[squid-users] Configuration for cache_peer doesn't work
salil GK
gksalil at gmail.com
Fri Jan 20 00:08:57 UTC 2017
could there be a problem with the ssl support
the output of `squid3 -v`
Squid Cache: Version 3.1.19
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--libexecdir=${prefix}/lib/squid3' '--srcdir=.'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--disable-silent-rules' '--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3' '--mandir=/usr/share/man'
'--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap'
'--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
'--enable-icap-client' '--enable-follow-x-forwarded-for'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM'
'--enable-ntlm-auth-helpers=smb_lm,'
'--enable-digest-auth-helpers=ldap,password'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--enable-arp-acl' '--enable-esi' '--enable-zph-qos' '--enable-wccpv2'
'--disable-translation' '--with-logdir=/var/log/squid3'
'--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536'
'--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter'
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie
-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2
-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security'
--with-squid=/build/squid3-nkylXD/squid3-3.1.19
I tried to recompile squid source with the following options
./configure --with-openssl --enable-ssl
When I build this binary and run, it throws error like this
~ # ~/squid -N -Y -d 5 -f /tmp/minsquid.conf
/tandberg/squid: /lib/x86_64/libcrypto.so.1.0.0: no version information
available (required by /tandberg/squid)
/tandberg/squid: /lib/x86_64/libssl.so.1.0.0: no version information
available (required by /tandberg/squid)
2017/01/20 05:35:57| ERROR: MIME Config Table
/usr/local/squid/etc/mime.conf: (2) No such file or directory
FATAL: MIME Config Table /usr/local/squid/etc/mime.conf: (2) No such file
or directory
Squid Cache (Version 3.1.23): Terminated abnormally.
CPU Usage: 0.032 seconds = 0.031 user + 0.001 sys
Maximum Resident Size: 28368 KB
Page faults with physical i/o: 0
On 20 January 2017 at 04:01, salil GK <gksalil at gmail.com> wrote:
> Could some one please provide me some information on this. This is a kind
> of urgent for me now. Sorry for bothering too much.
>
> Thanks
> ~S
>
>
> On 19 January 2017 at 21:09, salil GK <gksalil at gmail.com> wrote:
>
>> Hello
>>
>> I am new to squid and I have a use case that I need to configure a
>> forward proxy with squid. But there will be two squid servers chained to
>> isolate the networks. So when client machine wanted to access some internet
>> site, they will specify proxy as my first squid server. This proxy in turn
>> will forward the packet to squid server 2 and from there traffic will be
>> forwarded to origin server and response will come through the same path.
>>
>> I could achieve this by configuring cache_peer.
>>
>> >>>>> configuration in SquidServer1
>>
>> http_port 3223
>>
>> include "/etc/squid3/blockedhosts.lst"
>>
>> http_access allow all
>>
>> cache_peer 10.106.251.90 parent 3223 0 no-query default
>>
>> <<<<<
>>
>> So this will forward packets to SquidServer2 ( 10.106.251.90 ) and then
>> will be forwarded further from there to origin server
>>
>>
>> Now I want to make ssl connection between SquidServer1 and SquidServer2.
>>
>> I tried the following line for cache_peer
>>
>> >>>>
>>
>> cache_peer 10.106.251.90 parent 3223 0 no-query default ssl
>> sslcert="/tmp/server_90.pem" sslkey="/tmp/privkey_90.pem"
>>
>> <<<<<
>>
>> But this doesn't work.
>>
>> when I try to start quid - it gives the following error
>>
>> >>>>>>
>>
>> ~ # /usr/sbin/squid3 -N -Y -d 5 -f /tmp/minsquid.conf
>>
>> 2017/01/19 21:04:24| parse_peer: token='ssl'
>>
>> FATAL: Bungled minsquid.conf line 12: cache_peer 10.106.251.90 parent
>> 3223 0 no-query default ssl sslcert="/tmp/server_90.pem"
>> sslkey="/tmp/privkey_90.pem"
>>
>> Squid Cache (Version 3.1.19): Terminated abnormally.
>>
>> CPU Usage: 0.004 seconds = 0.004 user + 0.000 sys
>>
>> Maximum Resident Size: 28224 KB
>>
>> Page faults with physical i/o: 0
>>
>> <<<<<<
>>
>> what could be the issue .
>>
>> -----
>>
>> In SquidServer2 I think I need to specify https port for the client to
>> access. I have put this line in config file
>>
>> >>>>>
>>
>> https_port 3224 cert=self_s_cert.pem key=key.pem
>>
>> <<<<<
>>
>> There while executing squid, getting the following error
>>
>>
>> >>>>
>>
>> ~ # /usr/sbin/squid3 -N -Y -d 5 -f /tmp/minsquid.conf
>>
>> 2017/01/19 15:37:40| cache_cf.cc(381) parseOneConfigFile: minsquid.conf:4
>> unrecognized: 'https_port'
>>
>> <<<<
>>
>>
>> Thanks
>>
>> ~S
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170120/90fc45f1/attachment.html>
More information about the squid-users
mailing list