[squid-users] Debian jessie + squid 3.5.16 - Will not start.

Amos Jeffries squid3 at treenet.co.nz
Sat Apr 9 04:28:43 UTC 2016


On 8/04/2016 3:58 a.m., Markey, Bruce wrote:
> I'm running debian Jessie.
> Squid 3.5.16 compiled from source with the following:
> 
<snip>

> 
> #allow/deny
> http_access allow internal
> http_access allow wireless

These...

> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports

... security rules do not do anything useful unless they are at the top
of the http_access rules.

> http_access deny all
> 
> #Bumping
> acl step1 at_step SslBump1
> acl step2 at_step SslBump2
> acl step3 at_step SslBump3
> 
> ssl_bump peek all
> ssl_bump splice all
> 
> sslproxy_capath /etc/ssl/certs
> 
> sslcrtd_program /usr/lib/squid3/ssl_crtd -s /etc/squid3/ssl_db -M 4MB
> sslcrtd_children 5
> 
> 
> logformat mine %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %ssl::>sni %ssl::>cert_subject %>Hs %<st %Ss:%Sh
> 
> #access_log syslog:daemon.info mine
> access_log daemon:/var/log/squid3/access.log mine
> 
> #intercept
> http_port 3128 intercept
> https_port 3129 intercept ssl-bump cert=/etc/squid3/certs/squid.pem cafile=/etc/squid3/certs/squid.pem key=/etc/squid3/certs/squid.pem  generate-host-cer
> tificates=on dynamic_cert_mem_cache_size=4MB sslflags=NO_SESSION_REUSE
> 

> 
> -I did initialize the ssl_db

Did you do so with the "proxy" user account privileges?

There is an open bug about that helper that when you run it as root it
creates the directory with root privileges and then can't use it when
run by Squid low-privilege account.


> -I did create certs
> 
> I'm simply trying to start via :  sudo squid   It throws no errors nothing.  The pid lives for a sec then dies. This is the only log message I get.
> 
> Apr  7 11:51:19 LNP-Proxy (squid-1): The ssl_crtd helpers are crashing too rapidly, need help!
> 

Add the -d parameter to the helper command line for debug info about
what its doing.

Amos



More information about the squid-users mailing list