Squid Returned to Packages *** PLEASE TEST ***
-
Let me commit a newer squid.inc from my box into CVS
-
@ Databeesje: Indeed the -k option is better, but I didn't know if there were some problems with it in early editions, so I kept it like the way it was.
I must say the -k shutdown option takes some time to actually stop, sometimes up till a minute, I don't know what happens if you start it when the old one is still running.Strange that the data is not going thru the proxy..
I used this page http://www.ericgiguere.com/tools/http-header-viewer.html to see if my proxy is running, and on my box it worked great.. with the proxy turned on you could see the header is changing.@rsw686: the script does create the dirs and even doe a -z to rebuild the cache
I seems the that the dir isn't passed thru correctly… -
Let me commit a newer squid.inc from my box into CVS
I like your -k reconfigure haven't tought about that!
I saw you left out the abbility to change dirs (I think it's step 2 if you want to add that feature to list in the first place)
I'm going to change my version with the -k reconigure aswell…
-
I have added a shutdown time of 3 seconds a number of commits back. By default it waits 30 seconds. Which is silly.
Since squid binds and unbinds configurations seamlessly it seems appropriate. And bringing down the squid for a config change is not common. I use the reconfigure option as much as I can at work. Because it is non disruptive.
Furthermore I think we squid use squid check to see if the config is OK and squid is running.
Could be something wrong on my box though. Not sure. it's a bit of a testbox.
-
Well, I can't test right now, running a new install ::)
The config was screwed so I resetted to factory default, and after that I wouldn't let me installe the squid package again…and I think I have 3 versions of squid installed on that box now, so it will be time..
-
In terms of the throttling not working as I expected, I believe that squid.inc line 544 should be changed from
delay_parameters 1 $overall/$threshold $perhost/$threshold
to
delay_parameters 1 $overall/$overall $perhost/$perhost
$threshold is 10MB, we don't even have 10MB on our link, we have 1MB, so the guys will never get throttled with the current squid.inc
From http://www.visolve.com/squid/squid24s1/glossary.php#Classes:
Each of these parameters is specified as restore / maximum - restore being the bytes per second restored to the bucket, and maximum being the amount of bytes that can be in the bucket at any time. It is important to remember that they are in bytes per second, not bits. To specify that a parameter is unlimited, use a -1.
If we wish to limit any parameter in bits per second, divide this amount by 8, and use the value for both the restore and the maximum. For example, to restrict the entire proxy to 64kbps, use:
delay_parameters 1 8000/8000
-
I don't mind changing that, but are you certain that actually works. I have zero experience with squid delay buckets.
-
Yes, I'm running it like that on a Smoothwall at the moment, and it does work.
-
@nicki
I haven't looked at throteling yet, but I'll change it… thanks..I have also an update for the latest CVS
In the restart script I would change
log_error("Reloading Squid for configuration sync");
mwexec("/usr/local/sbin/squid -k reconfigure");in to:
if (!is_service_running('squid')) {
log_error("Starting Squid");
mwexec_bg("/usr/local/sbin/squid -D");
mwexec_bg("/usr/local/etc/rc.d/proxy_monitor.sh");
} else {
log_error("Reloading Squid for configuration sync");
mwexec("/usr/local/sbin/squid -k reconfigure");
}because when you install squid fresh, it won't start.
So the first time you configure squid, it will start aswell...Btw, after my clean install it runs perfect.
I replaced the 3 files with my own version because I like to change my cache dir...
But I think it can be back in the list -
Newer squid.inc with fixes.
Cache location added to XML -
Newer squid.inc with fixes.
Cache location added to XMLGood job!!!! Looks to be working fine. The service starts without errors. I can't really test it further without reconfiguring my box to use the vmware pfSense so I'll let others do that.
-
Uhm, I'm sorry to say, but the cache dir won't work.. there is something else there have to be changed with processing the conf file..
I've added my version (I cahnged the restart with the -k reconfigure as you did, but added a service check… start when it doesn't run and reconfigure when it runs)
And the log dir is also configurable (for if you want to process the log)
Update: I have added the acl rules update as databeestje has made...
But I'm not sure what you ment with that update? you still can't run squid and the gui on the same port.
It won't allow you to do, because there is a check, but if you would force it on the same port it won't work either... -
the port 80 check is broken. I'm fixing that now. The service check is in.
The cache location allready made it in. You have log location changes too?
-
the port 80 check is broken. I'm fixing that now. The service check is in.
The cache location allready made it in. You have log location changes too?
I don't know what's wrong with it, but thanks for fixing it.
Yeah the logdir works the same as the cache dir…
But in your version in:
function squid_resync_cachethere is
$cachedir = SQUID_CACHEDIR;
that's wrong because that's still the fixed cache dir...
it should be
$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');same as with
$logdir_cache = SQUID_LOGDIR . '/cache.log';
$logdir_access = ($settings['log_enabled'] == 'on' ? SQUID_LOGDIR . '/access.log' : '/dev/null');that should be
$logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/log');$logdir_cache = $logdir . '/cache.log';
$logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null');I tought that's all, but I'm not 100% sure, otherwise check my included file in my previous post…
-
port 80 check fixed, added log dir option to xml.
-
Thanks to all those who contributed so far, my installation now at least starts up fine, and everything looks good!
Will test the throttling later today, got to get some sleep first.
-
I have made it available for the public again, and the 1st succes is in. I'm off to bed.
I think the log directory and cache directory creation is ok now and it should also populate the cache directory after changing.
Authentication really needs testing.
-
well just 1 small bug left. i dunno if this is a bug or intentional but the squid package cant work in transparent mode if the webgui is on the port 80 so have to change the port of the webgui. if this is intentional i think it's better to have a better notice to ask user to change the webgui port. anyways great job on the package it's working well now
-
i seen another bug again. seems like after installing the package u need to change the default cache location to another location first then change back to original or else it wont create the location and squid will fail to start with (squid): Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time. and the blacklist is not working. seems like sullrich is kinda right this thing is cursed
-
The throttling now behaves as expected. Thanks to all involved.
-
well just 1 small bug left. i dunno if this is a bug or intentional but the squid package cant work in transparent mode if the webgui is on the port 80 so have to change the port of the webgui. if this is intentional i think it's better to have a better notice to ask user to change the webgui port. anyways great job on the package it's working well now
No that's not a bug, you will lock yourself out of the webgui if you do that.
There can't be both services on the same port.About creating a cache dir.
I'll do a reinstall to be sure, but the problem is, if you had a squid version installed allready, it could give problems, because the cache dir is allready there but for another version
I'll take a look at it, maybe we can cange the install procedure that it will remove the old default cahce dir if it's there during install. -
nope mine is on fresh instalation of pfsense latest snapshot. it would not run unless i change the cache dir and change back and the blocklist is not working as well. anyways thanks for all the hardwork put into it. seems like the new squid breaks a lot of things. i'll try to test more features of the package for everyone
-
I have some other update…
in the resync functions after
log_error($disk_cache_location." does not exist. Creating.");
there must be mwexec("/usr/local/sbin/squid -k kill");otherwise it won't make the new cahce dir
Ok the kill option is not that nice, but who cares? we start with a new cache dir... so it's not a problem to shut it down this way.
I tried to do it nice, with the shutdown function, but that takes agesThis will be the new code:
if(!is_dir($disk_cache_location.'01/')) {
log_error($disk_cache_location." does not exist. Creating.");
mwexec("/usr/local/sbin/squid -k kill");But I'll give a new update later on.
I want to delete the old cache dir aswell, but that ain't as easy as I hope it would be.P.s This peace of code fixes the problem of having to setup the cache dir twice
-
Just a note to say thanks - the update is working here at the moment in transparent mode.
-
Squid package tested on bridge in transparent mode?
-
This is looking really good. Transparent mode is working well, but I'm not seeing any effects of the blacklist/whitelist. I know before I had to put an '*' in the blacklist if I wanted to fliter the web down to only the whitelisted sites. Is this still the case or am I missing another configuration step somewhere? I've tried adding the * but I'm still getting right through.
-
Newest CVS has seen some cleanups. Blacklisting appears broken to me. Can someone confirm this?
-
Databeesje I saw you didn't add the lines I sugest, but now if you change your cache dir, you have to save twice… once to let scquid "crash" and the 2nd time to actually make the cahce dir (you can't make the cache dir while squid is running) so I sugest you add the -k kill when you change the cash dir...
about removing the cache, I have to figure out how I can give an hidden value in the form, so I can pass some vars while the user hits save... anyone an idea how to do that in squid?
-
Makes sense, I'll fix this.
Have you been able to test blacklists? I have been unable to make them work.
-
not yet, I just arrived home…
But I'll try it out..
-
I think the squid version we use has no acl support..
If I just remove all acl lines and add http_access deny all
you would suspect no data will get thru, but it keeps running. -
May be one seriouse bug when installed any redirector package (squidGuard for example) who need Squid package.
*** When redirector installed - we can't correctly full reinstall or delete squid package - redirector block delete Squid package ***May be need check installation known redirector packages and notify user about this.
-
I did not know squidguard already worked.
About the ACL support. From what I can see the unrestricted acl does have a effect. Normally windows update fails, but it works if I put the IP in the unrestricted box on the access control page.
Weird
-
I did not know squidguard already worked.
About the ACL support. From what I can see the unrestricted acl does have a effect. Normally windows update fails, but it works if I put the IP in the unrestricted box on the access control page.
Weird
This not only squidGuard - any other who need squid.
ps: minimum 2 variant of squidGuard package worked
http://forum.pfsense.org/index.php/topic,3107.0.html
and
http://forum.pfsense.org/index.php/topic,3111.0.htmlbut this no in official packages
-
Downloading package configuration file… done.
Saving updated package information... done.
Downloading squid and its dependencies... done.
Checking for successful package installation... failed!Installation aborted.
Any suggestions?
-
On boot, the screen freezes on the line "Stopping /usr/local/etc/rc.d/proxy_monitor.sh" I know this was an issue under previous versions as well but never really got resolved. The system boots, the proxy runs, there is just no console.
-
You need to update to the latest testing snapshot…
http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-14-2006/
-
Running 1.0.1-SNAPSHOT-12-20-2006 and the 2.6.5_1-p2 release of squid and cannot get the blacklist to work at all. there is nothing being output to show an error. Its like its just ignoring the list. also i noticed that I could not get my browser to connect directly to port 3128 when setting it to manually use the proxy until i changed it to a different port.
-
Running 1.0.1-SNAPSHOT-12-20-2006 and the 2.6.5_1-p2 release of squid and cannot get the blacklist to work at all. there is nothing being output to show an error. Its like its just ignoring the list. also i noticed that I could not get my browser to connect directly to port 3128 when setting it to manually use the proxy until i changed it to a different port.
That works good over here, did you dissable the transparent proxy? In transparent proxy the port setting does nothing..
-
yes i did. i turned it off before trying it manually. with it not blacklisting, its next to impossible to tell if the transparent proxy is even doing anything so I wanted to see what was happening when i ran it manually thru the proxy. both ways ignore the blacklist. just providing feedback for the guys working on this port.