[squid-users] Trying to recompile squid 4.13
marcelorodrigo at graminsta.com.br
marcelorodrigo at graminsta.com.br
Sat Aug 6 17:03:47 UTC 2022
Hey Eliezer and Alex,
Thanks for the answers.
The "make clean" command, this magic word "clean" have solved the issue.
It was 2 hopeless days searching the entire google for an answer.
Its very difficult to deal with squid with so missing and outdated
documentation.
I appreciate all effort you and other guys do for squid, keeping squid
alive and quicking ;)
As for me, seems like I will be using it for many years ahead.
The next chalenge is to implement ssl bumping with pear caching. Any
sugestion about detailed documentation of it?
I would like to understand also why squid gets so slow when handling
more than 128 IPs.
I am a proxy provider and it would be great to use less VPS. Its so
expensive and hard working to manage all those VPSs.
Even with a good server with lots of CPU and RAM squid keeps slow. It
dont use more resources to speed up. Is it a sw architeture limitation?
Its a shame that does not exist a team or even a guy that sells squid
services/support now a days to implement squid features.
I just spent considerable money with squid/web services integration to
deliver and manage users and proxies better.
Maybe would be better to open new threads about some of these topics
above.
Anyway, I really miss tech guys squid experienced to talk and
brainstorming.
Even with my almost 30 years working with IT infrastructure its hard to
deal with squid alone.
Thanks again.
Marcelo
Wzp +55 11 968543878
On 2022-08-06 09:00, squid-users-request at lists.squid-cache.org wrote:
> Send squid-users mailing list submissions to
> squid-users at lists.squid-cache.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.squid-cache.org/listinfo/squid-users
> or, via email, send a message with subject or body 'help' to
> squid-users-request at lists.squid-cache.org
>
> You can reach the person managing the list at
> squid-users-owner at lists.squid-cache.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of squid-users digest..."
>
>
> Today's Topics:
>
> 1. Re: Trying to recompile squid 4.13 with ./configure
> CXXFLAGS="-DMAXTCPLISTENPORTS=256" (ngtech1ltd at gmail.com)
> 2. Re: Squid and Epic Games HCapctca (Alex Rousskov)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 5 Aug 2022 17:26:31 +0300
> From: <ngtech1ltd at gmail.com>
> To: <squid-users at lists.squid-cache.org>
> Subject: Re: [squid-users] Trying to recompile squid 4.13 with
> ./configure CXXFLAGS="-DMAXTCPLISTENPORTS=256"
> Message-ID: <007b01d8a8d7$5c50bde0$14f239a0$@gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hey Marcelo,
>
> What OS are you using? Debian? Ubuntu?
> The `which squid` command will show you where squid binary of squid -v
> is being take/used from.
> And also, just wondering why 4.13? and not 4.17?
>
> Eliezer
>
> ----
> Eliezer Croitoru
> NgTech, Tech Support
> Mobile: +972-5-28704261
> Email: ngtech1ltd at gmail.com
> Web: https://ngtech.co.il/
> My-Tube: https://tube.ngtech.co.il/
>
> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On
> Behalf Of marcelorodrigo at graminsta.com.br
> Sent: Thursday, 4 August 2022 1:17
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Trying to recompile squid 4.13 with
> ./configure CXXFLAGS="-DMAXTCPLISTENPORTS=256"
>
> Some important information.
>
> I am trying to recompile using:
>
> ./configure CXXFLAGS="-DMAXTCPLISTENPORTS=10000 -g -O2 -fPIE
> -fstack-protector-strong -Wformat -Werror=format-security"
> --build="x86_64-linux-gnu" --prefix="/usr"
> --includedir="${prefix}/include" --mandir="${prefix}/share/man"
> --infodir="${prefix}/share/info" --sysconfdir="/etc"
> --localstatedir="/var" --libexecdir="${prefix}/lib/squid3" --srcdir="."
> --disable-maintainer-mode --disable-dependency-tracking
> --disable-silent-rules BUILDCXXFLAGS="-g -O2 -fPIE
> -fstack-protector-strong -Wformat -Werror=format-security
> -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now"
> --datadir="/usr/share/squid" --sysconfdir="/etc/squid"
> --libexecdir="/usr/lib/squid" --mandir="/usr/share/man" --enable-inline
> --disable-arch-native --enable-async-io="8"
> --enable-storeio="ufs,aufs,diskd,rock"
> --enable-removal-policies="lru,heap" --enable-delay-pools
> --enable-cache-digests --enable-icap-client
> --enable-follow-x-forwarded-for
> --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB"
> --enable-auth-digest="file,LDAP"
> --enable-auth-negotiate="kerberos,wrapper"
> --enable-auth-ntlm="fake,smb_lm"
> --enable-external-acl-helpers="file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group"
> --enable-url-rewrite-helpers="fake" --enable-eui --enable-esi
> --enable-icmp --enable-zph-qos --enable-ecap --disable-translation
> --with-swapdir="/var/spool/squid" --with-logdir="/var/log/squid"
> --with-pidfile="/var/run/squid.pid" --with-filedescriptors="65536"
> --with-large-files --with-default-user="proxy"
> --enable-build-info="Ubuntu linux" --enable-linux-netfilter
> build_alias="x86_64-linux-gnu" CFLAGS="-g -O2 -fPIE
> -fstack-protector-strong -Wformat -Werror=format-security -Wall"
> LDFLAGS="-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now"
> CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" --with-openssl
> --enable-ssl-crtd
>
> Then make and make install from /build/squid/squid-4.13/ folder, but
> nothin seems to change when squid -v is used.
>
> I also tryied do recompile with this example:
>
> ./configure --build="x86_64-linux-gnu" --prefix="/usr"
> --includedir="${prefix}/include" --mandir="${prefix}/share/man"
> --infodir="${prefix}/share/info" --sysconfdir="/etc"
> --localstatedir="/var" --libexecdir="${prefix}/lib/squid3" --srcdir="."
> --disable-maintainer-mode --disable-dependency-tracking
> --disable-silent-rules BUILDCXXFLAGS="-g -O2 -fPIE
> -fstack-protector-strong -Wformat -Werror=format-security
> -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now"
> --datadir="/usr/share/squid" --sysconfdir="/etc/squid"
> --libexecdir="/usr/lib/squid" --mandir="/usr/share/man" --enable-inline
> --disable-arch-native --enable-async-io="8"
> --enable-storeio="ufs,aufs,diskd,rock"
> --enable-removal-policies="lru,heap" --enable-delay-pools
> --enable-cache-digests --enable-icap-client
> --enable-follow-x-forwarded-for
> --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB"
> --enable-auth-digest="file,LDAP"
> --enable-auth-negotiate="kerberos,wrapper"
> --enable-auth-ntlm="fake,smb_lm"
> --enable-external-acl-helpers="file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group"
> --enable-url-rewrite-helpers="fake" --enable-eui --enable-esi
> --enable-icmp --enable-zph-qos --enable-ecap --disable-translation
> --with-swapdir="/var/spool/squid" --with-logdir="/var/log/squid"
> --with-pidfile="/var/run/squid.pid" --with-filedescriptors="65536"
> --with-large-files --with-default-user="proxy"
> --enable-build-info="Ubuntu linux" --enable-linux-netfilter
> build_alias="x86_64-linux-gnu" CFLAGS="-g -O2 -fPIE
> -fstack-protector-strong -Wformat -Werror=format-security -Wall"
> LDFLAGS="-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now"
> CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2"
> CXXFLAGS="-DMAXTCPLISTENPORTS=450 -g -O2 -fPIE -fstack-protector-strong
> -Wformat -Werror=format-security"
>
> I used several virtualserver sessions and clones, but the
> CXXFLAGS="-DMAXTCPLISTENPORTS=" dont appears in the squid -v
>
> What is wrong in this rebuilding?
>
>
> On 2022-08-03 11:12, marcelorodrigo at graminsta.com.br wrote:
>> Hi,
>>
>> I am trying to recompile squid 4.13 using ./configure
>> CXXFLAGS="-DMAXTCPLISTENPORTS=256".
>> It runs the recompile but the CXXFLAGS= does not even appears in the
>> squid -v.
>>
>> Is there a way to include this feature in the squid instalation?
>>
>> Tks.
>> Marcelo.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 5 Aug 2022 10:57:02 -0400
> From: Alex Rousskov <rousskov at measurement-factory.com>
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Squid and Epic Games HCapctca
> Message-ID:
> <075bbc18-b0f5-a037-d904-6b62ef72888f at measurement-factory.com>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> On 8/5/22 05:10, Adam Barnett wrote:
>> maybe i am doing something?wrong, here is my config
>
>> ssl_bump splice ...
>> ssl_bump bump dst_quixel
>> ssl_bump peek dst_quixel
>> ssl_bump stare dst_quixel
>
>
> The combination of the last three ssl_bump rules does not make sense
> because Squid will never reach those peek and stare rules. The bump
> rule
> can be applied during any SslBump step, so Squid will not see any
> same-ACL ssl_bump directives below it -- the first matching rule (that
> can be applied during the current step) wins.
>
> I do not know what logic you are trying to express with those rules,
> but
> the above configuration does not express that (or any) logic well. I
> hope Eliezer can guide you towards a reasonable solution here.
>
>
> HTH,
>
> Alex.
>
>
>
>>
>> On Thu, 4 Aug 2022 at 22:58, <ngtech1ltd at gmail.com
>> <mailto:ngtech1ltd at gmail.com>> wrote:
>>
>> Please don?t bang your head? everybody is here for you.____
>>
>> Sometimes it takes time to respond but you will get your
>> answers.____
>>
>> __ __
>>
>>
>> https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz
>>
>> <https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz>____
>>
>> __ __
>>
>> Is not the fastest connection and it has a blacklist in the DB
>> dump
>> so for now it?s a production system but works good enough for
>> me.____
>>
>> I hope it?s not too much information in the support save file.____
>>
>> __ __
>>
>> Let me know if it makes more sense for you.____
>>
>> AlsoI am happy that you have asked this question since now others
>> can enjoy from the answer ?____
>>
>> __ __
>>
>> Eliezer____
>>
>> __ __
>>
>> ----____
>>
>> Eliezer Croitoru____
>>
>> NgTech, Tech Support____
>>
>> Mobile: +972-5-28704261____
>>
>> Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>____
>>
>> Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
>>
>> My-Tube: https://tube.ngtech.co.il/
>> <https://tube.ngtech.co.il/>____
>>
>> __ __
>>
>> *From:*Adam Barnett <abarnett at belofx.com
>> <mailto:abarnett at belofx.com>>
>> *Sent:* Friday, 5 August 2022 0:44
>> *To:* ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
>> *Cc:* squid-users at lists.squid-cache.org
>> <mailto:squid-users at lists.squid-cache.org>
>> *Subject:* Re: [squid-users] Squid and Epic Games HCapctca____
>>
>> __ __
>>
>> Sure, the more the beter, ive been banging my head against?the
>> wall
>> for a while on this____
>>
>> __ __
>>
>> Adam ____
>>
>> __ __
>>
>> On Thu, 4 Aug 2022 at 22:41, <ngtech1ltd at gmail.com
>> <mailto:ngtech1ltd at gmail.com>> wrote:____
>>
>> You are welcome.____
>>
>> ____
>>
>> I wrote an app that does everything for me so I just need to
>> dump the database into a:____
>>
>> ssl::server_namedirective____
>>
>> ____
>>
>> it?s basically:____
>>
>> ## START____
>>
>> aclNoBump_server_name ssl::server_name
>> "/etc/squid/no-ssl-bump-server-name.list"____
>>
>> ____
>>
>> acltls_to_splice any-of inspect_only NoBump_src
>> NoBump_server_name NoBump_server_regex_by_urls_domain
>> NoBump_server_regex____
>>
>> ____
>>
>> ssl_bumppeek app_matcher_helper____
>>
>> ssl_bumppeek tls_s1_connect____
>>
>> ____
>>
>> ssl_bumpbump app_matcher_helper____
>>
>> ssl_bumpbump app_reader_helper____
>>
>> ssl_bumpbump deny_note____
>>
>> ____
>>
>> ssl_bumpsplice app_matcher_helper____
>>
>> ssl_bumpsplice tls_to_splice____
>>
>> ____
>>
>> ssl_bumpstare app_matcher_helper____
>>
>> ssl_bumpstare tls_s2_client_hello____
>>
>> ____
>>
>> ssl_bumpbump app_matcher_helper____
>>
>> ssl_bumpbump tls_to_bump____
>>
>> ## END____
>>
>> ____
>>
>> If you want I can upload a snippet of the whole setup dump
>> with
>> hope you could make use of it.____
>>
>> ____
>>
>> Eliezer____
>>
>> ____
>>
>> ----____
>>
>> Eliezer Croitoru____
>>
>> NgTech, Tech Support____
>>
>> Mobile: +972-5-28704261____
>>
>> Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>____
>>
>> Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
>>
>> My-Tube: https://tube.ngtech.co.il/
>> <https://tube.ngtech.co.il/>____
>>
>> ____
>>
>> *From:*Adam Barnett <abarnett at belofx.com
>> <mailto:abarnett at belofx.com>>
>> *Sent:* Friday, 5 August 2022 0:26
>> *To:* ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
>> *Cc:* squid-users at lists.squid-cache.org
>> <mailto:squid-users at lists.squid-cache.org>
>> *Subject:* Re: [squid-users] Squid and Epic Games HCapctca____
>>
>> ____
>>
>> ???? ???
>> It looks like you are using a database and then building the
>> config from that? any cahnce?you can send me the snippet?of
>> the
>> config instead of the DB bits? ? ____
>>
>> ____
>>
>> Thanks again ____
>>
>> ____
>>
>> Adam ____
>>
>> ____
>>
>> On Thu, 4 Aug 2022 at 22:18, <ngtech1ltd at gmail.com
>> <mailto:ngtech1ltd at gmail.com>> wrote:____
>>
>> Hey Adam,____
>>
>> ____
>>
>> I recorded a video for you on how I do it at:____
>>
>>
>> https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4
>>
>> <https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4>____
>>
>> ____
>>
>> So basically the relevant domains are:____
>>
>> ____
>>
>> epicgames-download1.akamaized.net
>> <http://epicgames-download1.akamaized.net>____
>>
>> .epicgames.com <http://epicgames.com>____
>>
>> .unrealengine.com <http://unrealengine.com>____
>>
>> ____
>>
>> And you can peek at robert k Wild mail: ?regex for normal
>> websites?____
>>
>> ____
>>
>> And it contains the relevant technical details.____
>>
>> If for any reason you need a more detailed answer let me
>> know.____
>>
>> ____
>>
>> Yours,____
>>
>> Eliezer ____
>>
>> ____
>>
>> ----____
>>
>> Eliezer Croitoru____
>>
>> NgTech, Tech Support____
>>
>> Mobile: +972-5-28704261____
>>
>> Email: ngtech1ltd at gmail.com
>> <mailto:ngtech1ltd at gmail.com>____
>>
>> Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
>>
>> My-Tube: https://tube.ngtech.co.il/
>> <https://tube.ngtech.co.il/>____
>>
>> ____
>>
>> *From:*squid-users
>> <squid-users-bounces at lists.squid-cache.org
>> <mailto:squid-users-bounces at lists.squid-cache.org>> *On
>> Behalf Of *Adam Barnett
>> *Sent:* Thursday, 4 August 2022 14:28
>> *To:* squid-users at lists.squid-cache.org
>> <mailto:squid-users at lists.squid-cache.org>
>> *Subject:* [squid-users] Squid and Epic Games HCapctca____
>>
>> ____
>>
>> Hi All, ____
>>
>> ____
>>
>> I am trying to get squid to allow me to login to
>> Epicgames.com with my epic login, i get to the login page
>> and get the hcaptca?images and everytime i get "invalid
>> response" ____
>>
>> ____
>>
>> i looked at the headers and the only error that i can see
>> is
>> "The cache?information?is missing from the entry" ____
>>
>> ____
>>
>> My config looks like so
>>
>> workers 2
>>
>> ```
>> # Leave coredumps in the first cache dir
>> coredump_dir /var/spool/squid
>>
>> http_port 3128 ssl-bump ?dynamic_cert_mem_cache_size=16MB
>> ?generate-host-certificates=on
>> cert=/etc/squid/certs/squid-ca-cert-key.pem
>>
>> sslcrtd_program /usr/lib64/squid/security_file_certgen -s
>> /var/spool/squid/ssl -M 16MB
>> dns_nameservers 10.5.1.2 8.8.8.8
>> visible_hostname foo-proxy-1
>> forwarded_for truncate
>> via off
>>
>> # Send to file
>> access_log daemon:/var/log/squid/access.log
>>
>>
>>
>> acl CONNECT method CONNECT
>> acl local src 10.0.0.0/8 <http://10.0.0.0/8>
>> always_direct allow all
>> request_header_add X-GoogApps-Allowed-Domains "foo.com
>> <http://foo.com>" all
>>
>> memory_replacement_policy heap GDSF
>> maximum_object_size 100 KB
>> maximum_object_size 1 MB
>>
>> cache allow all
>> cache_mem 256 MB
>> cache_dir rock /var/spool/squid 1024
>> memory_pools off
>> cache_swap_low 90
>> client_persistent_connections on
>>
>>
>> http_access allow localhost manager
>> http_access deny manager
>>
>> # SquidGaurd
>> url_rewrite_program /usr/bin/squidGuard
>> ```
>>
>> Any suggestions? ____
>>
>> ____
>>
>> Thanks____
>>
>> Adam Barnett
>> Senior SysAdmin beloFX____
>>
>> **____
>>
>>
>>
>> ____
>>
>>
>>
>> abarnett at belofx.com
>>
>> <https://514584150-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.dzXZWX9QTbE.O%2Fd%3D1%2Frs%3DAHpOoo_epIQDPHdjFr3MLkazUi2Jmy50dQ%2Fm%3D__features__>____
>>
>> **____
>>
>>
>>
>> ____
>>
>>
>>
>> www.belofx.com <http://www.belofx.com/>____
>>
>> **____
>>
>>
>>
>> ____
>>
>>
>>
>> LinkedIn <http://www.linkedin.com/company/belofx>____
>>
>> ____
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> ------------------------------
>
> End of squid-users Digest, Vol 96, Issue 18
> *******************************************
More information about the squid-users
mailing list