[squid-users] HTTPS woes

Eliezer Croitoru eliezer at ngtech.co.il
Wed Apr 19 21:24:01 UTC 2017


What OS are you using?

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il



-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Olly Lennox
Sent: Wednesday, April 19, 2017 7:30 PM
To: Olly Lennox <oliver at lennox-it.uk>; L. P. H. van Belle <belle at bazuin.nl>; squid-users at squid-cache. org <squid-users at squid-cache.org>
Subject: Re: [squid-users] HTTPS woes

Sorry it's back,


I've narrowed down the problem, hopefully someone can help. When Squid starts it creates the directory /var/run/squid as user proxy:proxy. 

If I remove this or leave it as is then the application won't launch on subsequent reboots.

If I chown the directory as root:root then the application will launch on boot but proxy:proxy takes back ownership and it won't launch again on subsequent reboots.

I'm guessing this is something to do with the running processes, does anyone know what's going wrong?

Cheers,

Olly


------------
 



Never mind I've sorted it! The issue was due to the /var/run directory and the program not being able to create squid.pid. I amended the permissions and seems to be working fine now
 

Thanks a lot for the link, I'll implement that once I get this problem fixed. Sadly the change hasn't worked. My current /etc/fstab looks like this:


proc            /proc           proc    defaults          0       0 
PARTUUID=0d001852-01  /boot           vfat    defaults          0       2 
PARTUUID=0d001852-02  /               ext4    defaults,noatime  0       1 
# a swapfile is not a swap partition, no line here 
#   use  dphys-swapfile swap[on|off]  for that 
tmpfs /cache tmpfs defaults,noatime,nosuid,size=8000m 0 0 
none      /dev/shm        tmpfs  defaults        0 0 

could the existing tmpfs line be causing problems?

oliver at lennox-it.uk
lennox-it.uk
tel: 07900 648 252



________________________________
From: L. P. H.  van Belle <belle at bazuin.nl>
To: "squid-users at squid-cache. org" <squid-users at squid-cache.org> 
Sent: Wednesday, 19 April 2017, 11:05
Subject: Re: [squid-users] HTTPS woes



Hai, 


Im guess, squid is starting to soon, or there is not /dev/shm 


Check/Try adding, if not already in /etc/fstab 


none      /dev/shm        tmpfs   defaults        0 0 


And reboot the server. 



Or, i dont know and someone else can tell you. ;-) 

But on my jessie with squid 3.5.24+ssl i dont see this problem. 


A small tip about the certificates on debian or ubuntu. 

Install ca-certificates ( apt-get install ca-certificates ) 

And read : https://www.brightbox.com/blog/2014/03/04/add-cacert-ubuntu-debian/ 




Greetz, 


Louis








> -----Oorspronkelijk bericht-----

> Van: squid-users 

> [mailto:squid-users-bounces at lists.squid-cache.org] Namens Olly Lennox

> Verzonden: woensdag 19 april 2017 11:22

> Aan: Amos Jeffries; squid-users at lists.squid-cache.org

> Onderwerp: Re: [squid-users] HTTPS woes

> 

> Thanks Amos, I'll install this. One last question if I may! 

> Squid is working fine now with both HTTP and HTTPS but for 

> some reason it is refusing to launch on boot. 

> 

> It works perfectly when started with "service squid start" 

> but not boot. The error is:

> squid.service - LSB: Squid HTTP Proxy version 3.x

>    Loaded: loaded (/etc/init.d/squid; generated; vendor 

> preset: enabled)

>    Active: failed (Result: resources) since Wed 2017-04-19 

> 10:19:18 BST; 53s ago

>      Docs: man:systemd-sysv-generator(8)

>   Process: 598 ExecStart=/etc/init.d/squid start 

> (code=exited, status=0/SUCCESS)

> 

> Apr 19 10:19:13 raspberrypi (squid-1)[1606]: 

> Ipc::Mem::Segment::open failed to 

> shm_open(/squid-ssl_session_cache.shm): (2) No such file or 

> direct Apr 19 10:19:13 raspberrypi squid[1283]: Squid Parent: 

> (squid-1) process 1606 exited with status 1 Apr 19 10:19:16 

> raspberrypi squid[1283]: Squid Parent: (squid-1) process 1633 

> started Apr 19 10:19:18 raspberrypi squid[1283]: Squid 

> Parent: (squid-1) process 1633 exited with status 1 Apr 19 

> 10:19:18 raspberrypi squid[1283]: Squid Parent: (squid-1) 

> process 1633 will not be restarted due to repeated, frequent 

> failures Apr 19 10:19:18 raspberrypi squid[1283]: Exiting due 

> to repeated, frequent failures Apr 19 10:19:18 raspberrypi 

> systemd[1]: squid.service: Daemon never wrote its PID file. Failing.

> Apr 19 10:19:18 raspberrypi systemd[1]: Failed to start LSB: 

> Squid HTTP Proxy version 3.x.

> Apr 19 10:19:18 raspberrypi systemd[1]: squid.service: Unit 

> entered failed state.

> Apr 19 10:19:18 raspberrypi systemd[1]: squid.service: Failed 

> with result 'resources'.

> 

> Any ideas?

> 

> 

> 

> ________________________________

> From: Amos Jeffries <squid3 at treenet.co.nz>

> To: squid-users at lists.squid-cache.org

> Sent: Wednesday, 19 April 2017, 5:22

> Subject: Re: [squid-users] HTTPS woes

> 

> 

> 

> Olly,  Debian provides a ca-certificates package containing 

> the Mozilla CA list. It is updated whenever the CA set 

> changes. Though of course you should have apt connected to 

> the relevant security repository (jesse-security?) for 

> regular updates.

> 

> 

> Amos

> 

> 

> On 19/04/17 03:10, Olly Lennox wrote:

> 

> Would you mind sharing the script you use?

> > 

> >oliver at lennox-it.uk

> >lennox-it.uk

> >tel: 07900 648 252

> >

> 


_______________________________________________

squid-users mailing list

squid-users at lists.squid-cache.org

http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list