[squid-users] About to upgrade from 3 to 4
jlay at slave-tothe-box.net
Sun Jun 10 10:08:32 UTC 2018
On Sun, 2018-06-10 at 19:55 +1200, Amos Jeffries wrote:
> On 10/06/18 02:23, James Lay wrote:
> On Sat, 2018-06-09 at 07:17 -0600, James Lay wrote:
> On Sun, 2018-06-10 at 01:13 +1200, Amos Jeffries wrote:
> On 10/06/18 01:02, James Lay wrote:
> So in my config file I have:
> sslcrtd_program /opt/libexec/ssl_crtd -s /opt/var/ssl_db -M 4MB
> However I do not see this after compiling and installing. Has this
> goneaway in 4? Thank you.
> It's now called security_file_certgen.
> Thanks Amos...I'll read this before asking anymore questions ☺
> So ok...after making the changes to the config to account for
> newsecurity_file_certgen and tls_outgoing_options (thanks Amos!) I
> amgreeted with (hostname changed from real):
> FATAL: mimeLoadIcon: cannot parse internal URL:http://<hostname>:0/sq
> There should be an error about no forward-proxy port as well.
> Squidrequires at least one port able to receive requests for those
> URLs fromclients. Port 3128 is normally that port, but you have
> repurposed it forinterception, which disqualifies it.
> The hostname in these URLs is taken from that port's IP
> addressreverse-DNS name, or the proxies public/visible hostname.
> Whichevermeets the requirement of being resolvable in DNS.
> Here's my config line:
> ./configure --prefix=/opt/squid --with-openssl=/opt/libressl
> --sysconfdir=/opt/squid/etc --enable-ssl --enable-ssl-crtd--enable-
> linux-netfilter --enable-follow-x-forwarded-for--with-large-files --
> Missing 'e' on --enable-external-acl-helpers.
> sslproxy_cert_error allow alltls_outgoing_options
> capath=/etc/ssl/certs flags=DONT_VERIFY_PEER
> Please avoid DONT_VERIFY_PEER and "allow all" for cert errors. They
> areuseless for both production AND debugging since all they do is
> hidesecurity issues from *you*.
> It is best to watch for security issues and fix them. Not just
> mailing listsquid-users at lists.squid-cache.orghttp://lists.squid-cache
Thanks Amos...your insight always helps. You were right on point...I
did have the no forward proxy error. After adding an additional
http_port squid came right up...thanks again.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users