[squid-users] Carp example on Debian

TarotApprentice tarotapprentice at yahoo.com
Thu Oct 29 11:40:29 UTC 2015

Trying to run the carp example on Debian this time. The machine is testing with is an i5 with 8Gb of RAM and a 320Gb HDD. I'm getting the following errors in the frontend.cache.log when I try to access a site. Which debug flags should I try? It looks to me like a permissions issue, but I'm not sure what to look for.


2015/10/29 22:05:38 kid1| Configuring Parent localhost/4002/0
2015/10/29 22:05:38 kid1| Configuring Parent localhost/4003/0
2015/10/29 22:05:38 kid1| Squid plugin modules loaded: 0
2015/10/29 22:05:38 kid1| Adaptation support is off.
2015/10/29 22:05:38 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 21 flags=1
2015/10/29 22:05:38| pinger: Initialising ICMP pinger ...
2015/10/29 22:05:38| pinger: ICMP socket opened.
2015/10/29 22:05:38| pinger: ICMPv6 socket opened
2015/10/29 22:05:38 kid1| storeLateRelease: released 0 objects
2015/10/29 22:05:55 kid1| temporary disabling (Service Unavailable) digest from localhost
2015/10/29 22:05:55 kid1| TCP connection to localhost/4002 failed
2015/10/29 22:05:55 kid1| TCP connection to localhost/4002 failed
2015/10/29 22:05:55 kid1| TCP connection to localhost/4003 failed

squid -v
Squid Cache: Version 3.5.10
Service Name: squid
configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIE -pie -Wl,-z,relro -Wl,-z,now' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info= linux' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'

acl localnet src
acl xxx src 192.168.0.xx
acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
# basic safety net access controls.
# NOTE that user access and local access controls are all in frontend.conf
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# 3 workers, using worker #1 as the frontend is important
workers 3
if ${process_number} = 1
include /etc/squid/frontend.conf
include /etc/squid/backend.conf
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access deny all
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

http_port 3128
# add user authentication and similar options here
http_access allow manager xxx
http_access deny manager
# add backends - one line for each additional worker you configured
# NOTE how the port number matches the kid number
cache_peer localhost parent 4002 0 carp login=PASS name=backend-kid2
cache_peer localhost parent 4003 0 carp login=PASS name=backend-kid3
#you want the frontend to have a significant cache_mem
cache_mem 512 MB
# change /tmp to your own log directory, e.g. /var/log/squid
access_log /var/log/squid/frontend.access.log
cache_log /var/log/squid/frontend.cache.log
# the frontend requires a different name to the backend(s)
visible_hostname frontend.example.com

# each backend must listen on a unique port
# without this the CARP algorithm would be useless
# a 2 GB cache of small (up to 32KB) objects accessible by any backend worker
cache_dir rock /var/spool/squid 2048 max-size=32768
# NP: for now AUFS does not support SMP but the CARP algorithm helps reduce object duplications
# a 4 GB cache of large ( over 32KB) objects per-worker
cache_dir aufs /var/spool/squid/cache${process_number} 4096 64 128 min-size=32769
# the default maximum cached object size is a bit small
# you want the backend to be able to cache some fairly large objects
maximum_object_size 512 MB
# you want the backend to have a small cache_mem
cache_mem 4 MB
# the backends require a different name to frontends, but can share one
# this prevents forwarding loops between backends while allowing
# frontend to forward via the backend
visible_hostname backend.example.com
# change /var/log/squid to your own log directory
access_log /var/log/squid/backend.access.log
cache_log /var/log/squid/backend.cache.log
# add just enough access permissions to allow the frontend
http_access allow localhost

More information about the squid-users mailing list