[squid-users] HTTPS woes
Eliezer Croitoru
eliezer at ngtech.co.il
Wed Apr 19 21:24:01 UTC 2017
What OS are you using?
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Olly Lennox
Sent: Wednesday, April 19, 2017 7:30 PM
To: Olly Lennox <oliver at lennox-it.uk>; L. P. H. van Belle <belle at bazuin.nl>; squid-users at squid-cache. org <squid-users at squid-cache.org>
Subject: Re: [squid-users] HTTPS woes
Sorry it's back,
I've narrowed down the problem, hopefully someone can help. When Squid starts it creates the directory /var/run/squid as user proxy:proxy.
If I remove this or leave it as is then the application won't launch on subsequent reboots.
If I chown the directory as root:root then the application will launch on boot but proxy:proxy takes back ownership and it won't launch again on subsequent reboots.
I'm guessing this is something to do with the running processes, does anyone know what's going wrong?
Cheers,
Olly
------------
Never mind I've sorted it! The issue was due to the /var/run directory and the program not being able to create squid.pid. I amended the permissions and seems to be working fine now
Thanks a lot for the link, I'll implement that once I get this problem fixed. Sadly the change hasn't worked. My current /etc/fstab looks like this:
proc /proc proc defaults 0 0
PARTUUID=0d001852-01 /boot vfat defaults 0 2
PARTUUID=0d001852-02 / ext4 defaults,noatime 0 1
# a swapfile is not a swap partition, no line here
# use dphys-swapfile swap[on|off] for that
tmpfs /cache tmpfs defaults,noatime,nosuid,size=8000m 0 0
none /dev/shm tmpfs defaults 0 0
could the existing tmpfs line be causing problems?
oliver at lennox-it.uk
lennox-it.uk
tel: 07900 648 252
________________________________
From: L. P. H. van Belle <belle at bazuin.nl>
To: "squid-users at squid-cache. org" <squid-users at squid-cache.org>
Sent: Wednesday, 19 April 2017, 11:05
Subject: Re: [squid-users] HTTPS woes
Hai,
Im guess, squid is starting to soon, or there is not /dev/shm
Check/Try adding, if not already in /etc/fstab
none /dev/shm tmpfs defaults 0 0
And reboot the server.
Or, i dont know and someone else can tell you. ;-)
But on my jessie with squid 3.5.24+ssl i dont see this problem.
A small tip about the certificates on debian or ubuntu.
Install ca-certificates ( apt-get install ca-certificates )
And read : https://www.brightbox.com/blog/2014/03/04/add-cacert-ubuntu-debian/
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: squid-users
> [mailto:squid-users-bounces at lists.squid-cache.org] Namens Olly Lennox
> Verzonden: woensdag 19 april 2017 11:22
> Aan: Amos Jeffries; squid-users at lists.squid-cache.org
> Onderwerp: Re: [squid-users] HTTPS woes
>
> Thanks Amos, I'll install this. One last question if I may!
> Squid is working fine now with both HTTP and HTTPS but for
> some reason it is refusing to launch on boot.
>
> It works perfectly when started with "service squid start"
> but not boot. The error is:
> squid.service - LSB: Squid HTTP Proxy version 3.x
> Loaded: loaded (/etc/init.d/squid; generated; vendor
> preset: enabled)
> Active: failed (Result: resources) since Wed 2017-04-19
> 10:19:18 BST; 53s ago
> Docs: man:systemd-sysv-generator(8)
> Process: 598 ExecStart=/etc/init.d/squid start
> (code=exited, status=0/SUCCESS)
>
> Apr 19 10:19:13 raspberrypi (squid-1)[1606]:
> Ipc::Mem::Segment::open failed to
> shm_open(/squid-ssl_session_cache.shm): (2) No such file or
> direct Apr 19 10:19:13 raspberrypi squid[1283]: Squid Parent:
> (squid-1) process 1606 exited with status 1 Apr 19 10:19:16
> raspberrypi squid[1283]: Squid Parent: (squid-1) process 1633
> started Apr 19 10:19:18 raspberrypi squid[1283]: Squid
> Parent: (squid-1) process 1633 exited with status 1 Apr 19
> 10:19:18 raspberrypi squid[1283]: Squid Parent: (squid-1)
> process 1633 will not be restarted due to repeated, frequent
> failures Apr 19 10:19:18 raspberrypi squid[1283]: Exiting due
> to repeated, frequent failures Apr 19 10:19:18 raspberrypi
> systemd[1]: squid.service: Daemon never wrote its PID file. Failing.
> Apr 19 10:19:18 raspberrypi systemd[1]: Failed to start LSB:
> Squid HTTP Proxy version 3.x.
> Apr 19 10:19:18 raspberrypi systemd[1]: squid.service: Unit
> entered failed state.
> Apr 19 10:19:18 raspberrypi systemd[1]: squid.service: Failed
> with result 'resources'.
>
> Any ideas?
>
>
>
> ________________________________
> From: Amos Jeffries <squid3 at treenet.co.nz>
> To: squid-users at lists.squid-cache.org
> Sent: Wednesday, 19 April 2017, 5:22
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> Olly, Debian provides a ca-certificates package containing
> the Mozilla CA list. It is updated whenever the CA set
> changes. Though of course you should have apt connected to
> the relevant security repository (jesse-security?) for
> regular updates.
>
>
> Amos
>
>
> On 19/04/17 03:10, Olly Lennox wrote:
>
> Would you mind sharing the script you use?
> >
> >oliver at lennox-it.uk
> >lennox-it.uk
> >tel: 07900 648 252
> >
>
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list