[squid-users] Centos 7 squid 3.5.2 / kid2| commBind: Cannot bind socket FD 782 to [::]: (2) No such file or directory

--Ahmad-- ahmed.zaeem at netstream.ps
Fri Jun 10 13:57:36 UTC 2016


hi amos thanks for revision I’m willing to do those changes latter.


regarding to /dev/shm

it didn’t correct anything …..

again 

my error is cache.log is ===> kid2| commBind: Cannot bind socket FD 782 to [::]: (2) No such file or directory

and its totally different  one than the errors in the SMP wiki


I’m sure its something regarding to the pid squid file !!


also during squid is working … i don’t see the /var/run/squid file !!!

what does that mean ?

i still see /var/run/squid.pid with permission squid;squid


is there a method to see where is the pid file running and point squid to use it ?
may be changed on  centos  7 ???


cheers

> On Jun 10, 2016, at 1:55 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> 
> On 10/06/2016 9:13 p.m., --Ahmad-- wrote:
>> again , if i use the  same steps below  on centos 6 is works fine  without any issue 
>> 
> 
> That means nothing. CentOS is based on RHEL, whic on ly gets updated
> periodically. There are about five years worth of changes across the
> entire IOS and everything installed with it between v6 and v7.
> 
> Obviously something in those changes to CentOS does not work with that
> very old version of Squid and seems to work fine with the newer Squid.
> 
> 
>>> On Jun 10, 2016, at 11:54 AM, --Ahmad-- wrote:
>>> 
>>> hi eliezer
>>> =============================================
>>> 1- selinux is disabled
>>> [root at localhost ~]# sestatus
>>> SELinux status:                 disabled
>>> [root at localhost ~]# 
>>> 
>>> 2-
>>> i have the PID file with permission to squid
>>> [root at localhost ~]# ls -l /var/run/squid.pid 
>>> -rw-r--r-- 1 squid squid 5 Jun 10 04:45 /var/run/squid.pid
>>> [root at localhost ~]# 
> 
> squid.pid should not exist when Squid is shutdown.
> 
> You should delete it and ensure that Squid is started by the root user,
> which already should have permission to alter the /var/run directory and
> create the squid.pid file correctly.
> 
>>> 
>>> but here i don’t see the file /var/run/squid …….i used to see file called /var/run/squid not /var/run/squid.pid
>>> 
> 
> /var/run/squid should be a directory. Its where the state data gets
> placed now. It may be unused in your installation or just not.
> 
> squid.pid may be under /var/run/squid or /var/run depending on your
> installation.
> 
> /run may be used instead of /var/run if you have a new enough system.
> 
> 
> ** For pre-packaged Squid. Don't worry about these unless Squid
> explicitly complains. Just go with what the package installation chose.
> 
> 
> ** For custom builds, the "make install" action should create
> /var/run/squid directory. If for some reason it does not (such as newly
> building an already deprecated old Squid version - which one shodul
> never do anyway). You may need to create it yourself, and assign
> squid:squid ownership.
> 
> 
>>> i also tried to add directive to squid.conf ==> pid_filename /var/run/squid.pid
>>> 
>>> but i have the same errror
>>> 
>>> 3-im using kernel default for Centos 7 and it do support IPV6 , i didn’t compile any kernel 
>>> 
>>> 
>>> 
>>> agin the error that i have is :
>>> kid2| commBind: Cannot bind	socket FD 782 to [::]: (2) No such file or directory
>>> 
> 
> As mentioned in the URL Eliezer reference you to already
> (<http://wiki.squid-cache.org/Features/SmpScale#Cannot_bind_socket_FD_NN_to_.5B::.5D:_.2813.29_Permission_denied>)
> that error is about the SMP UDS sockets.
> More specifically it is about the system shared memory device (/dev/shm).
> 
> * Some systems need the /dev/shm device to be explicitly turned on
> during startup. Check if it is enabled in your system and if not, what
> you have to do to fix that. Hints in the wiki.
> 
> * Check that /dev/shm path is owned by root. Only the OS itself should
> be doing things in there. Programs like Squid use kernel syscalls to
> make changes.
> 
> * Older Squid like yours could leave UDS sockets after a crash or broken
> config abort. Check that /dev/shm/ does not contain any "files" starting
> with "squid-" or owned by Squid when Squid is shutdown.
> If some exist use 'rm' to remove them and try restarting Squid.
> 
> 
>>> 
>>> not 
>>> kid2| commBind: Cannot bind	socket FD 782 to [::]: permission denied
>>> 
>>> 
>>> here is again compile options :
>>> 
>>>>> Squid Cache: Version 3.5.2
>>>>> Service Name: squid
>>>>> configure options:  '--prefix=/usr' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc'
>>> '--enable-cachemgr-hostname=Ahmad-Allzaeem'
> 
> ... unusual URL for accessing management reports:
>     http://Ahmad-Allzaeem/squid-internal-mgr/
> 
> 'cachemgr' means the Squid cache management API, specifically the
> cachemgr.cgi tool. Not an administrators name.
> 
> 
>>> '--localstatedir=/var' '--libexecdir=/lib/squid' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '' '--with-large-files' '--with-default-user=squid' --with-openssl' '--enable-snmp' '--with-included-ltdl' '--disable-arch-native'
>>>>> [root at localhost ~]# 
>>> 
>>> 
>>> and here is squid.conf 
>>> 
>>> [root at localhost ~]# cat /etc/squid/squid.conf | less
>>> cache deny all
>>> #################
>>> #pid_filename /var/run/squid.pid
>>> ####################
>>> visible_hostname squid
>>> cache_effective_user squid
>>> cache_effective_group squid
> 
> You should not need to use cache_effective_group. Particularly if you
> are wanting to use NTLM or Kerberos related functionality with Squid.
> 
> 
>>> ####################################
>>> #workers 2
>>> ########################################################################
>>> # Lockdown Procedures
>>> auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user
>>> acl ncsa_users proxy_auth REQUIRED
>>> http_access allow ncsa_users
>>> ############################
>>> f
> 
> Please move the auth and http_access lines down to below where it says:
> "
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> "
> 
> Doing complex things like auth up here at the top of the config your
> proxy is made more vulnerable than it should be to various DoS and
> traffic smuggling attacks.
> 
> 
> <snip>
>>> #
>>> # Recommended minimum Access Permission configuration:
>>> #
>>> # Deny requests to certain unsafe ports
>>> http_access deny !Safe_ports
>>> 
>>> # Deny CONNECT to other than secure SSL ports
>>> http_access deny CONNECT !SSL_ports
>>> 
>>> # Only allow cachemgr access from localhost
>>> http_access allow localhost manager
>>> http_access deny manager
>>> 
>>> # We strongly recommend the following be uncommented to protect innocent
>>> # web applications running on the proxy server who think the only
>>> # one who can access services on "localhost" is a local user
>>> #http_access deny to_localhost
>>> 
>>> #
>>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>>> #
>>> 
>>> # Example rule allowing access from your local networks.
>>> # Adapt localnet in the ACL section to list your (internal) IP networks
>>> # from where browsing should be allowed
>>> http_access allow localnet
>>> http_access allow localhost
>>> 
>>> # And finally deny all other access to this proxy
>>> http_access deny all
>>> 
>>> # Squid normally listens to port 3128
>>> http_port 1234
> 
> Why 1234? 3128 has been formally registered for Squid use.
> 
> 
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160610/984745be/attachment.html>


More information about the squid-users mailing list