[squid-users] HTTPS woes

Amos Jeffries squid3 at treenet.co.nz
Wed Apr 19 16:52:46 UTC 2017


On 20/04/17 04:30, Olly Lennox wrote:
> Sorry it's back,
>
>
> I've narrowed down the problem, hopefully someone can help. When Squid starts it creates the directory /var/run/squid as user proxy:proxy.
>
> If I remove this or leave it as is then the application won't launch on subsequent reboots.
>
> If I chown the directory as root:root then the application will launch on boot but proxy:proxy takes back ownership and it won't launch again on subsequent reboots.
>
> I'm guessing this is something to do with the running processes, does anyone know what's going wrong?
>

/var/run/squid/* is where the FHS standard requires Squid's run-time 
dynamic data to be stored. The exception on some systems is the PID file 
- though it should really be in there too. The Squid init script on 
Debian is enforcing that.

If you have SELinux on the system it may be breaking access to HTTPS 
related things since the OpenSSL features are not part of Debian 
normally. For example, after initializing the ssl_db directory and 
ensuring it has the correct permissions you may need to run 'restorecon 
-R' on it.

Amos



More information about the squid-users mailing list