache_replacement_policy lru
2018/10/26 10:14:14| Processing: cache_store_log /var/log/squid/store.log
2018/10/26 10:14:14| Processing: cache_swap_high 95
2018/10/26 10:14:14| Processing: cache_swap_low 90
2018/10/26 10:14:14| Processing: client_lifetime 1 days
2018/10/26 10:14:14| Processing: connect_timeout 2 minutes
2018/10/26 10:14:14| Processing: error_directory /usr/share/squid/errors/en
2018/10/26 10:14:14| Processing: ftp_passive on
2018/10/26 10:14:14| Processing: maximum_object_size 4096 KB
2018/10/26 10:14:14| Processing: memory_replacement_policy lru
2018/10/26 10:14:14| Processing: minimum_object_size 0 KB
2018/10/26 10:14:14| Processing: visible_hostname oul163.ouhk.edu.hk
2018/10/26 10:14:14| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/26 10:14:14| Processing: https_port 8005 accel
cert=/etc/squid/certs/ouhk3.crt key=/etc/squid/certs/ouhk3.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/26 10:14:14| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/26 10:14:14| Processing: cache_peer 192.168.31.134 parent 8005 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=uathrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/26 10:14:14| Processing: cache_peer_domain uathrms
uathrms.ouhk.edu.hk
2018/10/26 10:14:14| Processing: acl localip src 192.168.0.0/24
2018/10/26 10:14:14| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/26 10:14:14| Processing: http_access allow hrmsacl
2018/10/26 10:14:14| Processing: cache_peer_access prdhrms allow hrmsacl
2018/10/26 10:14:14| /etc/squid/squid.conf, line 154: No cache_peer
'prdhrms'
2018/10/26 10:14:14| Processing: cache_peer_access uathrms allow hrmsacl
2018/10/26 10:14:14| Processing: cache_peer_access sithrms allow hrmsacl
2018/10/26 10:14:14| /etc/squid/squid.conf, line 156: No cache_peer
'sithrms'
2018/10/26 10:14:14| Processing: cache_peer_access devhrms allow hrmsacl
2018/10/26 10:14:14| /etc/squid/squid.conf, line 157: No cache_peer
'devhrms'
2018/10/26 10:14:14| Initializing https proxy context
2018/10/26 10:14:14| Initializing cache_peer uathrms SSL context
2018/10/26 10:14:14| Initializing https_port [::]:8005 SSL context
2018/10/26 10:14:14| Using certificate in /etc/squid/certs/ouhk3.crt




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Eliezer Croitoru
In reply to this post by Angus J.
Hey Angus,
 
There are couple times of configuration "definition".
Some of them cannot overlap since they contain a full instruction.
When a http_port line is parsed by squid it's a fix setup of configuration argument.
There are other services and/or servers that updates the configuration argument with every line.
For specific instructions like "listen on *:3128" in squid there is only one line that can be accepted.
If the service operator instruct's squid to do something which cannot be done squid will not do that.
Maybe in the future someone will enhance squid to allow "progressive" http_port configuration but I believe it's wrong.
 
All The Bests,
Eliezer
 
On 2018-10-26 05:06, Angus J. wrote:
Hi Amos

# Squid normally listens to port 3128
http_port 3128


http_port 3128 accel vhost defaultsite=oul163.ouhk.edu.hk


This two line of squid.conf , they will cause the ERROR" ?




--
Sent from:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

--

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]


 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
What's wrong of my squid.conf from 27 to 3.5?
The port 3128 issue has been fixed


# multiling http
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl SSL_ports port 443 8000 8004 8005
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

access_log /var/log/squid/access.log

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
# Deny CONNECT to other than secure SSL ports
# Only allow cachemgr access from localhost
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
# Allow localhost always proxy functionality
# And finally deny all other access to this proxy
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Squid normally listens to port 3128
#http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir aufs /var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i  (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320

cache_dir ufs /var/cache/squid 100 16 256

cache_log /var/log/squid/cache.log

cache_mem 8 MB

cache_mgr webmaster

cache_replacement_policy lru

cache_store_log /var/log/squid/store.log

cache_swap_high 95

cache_swap_low 90

client_lifetime 1 days

connect_timeout 2 minutes

error_directory /usr/share/squid/errors/en

ftp_passive on

maximum_object_size 4096 KB

memory_replacement_policy lru

minimum_object_size 0 KB

visible_hostname oul163.ouhk.edu.hk
http_port 3128 accel vhost defaultsite=oul163.ouhk.edu.hk
#https_port 80 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8000 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk2.crt
key=/etc/squid/certs/ouhk2.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8005 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8005 accel cert=/etc/squid/certs/ouhk3.crt
key=/etc/squid/certs/ouhk3.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#ssl_bump allow all
#              Disable the following one
#ssl_bump options=NO_SSLv3
#always_direct allow all
#              Disable the following one
#sslproxy_cert_error allow all
sslproxy_options NO_SSLv3:NO_SSLv2

# the proxy-only indicates that caching will not be performed.
#cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
#cache_peer_domain prdhrms prdhrms.ouhk.edu.hk
cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain uathrms uathrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer_domain sithrms sithrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
#cache_peer_domain devhrms devhrms.ouhk.edu.hk

# Create an additional ACL for local network access
acl localip src 192.168.0.0/24

# access control list
acl hrmsacl dstdomain .ouhk.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.ouhk.edu.hk
#cache_peer_access devhrms allow hrmsacl2
cache_peer_access prdhrms allow hrmsacl
cache_peer_access uathrms allow hrmsacl
cache_peer_access sithrms allow hrmsacl
cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Amos Jeffries
Administrator
On 26/10/18 8:26 PM, Angus J. wrote:
> What's wrong of my squid.conf from 27 to 3.5?
> The port 3128 issue has been fixed
>

Yes that one is fixed. Now it is complaining about what you changed in
cache_peer lines.


>
> oul163:/etc/squid # squid -k parse...> 2018/10/26 10:14:14|
Processing: cache_peer 192.168.31.134 parent 8005 0 ssl
> sslflags=DONT_VERIFY_PEER proxy-only name=uathrms
> ssloptions=NO_SSLv3:NO_SSLv2
> 2018/10/26 10:14:14| Processing: cache_peer_domain uathrms
> uathrms.ouhk.edu.hk

> 2018/10/26 10:14:14| Processing: cache_peer_access prdhrms allow
hrmsacl> 2018/10/26 10:14:14| /etc/squid/squid.conf, line 154: No cache_peer
> 'prdhrms'
> 2018/10/26 10:14:14| Processing: cache_peer_access uathrms allow hrmsacl
> 2018/10/26 10:14:14| Processing: cache_peer_access sithrms allow hrmsacl
> 2018/10/26 10:14:14| /etc/squid/squid.conf, line 156: No cache_peer
> 'sithrms'

> 2018/10/26 10:14:14| Processing: cache_peer_access devhrms allow hrmsacl
> 2018/10/26 10:14:14| /etc/squid/squid.conf, line 157: No cache_peer
> 'devhrms'


From the config:

>
> # the proxy-only indicates that caching will not be performed.
> #cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
> #cache_peer_domain prdhrms prdhrms.ouhk.edu.hk
> cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
> proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
> #cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
> proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
> cache_peer_domain uathrms uathrms.ouhk.edu.hk
> #cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
> proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
> #cache_peer_domain sithrms sithrms.ouhk.edu.hk
> #cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
> proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
> #cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
> name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
> #cache_peer_domain devhrms devhrms.ouhk.edu.hk
>


You commented out the cache_peer lines defining those peer connections
and Squid does not know what to peer the cache_peer_access definitions
are mentioning.

The only thing that needed removing/replacing was the
"cache_peer_domain" lines.

From the config:

> # Create an additional ACL for local network access
> acl localip src 192.168.0.0/24
>
> # access control list
> acl hrmsacl dstdomain .ouhk.edu.hk
> http_access allow hrmsacl
> #acl hrmsacl2 dstdomain devhrms.ouhk.edu.hk
> #cache_peer_access devhrms allow hrmsacl2
> cache_peer_access prdhrms allow hrmsacl
> cache_peer_access uathrms allow hrmsacl
> cache_peer_access sithrms allow hrmsacl
> cache_peer_access devhrms allow hrmsacl
> #cache_peer_access secure allow SSL_ports
>

FYI: These rules are far more lenient than what you had before with
cache_peer_domain.

The previous config let *only* certain domains to each individual peer.
These rules now allows *any* sub-domain to any peer.

I suggest keeping to the minimal change until you are happy with the new
proxy behaviour. The exact equivalent of these lines:

  cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
  cache_peer_domain prdhrms prdhrms.hkbb.edu.hk

  cache_peer 192.168.31.134 parent 8005 ... name=uathrms
  cache_peer_domain uathrms uathrms.hkbb.edu.hk

  cache_peer 192.168.31.134 parent 8004 ... name=sithrms
  cache_peer_domain sithrms sithrms.hkbb.edu.hk

  cache_peer 192.168.31.134 parent 8000 ... name=devhrms
  cache_peer_domain devhrms devhrms.hkbb.edu.hk


Are these lines:

  cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
  acl prdhrms-domain dstdomain prdhrms.hkbb.edu.hk
  cache_peer_access prdhrms allow prdhrms-domain

  cache_peer 192.168.31.134 parent 8005 ... name=uathrms
  acl uathrms-domain dstdomain uathrms.hkbb.edu.hk
  cache_peer_access uathrms allow uathrms-domain

  cache_peer 192.168.31.134 parent 8004 ... name=sithrms
  acl sithrms-domain dstdomain sithrms.hkbb.edu.hk
  cache_peer_access sithrms allow sithrms-domain

  cache_peer 192.168.31.134 parent 8000 ... name=devhrms
  acl devhrms-domain dstdomain devhrms.hkbb.edu.hk
  cache_peer_access devhrms allow devhrms-domain



Note that use of the exact sub-domain names remains in place rather than
opening everything to the wildcards midway during a proxy upgrade.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
oul163:/etc/squid # squid -k parse
2018/10/26 17:44:42| Startup: Initializing Authentication Schemes ...
2018/10/26 17:44:42| Startup: Initialized Authentication Scheme 'basic'
2018/10/26 17:44:42| Startup: Initialized Authentication Scheme 'digest'
2018/10/26 17:44:42| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/26 17:44:42| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/26 17:44:42| Startup: Initialized Authentication.
2018/10/26 17:44:42| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/26 17:44:42| Processing: acl localnet src 10.0.0.0/8
2018/10/26 17:44:42| Processing: acl localnet src 172.16.0.0/12
2018/10/26 17:44:42| Processing: acl localnet src 192.168.0.0/16
2018/10/26 17:44:42| Processing: acl localnet src fc00::/7
2018/10/26 17:44:42| Processing: acl localnet src fe80::/10
2018/10/26 17:44:42| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/26 17:44:42| Processing: acl Safe_ports port 80
2018/10/26 17:44:42| Processing: acl Safe_ports port 21
2018/10/26 17:44:42| Processing: acl Safe_ports port 443
2018/10/26 17:44:42| Processing: acl Safe_ports port 70
2018/10/26 17:44:42| Processing: acl Safe_ports port 210
2018/10/26 17:44:42| Processing: acl Safe_ports port 1025-65535
2018/10/26 17:44:42| Processing: acl Safe_ports port 280
2018/10/26 17:44:42| Processing: acl Safe_ports port 488
2018/10/26 17:44:42| Processing: acl Safe_ports port 591
2018/10/26 17:44:42| Processing: acl Safe_ports port 777
2018/10/26 17:44:42| Processing: acl CONNECT method CONNECT
2018/10/26 17:44:42| Processing: access_log /var/log/squid/access.log
2018/10/26 17:44:42| Processing: http_access deny !Safe_ports
2018/10/26 17:44:42| Processing: http_access deny CONNECT !SSL_ports
2018/10/26 17:44:42| Processing: http_access allow localhost manager
2018/10/26 17:44:42| Processing: http_access deny manager
2018/10/26 17:44:42| Processing: http_access allow localnet
2018/10/26 17:44:42| Processing: http_access allow localhost
2018/10/26 17:44:42| Processing: http_access deny all
2018/10/26 17:44:42| Processing: coredump_dir /var/cache/squid
2018/10/26 17:44:42| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/26 17:44:42| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/26 17:44:42| Processing: refresh_pattern -i  (/cgi-bin/|\?) 0 0 0
2018/10/26 17:44:42| Processing: refresh_pattern . 0 20 4320
2018/10/26 17:44:42| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/26 17:44:42| Processing: cache_log /var/log/squid/cache.log
2018/10/26 17:44:42| Processing: cache_mem 8 MB
2018/10/26 17:44:42| Processing: cache_mgr webmaster
2018/10/26 17:44:42| Processing: cache_replacement_policy lru
2018/10/26 17:44:42| Processing: cache_store_log /var/log/squid/store.log
2018/10/26 17:44:42| Processing: cache_swap_high 95
2018/10/26 17:44:42| Processing: cache_swap_low 90
2018/10/26 17:44:42| Processing: client_lifetime 1 days
2018/10/26 17:44:42| Processing: connect_timeout 2 minutes
2018/10/26 17:44:42| Processing: error_directory /usr/share/squid/errors/en
2018/10/26 17:44:42| Processing: ftp_passive on
2018/10/26 17:44:42| Processing: maximum_object_size 4096 KB
2018/10/26 17:44:42| Processing: memory_replacement_policy lru
2018/10/26 17:44:42| Processing: minimum_object_size 0 KB
2018/10/26 17:44:42| Processing: visible_hostname oul163.ouhk.edu.hk
2018/10/26 17:44:42| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/26 17:44:42| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/26 17:44:42| Processing: acl localip src 192.168.0.0/24
2018/10/26 17:44:42| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/26 17:44:42| Processing: http_access allow hrmsacl
2018/10/26 17:44:42| Processing: cache_peer 192.168.31.113 parent 8001 1
proxy-only name=prdhrms
2018/10/26 17:44:42| Processing: acl prdhrms-domain dstdomain
prdhrms.ouhk.edu.hk
2018/10/26 17:44:42| Processing: cache_peer_access prdhrms allow
prdhrms-domain
2018/10/26 17:44:42| Processing: cache_peer 192.168.31.134 parent 8005 0
name=uathrms
2018/10/26 17:44:42| Processing: acl uathrms-domain dstdomain
uathrms.ouhk.edu.hk
2018/10/26 17:44:42| Processing: cache_peer_access uathrms allow
uathrms-domain
2018/10/26 17:44:42| Processing: cache_peer 192.168.31.134 parent 8004 2
name=sithrms
2018/10/26 17:44:42| Processing: acl sithrms-domain dstdomain
sithrms.ouhk.edu.hk
2018/10/26 17:44:42| Processing: cache_peer_access sithrms allow
sithrms-domain
2018/10/26 17:44:42| Processing: cache_peer 192.168.31.134 parent 8000 3
name=devhrms
2018/10/26 17:44:42| Processing: acl devhrms-domain dstdomain
devhrms.ouhk.edu.hk
2018/10/26 17:44:42| Processing: cache_peer_access devhrms allow
devhrms-domain
2018/10/26 17:44:42| Initializing https proxy context




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid proxy not working when upgrade from 27 to 3.5

Angus J.
I have updated the squid.conf as below:

# access control list
acl hrmsacl dstdomain .ouhk.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.ouhk.edu.hk
#cache_peer_access devhrms allow hrmsacl2
#cache_peer_access prdhrms allow hrmsacl
#cache_peer_access uathrms allow hrmsacl
#cache_peer_access sithrms allow hrmsacl
#cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports
cache_peer 192.168.31.113 parent 8001 1 proxy-only name=prdhrms
acl prdhrms-domain dstdomain prdhrms.ouhk.edu.hk
cache_peer_access prdhrms allow prdhrms-domain

cache_peer 192.168.31.134 parent 8005 0 name=uathrms
acl uathrms-domain dstdomain uathrms.ouhk.edu.hk
cache_peer_access uathrms allow uathrms-domain

cache_peer 192.168.31.134 parent 8004 2 name=sithrms
acl sithrms-domain dstdomain sithrms.ouhk.edu.hk
cache_peer_access sithrms allow sithrms-domain

cache_peer 192.168.31.134 parent 8000 3 name=devhrms
acl devhrms-domain dstdomain devhrms.ouhk.edu.hk
cache_peer_access devhrms allow devhrms-domain




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
12