Squid, SquidGuard, Lightsquid status on 2.3
-
I fixed up some issues in the GUI for squid, squidGuard, and Lightsquid though some yet remain.
- In squid, the monitor page has been converted to Bootstrap. The others pages are XML and do not need conversion, but there were some rendering issues with form field text that should be resolved in current snapshots.
- In squidGaurd, the blacklist and log page to Bootstrap and I made a few other relevant adjustments to other items to be Bootstrap-friendly. Still could use some tweaks but it's generally functional at least. As with squid, there were some rendering issues that require being on a new snapshot to solve.
- In lightsquid, there is less progress. The change to nginx introduces a problem here because lightsquid wants to use perl CGI, which nginx does not support, so we'll need to figure out how to best solve that. I fixed some rendering issues with the sqstat page but it also seems to have a more fundamental issue in that it doesn't seem to be properly polling squid.
-
Looks like some of the changes aren't in the latest snap yet, but it should be up soon. In the meantime an update and then gitsync should do it.
-
I fixed up some issues in the GUI for squid, squidGuard, and Lightsquid though some yet remain.
- In squid, the monitor page has been converted to Bootstrap. The others pages are XML and do not need conversion, but there were some rendering issues with form field text that should be resolved in current snapshots.
- In squidGaurd, the blacklist and log page to Bootstrap and I made a few other relevant adjustments to other items to be Bootstrap-friendly. Still could use some tweaks but it's generally functional at least. As with squid, there were some rendering issues that require being on a new snapshot to solve.
- In lightsquid, there is less progress. The change to nginx introduces a problem here because lightsquid wants to use perl CGI, which nginx does not support, so we'll need to figure out how to best solve that. I fixed some rendering issues with the sqstat page but it also seems to have a more fundamental issue in that it doesn't seem to be properly polling squid.
It' not clear to me that we need 3 packages for squid, but then, I'm not a squid fan.
Given that we have nginx, and Lua why not just run the BSD licensed Ledge https://github.com/pintsized/ledge
-
Squid is the base proxy, squidGuard just does URL filtering in combination with squid (it is not itself a proxy) and lightsquid parses the logs to produce access reports.
I'd love to see something native in nginx+lua but all I've seen so far with nginx+lua like Ledge or OpenResty is a reverse proxy (like haproxy, varnish, and the "squid-reverse" parts) but I haven't seen anything like a client forward proxy to arbitrary remote servers with access controls like squid+squidGuard does.
-
Hi!
Tested squid and it works (looks) great now.
Lightsquid as you mentioned is useless right now.
Reports are not working (cgi) realtime data also not working.Btw, will sarg be ported? Its handy for reports.
-
Sarg is unlikely to come back. It has been a huge source of trouble. It rarely works as expected and more often than not results in the reports filling up people's disks (either by size or by running it out of inodes with tons of tiny files). If it does come back, we'd need some assurance that the package has been improved sufficiently that it wouldn't be a source of problems.
-
SquidGuard isn't filtering, have the targets set like I normally would, have applied, have saved, have done everything, even custom blacklists are not working.
I have netflix on a blacklist, and traffic passes right through, nothing showing anywhere that SquidGuard isn't working, aside from it… not working... Services shows it as running.
-
Hmm, interesting. Granted I didn't try it extensively, it did filter for me. I got the error redirect page and all.
You might start a fresh thread for that. I was only focusing on the GUI issues. Someone else may have better insight on the backend part of the code.
-
SquidGuard isn't filtering, have the targets set like I normally would, have applied, have saved, have done everything, even custom blacklists are not working.
I have netflix on a blacklist, and traffic passes right through, nothing showing anywhere that SquidGuard isn't working, aside from it… not working... Services shows it as running.
I think I found the problem here. Update the squidGuard package to version 1.12 when it comes out here in a few minutes and then try it again.
-
I can confirm that SquidGuard v1.12 on the current version of 2.3 is working in terms of the target lists and blocking/whitelisting.
Only other thing I can personally see is just a slightly annoying issue while using the pfsense dark theme setting, when looking at the target rules, you get white text on an almost white bar for every other category. Though, it seems the black one isn't the default :)
Thanks for all the hard work jimp!
-
I fixed some more issues in squid today and have a few notes for those who may be upgrading from 2.2.x or earlier to 2.3 and having problems:
1. Make sure that the most current version of the squid package is loaded (>= 0.4.12)
2. Clean up leftover PBI messes:
find / -type l -print0 | xargs -0 ls -l | egrep '(squid|perl|pbi)'Remove any symlinks still pointing to PBI dirs, especially things like perl, lightsquid, perl5, etc.
For example:
lrwxr-xr-x 1 root wheel 39 May 7 2015 /usr/bin/perl -> /usr/pbi/lightsquid-i386/local/bin/perl lrwxr-xr-x 1 root wheel 45 May 7 2015 /usr/local/etc/lightsquid -> /usr/pbi/lightsquid-i386/local/etc/lightsquid lrwxr-xr-x 1 root wheel 40 May 7 2015 /usr/local/lib/perl5 -> /usr/pbi/lightsquid-i386/local/lib/perl5 lrwxr-xr-x 1 root wheel 45 Nov 5 10:32 /usr/local/www/lightsquid -> /usr/pbi/lightsquid-i386/local/www/lightsquid3. Blow away the cache:
mv /var/squid/cache /var/squid/cache.old squid -z rm -rf /var/squid/cache.old -
Coming from a Windows background I don't understand the pbi comment and symlinks. Any chance this fix can be automated?
-
Not in the package. It fails before it gets to a point where the package can run any code.
-
I've pushed a fix to make sure all symlinks pointing to /usr/pbi are removed when upgrade from 2.2 to 2.3. It'll be available on next snapshots
-
And if you're already on 2.3, you can use the command from that commit to clean up manually:
find / -type l -lname '/usr/pbi/*' -delete -
And I was just going to ask this :)
-
I fixed some more issues in squid today and have a few notes for those who may be upgrading from 2.2.x or earlier to 2.3 and having problems:
1. Make sure that the most current version of the squid package is loaded (>= 0.4.12)
2. Clean up leftover PBI messes:
find / -type l -print0 | xargs -0 ls -l | egrep '(squid|perl|pbi)'Remove any symlinks still pointing to PBI dirs, especially things like perl, lightsquid, perl5, etc.
For example:
lrwxr-xr-x 1 root wheel 39 May 7 2015 /usr/bin/perl -> /usr/pbi/lightsquid-i386/local/bin/perl lrwxr-xr-x 1 root wheel 45 May 7 2015 /usr/local/etc/lightsquid -> /usr/pbi/lightsquid-i386/local/etc/lightsquid lrwxr-xr-x 1 root wheel 40 May 7 2015 /usr/local/lib/perl5 -> /usr/pbi/lightsquid-i386/local/lib/perl5 lrwxr-xr-x 1 root wheel 45 Nov 5 10:32 /usr/local/www/lightsquid -> /usr/pbi/lightsquid-i386/local/www/lightsquid3. Blow away the cache:
mv /var/squid/cache /var/squid/cache.old squid -z rm -rf /var/squid/cache.old/pkg_edit.php: The command '/usr/local/sbin/squid -z -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'FATAL: getpwnam failed to find userid for effective user 'squid' Squid Cache (Version 3.5.12): Terminated abnormally. CPU Usage: 0.018 seconds = 0.018 user + 0.000 sys Maximum Resident Size: 50000 KB Page faults with physical i/o: 0' -
That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow
-
It mostly worked for me. I was able to install freeradius but squid returned an error. Did you catch it in my other post?
-
That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow
work
