[squid-users] sslbump and caching of generated cert
Amos Jeffries
squid3 at treenet.co.nz
Sat Jul 11 08:38:42 UTC 2015
On 11/07/2015 11:02 a.m., Alex Wu wrote:
> actually, the major problems are:
>
> Once workers > 1, squid looks for /var/run/squid. pidfile for workers=1 is done in squid.conf, but for workers > 1, this will be ignored.
PID stands for "Process ID". The pidfile contains the process ID of the
Squid process which is responsible for handling signals form the OS
(kill etc). There should only ever be one PID file per Squid (not
per-worker).
>
> once configuring localstatedir=/opt/deploy/squid/var using ./configure, for workers > 1, the squid is looking for /opt/deploy/squid/var/runsquid. The directory has to be created properly before starting squid.
>
The "runsquid" part looks broken.
Probably because localstatedir=/opt/deploy/squid/var is naming a file
"var" instead of a directory "/opt/deploy/squid/var/".
> all helpers must be defined in process_number > 1 respectively, otherwise, there are extra helpers launched by process_number = 0 like crtd.
>
That is not necessary. The extra helpers will not be used. We are fixing
that as the wrongly started ones are identified. Latest Squid no longer
start crtd helpers unless cert-generation is actually used by the worker
starting them.
Which means "Please ugrade to 3.5.6".
Amos
More information about the squid-users
mailing list