[squid-users] Problems with SSL setup with squid

Barnes, Michael mbarnes at orthotennessee.com
Wed Oct 10 17:16:41 UTC 2018 

Good afternoon,

I am trying to setup squid with SSL inspection.  I'm currently running the
following OS and squid versions.
*lsb_release -a*
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic

*squid -v*
Squid Cache: Version 3.5.28
Service Name: squid

This binary uses OpenSSL 1.0.2n  7 Dec 2017. For legal restrictions on
distribution see https://www.openssl.org/source/license.html

configure options:  '--enable-linux-netfilter' '--enable-icap-client'
'--enable-ssl' '--with-filedescriptors=65536' '--with-large-files'
'--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid'
'--srcdir=.' '--datadir=/share/squid' '--sysconfdir=/etc/squid'
'--enable-ssl-crtd' '--with-openssl' --enable-ltdl-convenience

When I start squid or check squid while using sudo I get the following
errors.
*squid -s*
WARNING: Cannot write log file: /var/logs/cache.log
/var/logs/cache.log: Permission denied
         messages will be sent to 'stderr'.

*systemctl status squid*
● squid.service - LSB: Squid HTTP Proxy version 3.x
   Loaded: loaded (/etc/init.d/squid; generated)
   Active: active (exited) since Fri 2018-10-05 20:48:20 UTC; 4 days ago
     Docs: man:systemd-sysv-generator(8)
  Process: 1387 ExecStart=/etc/init.d/squid start (code=exited,
status=0/SUCCESS)

Oct 05 20:48:26 orthotnproxy (squid-1)[1937]: UFSSwapDir::openLog: Failed
to open swap log.
Oct 05 20:48:26 orthotnproxy squid[1625]: Squid Parent: (squid-1) process
1937 exited with status 1
Oct 05 20:48:29 orthotnproxy squid[1625]: Squid Parent: (squid-1) process
1946 started
Oct 05 20:48:29 orthotnproxy (squid-1)[1946]: UFSSwapDir::openLog: Failed
to open swap log.
Oct 05 20:48:29 orthotnproxy squid[1625]: Squid Parent: (squid-1) process
1946 exited with status 1
Oct 05 20:48:32 orthotnproxy squid[1625]: Squid Parent: (squid-1) process
1955 started
Oct 05 20:48:32 orthotnproxy (squid-1)[1955]: UFSSwapDir::openLog: Failed
to open swap log.
Oct 05 20:48:32 orthotnproxy squid[1625]: Squid Parent: (squid-1) process
1955 exited with status 1
Oct 05 20:48:32 orthotnproxy squid[1625]: Squid Parent: (squid-1) process
1955 will not be restarted due to repeated, frequent failures
Oct 05 20:48:32 orthotnproxy squid[1625]: Exiting due to repeated, frequent
failures

The SSL part of my config is:  (I can and will post more of the squid.conf
file if needed)
http_port 3128 ssl-bump cert=/etc/squid/ssl_cert/proxyCA.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

acl step1 at_step SslBump1

ssl_bump peek step1
ssl_bump bump all

sslproxy_cafile /usr/local/openssl/cabundle.file

I'm lost and appreciate any help.

Thank you
Mike




-- 
--------------------------------------------
Michael Barnes
Operations Supervisor
OrthoTennessee
*865.769.4526*
mbarnes at orthotennessee.com <michael.barnes at orthotennessee.com>

*If you need help from the IT Dept. please email:*
support at orthotennessee.com

-- 


*The information contained in this transmission may contain privileged 
and confidential information, including patient information protected by 
federal and state privacy laws. It is intended only for the use of the 
person(s) named above. If you are not the intended recipient, you are 
hereby notified that any review, dissemination, distribution, or 
duplication of this communication is strictly prohibited. If you are not 
the intended recipient, please contact the sender by reply email and 
destroy all copies of the original message.*_he information contained in 
this transmission may contain privileged and confidential information, 
including patient information protected by federal and state privacy laws. 
It is intended only for the use of the person(s) named above. If you are 
not the intended recipient, you are hereby notified that any review, 
dissemination, distribution, or duplication of this communication is 
strictly prohibited. If you are not the intended recipient, please contact 
the sender by reply_
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20181010/39f2ef4e/attachment-0001.html>

More information about the squid-users mailing list