[squid-users] Squid 3.5.2 will only start with empty cache

Stanford Prescott stan.prescott at gmail.com
Sun Mar 15 13:51:07 UTC 2015 

I have been trying to get Squid 3.5.2 to work with the Smoothwall Express
3.1 Linux firewall distribution. Specifically, I have modified the Squid
version included with Smoothwall Express 3.1 to enable HTTPS caching. I
have had this working successfully up to Squid version 3.4.10. Now with
trying to upgrade to Squid 3.5.2 I am having problems that I didn't
encounter with prior versions of Squid.

The first issue I had, which is now resolved, was improper permissions of
the shm folder (in SWE found in /dev/shm). Changing the folder permissions
to Squid user and group allowed Squid 3.5.2 to start. However, now it will
only start with an empty cache directory. Once it starts with an empty
cache directory, it seems to function correctly as far as caching SSL
encrypted web pages. However, if Squid needs to be restarted for any
reason, it will not restart until the cache directory
(/var/spool/squid/cache) is emptied.

The error I am getting when trying to start Squid 3.5.2 without an empty
cache is

*2015/03/14 00:29:47 kid1| Current Directory is /*

*2015/03/14 00:29:47 kid1| Starting Squid Cache version 3.5.2 for
i586-pc-linux-gnu...*
*2015/03/14 00:29:47 kid1| Service Name: squid*
*2015/03/14 00:29:47 kid1| Process ID 7261*
*2015/03/14 00:29:47 kid1| Process Roles: worker*
*2015/03/14 00:29:47 kid1| With 1024 file descriptors available*
*2015/03/14 00:29:47 kid1| Initializing IP Cache...*
*2015/03/14 00:29:47 kid1| DNS Socket created at 0.0.0.0, FD 8*
*2015/03/14 00:29:47 kid1| Adding nameserver 127.0.0.1 from
/etc/resolv.conf*
*2015/03/14 00:29:47 kid1| helperOpenServers: Starting 5/5 'ssl_crtd'
processes*
*FATAL: Ipc::Mem::Segment::open failed to
shm_open(/squid-ssl_session_cache.shm): (2) No such file or directory*

*Squid Cache (Version 3.5.2): Terminated abnormally.*
*CPU Usage: 0.027 seconds = 0.020 user + 0.007 sys*
*Maximum Resident Size: 26752 KB*
*Page faults with physical i/o: 0*
*2015/03/14 00:29:47.830 kid1| Acl.cc(380) ~ACL: freeing ACL *

This is my squid.conf file with SSL caching using ssl-bump enabled.

*visible_hostname smoothwall*

*# Uncomment the following to send debug info to /var/log/squid/cache.log*
*debug_options ALL,1 33,2 28,9*

*# ACCESS CONTROLS*
*# ----------------------------------------------------------------*
*acl localhostgreen src 192.168.100.1*
*acl localnetgreen src 192.168.100.0/24 <http://192.168.100.0/24>*

*acl SSL_ports port 445 443 441 563*
*acl Safe_ports port 80      # http*
*acl Safe_ports port 81      # smoothwall http*
*acl Safe_ports port 21      # ftp *
*acl Safe_ports port 445 443 441 563 # https, snews*
*acl Safe_ports port 70      # gopher*
*acl Safe_ports port 210         # wais  *
*acl Safe_ports port 1025-65535 # unregistered ports*
*acl Safe_ports port 280        # http-mgmt*
*acl Safe_ports port 488        # gss-http *
*acl Safe_ports port 591        # filemaker*
*acl Safe_ports port 777        # multiling http*

*acl CONNECT method CONNECT*

*# TAG: http_access*
*# ----------------------------------------------------------------*


*http_access deny !Safe_ports*
*http_access deny CONNECT !SSL_ports*

*http_access allow localnetgreen*
*http_access allow CONNECT localnetgreen*

*http_access allow localhostgreen*
*http_access allow CONNECT localhostgreen*

*# http_port and https_port*
*#----------------------------------------------------------------------------*

*# A random port for forward-proxy port needed for SSL*
*http_port 8081*

*http_port 192.168.100.1:800 <http://192.168.100.1:800> intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem*

*https_port 192.168.100.1:808 <http://192.168.100.1:808> intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem*

*sslproxy_cert_error allow all*
*sslproxy_flags DONT_VERIFY_PEER*
*ssl_bump server-first all*

*ssl_bump none localhostgreen*
*sslcrtd_program /var/smoothwall/mods/proxy/libexec/ssl_crtd -s
/var/smoothwall/mods/proxy/lib/ssl_db -M 4MB*
*sslcrtd_children 5*

*sslproxy_session_cache_size 4 MB*

*http_access deny all*

*cache_replacement_policy heap GDSF*
*memory_replacement_policy heap GDSF*

*# CACHE OPTIONS*
*#
----------------------------------------------------------------------------*
*cache_effective_user squid*
*cache_effective_group squid*

*cache_swap_high 100*
*cache_swap_low 80*

*cache_mem 8 MB*
*maximum_object_size_in_memory 512 KB*

*cache_access_log /var/log/squid/access.log*
*cache_log /var/log/squid/cache.log*
*cache_store_log none*
*error_directory /usr/share/errors/en-us*
*log_mime_hdrs off*

*cache_dir diskd /var/spool/squid/cache 1024 16 256 Q1=64 Q2=72*

*request_header_access Content-Type allow all*
*request_header_access Date allow all*
*request_header_access Host allow all*
*request_header_access If-Modified-Since allow all*
*request_header_access Pragma allow all*
*request_header_access Accept allow all*
*request_header_access Accept-Charset allow all*
*request_header_access Accept-Encoding allow all*
*request_header_access Accept-Language allow all*
*request_header_access Connection allow all*
*request_header_access All allow all*

*maximum_object_size 33 MB*

*minimum_object_size 0 KB*


*request_body_max_size 0 KB*

*# OTHER OPTIONS*
*#
----------------------------------------------------------------------------*
*forwarded_for off*

*pid_filename /var/run/squid.pid*

*shutdown_lifetime 3 seconds*
*icp_port 3130*

*half_closed_clients off*

*umask 022*

*logfile_rotate 0*

*strip_query_terms off*


Any help would be greatly appresciated.

Stan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150315/e1e91efe/attachment-0001.html>

More information about the squid-users mailing list