Squid3 - New GUI with sync, normal and reverse proxy
-
-
None of any entry works. All entries result in a "bungled squid config". It doesnt work. :(
-
what do you have on squid.conf file after applying your config?
The squid gui includes http_port config.
-
Here we go:
# Do not edit manually ! http_port 192.168.1.1:8080 icp_port 7 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_default_language de icon_directory /usr/local/etc/squid/icons visible_hostname pfsense cache_mgr hier@da.de access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none sslcrtd_children 0 logfile_rotate 0 shutdown_lifetime 3 seconds uri_whitespace encode acl dynamic urlpath_regex cgi-bin \? cache deny dynamic cache_mem 8 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir ufs /var/squid/cache 1000000 16 256 minimum_object_size 0 KB maximum_object_size 4 KB offline_mode offcache_swap_low 90 cache_swap_high 95 # No redirector configured #Remote proxies # Setup some default acls acl allsrc src all acl localhost src 127.0.0.1/32 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl allowed_subnets src 192.168.1.0/24 acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl" http_access allow manager localhost # Allow external cache managers acl ext_manager src 127.0.0.1 acl ext_manager src 192.168.1.1 acl ext_manager src http_access allow manager ext_manager http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc # Reverse Proxy settings # Package Integration redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf redirector_bypass on redirect_children 3 # Custom options # http_port 8080 intercept; ident_lookup_access allow all; ident_timeout 3 seconds; # Always allow access to whitelist domains http_access allow whitelist # Setup allowed acls http_access allow allowed_subnets # Default block all to be sure http_access deny allsrc
and here the log-entry:
php: /pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '2012/07/18 16:32:18| aclParseAclList: ACL name 'all;' not found. FATAL: Bungled squid.conf line 84: ident_lookup_access allow all; Squid Cache (Version 3.1.20): Terminated abnormally. CPU Usage: 0.018 seconds = 0.018 user + 0.000 sys Maximum Resident Size: 4112 KB Page faults with physical i/o: 0'
Do you need more info?
-
-
duh! That was it. Thx for your help!!
-
Hello, just reinstalled squid3 and it is still not caching. logs give TCP_MISS/200
thank you
-
my HD died in the router. on a fresh reinstall i can install the squid3 package but i get this in the system log.
php: /pkg_mgr_install.php: XML error: Mismatched tag at line 348 in /usr/local/pkg/squid.xml
the package doesnt have any menu item options either.
corrupt package?
-
the line in the xml refers to :
<default_value>en</default_value>
as part of
<field><fielddescr>Language</fielddescr>
<fieldname>error_language</fieldname>
<description>Select the language in which the proxy server will display error messages to users.</description>
<type>select</type>
<default_value>en</default_value></field> -
a pull request has been submited by phil that should fix that. We are waiting on a dev to pull in that request.
-
the line in the xml refers to :
<default_value>en</default_value>
It's fixed now, wait 15 minutes and reinstall
att,
Marcello Coutinho -
Thanks!
-
Apologies to all - my little "fix" for the default language had a bit of extra cut-and-paste somehow. I noticed it soon after it got committed, but unfortunately it took quite a while for anyone with the necessary privs to commit the better version. I'll stare a lot harder at seemingly mindless fixes in future!
-
Apologies to all - my little "fix" for the default language had a bit of extra cut-and-paste somehow. I noticed it soon after it got committed, but unfortunately it took quite a while for anyone with the necessary privs to commit the better version. I'll stare a lot harder at seemingly mindless fixes in future!
Its working now. Thank you all for your help. ;D
-
I would like to report a bug in the Squid Reverse Proxy. Under the HTTPS settings the default port used is 443 if you leave the feild empty. However if you look at squid.conf in /usr/local/etc/squid the listening port is still 80. So you have to manually put in 443 for the listening port.
Even though I found this bug I'm still having issues with getting the HTTPS reverse proxy working correctly.
I'm getting a squid error page saying Access Denied. Access control configuration prevents your request from being allowed at this time.
Not sure of the problem but it looks like others are having problems with the reverse proxy on HTTPS as well.
http://forum.pfsense.org/index.php/topic,51945.0.html -
Folks, is there any reason why in proxy_monitor.sh you're using a series of pipes (btw both awk seem redundant)
NUM_PROCS=`ps auxw | grep "[s]quid -D"|awk '{print $2}'| wc -l | awk '{ print $1 }'` rather than a simpler pgrep -f "process" | wc -l ?[/s]
-
Please re-install as I have modified the code using the pgrep a couple of days ago.
-
Please re-install as I have modified the code using the pgrep a couple of days ago.
Hi, I'm not running squid on pfsense, but I just happened to notice the commits at:
https://github.com/bsdperimeter/pfsense-packages/blob/master/config/squid3/proxy_monitor.sh
(which is the latest code afaik) -
sorry .. looking at the wrong line of code. That package (squid3) is for 1.2.3. The one that is on 2.1 and I think 2.0 is under the directory squid-reverse. So, you are talking about making it:
NUM_PROCS=`pgrep -f "squid -f" | wc -l | awk '{ print $1 }'`
The awk has to be in there to format the number returned properly as output without the awk yields spaces or tabs before the number returned.
or evenNUM_PROCS=`ps auxw | grep -c "[s]quid -f"' This has only 1 pipe like your example.[/s]
-
@marcelloc - I corrected the conf_mount_rw and conf_mount_ro calls so that after a squid3 installation on nanobsd-like systems the filesystem ends up read-only. (Previously it was accidentally left read-write at the end of the install).
Now this message appears in /tmp/PHP_errors.log
[03-Aug-2012 04:16:47 UTC] PHP Warning: copy(/root/2.1-BETA0.captiveportal.inc.backup): failed to open stream: Read-only file system in /usr/local/pkg/squid.inc on line 1640
This is the code:
if (!file_exists('/root/'.$pfsense_version.'.captiveportal.inc.backup')) { copy ($cp_file,'/root/'.$pfsense_version.'.captiveportal.inc.backup'); } if($found_rule > 0){ file_put_contents($cp_file,$new_cp_inc, LOCK_EX); }
I am not sure what you want to do, perhaps put the backup in /tmp? (lost after a reboot on nanobsd), perhaps also only do the backup if a rule is found? Maybe something like this:
if($found_rule > 0){ if (!file_exists('/tmp/'.$pfsense_version.'.captiveportal.inc.backup')) { copy ($cp_file,'/tmp/'.$pfsense_version.'.captiveportal.inc.backup'); } file_put_contents($cp_file,$new_cp_inc, LOCK_EX); }
This code is not in the older squid(2), so this problem is just in squid3.