Squid, SquidGuard, Lightsquid status on 2.3
-
I fixed some more issues in squid today and have a few notes for those who may be upgrading from 2.2.x or earlier to 2.3 and having problems:
1. Make sure that the most current version of the squid package is loaded (>= 0.4.12)
2. Clean up leftover PBI messes:
find / -type l -print0 | xargs -0 ls -l | egrep '(squid|perl|pbi)'Remove any symlinks still pointing to PBI dirs, especially things like perl, lightsquid, perl5, etc.
For example:
lrwxr-xr-x 1 root wheel 39 May 7 2015 /usr/bin/perl -> /usr/pbi/lightsquid-i386/local/bin/perl lrwxr-xr-x 1 root wheel 45 May 7 2015 /usr/local/etc/lightsquid -> /usr/pbi/lightsquid-i386/local/etc/lightsquid lrwxr-xr-x 1 root wheel 40 May 7 2015 /usr/local/lib/perl5 -> /usr/pbi/lightsquid-i386/local/lib/perl5 lrwxr-xr-x 1 root wheel 45 Nov 5 10:32 /usr/local/www/lightsquid -> /usr/pbi/lightsquid-i386/local/www/lightsquid3. Blow away the cache:
mv /var/squid/cache /var/squid/cache.old squid -z rm -rf /var/squid/cache.old -
Coming from a Windows background I don't understand the pbi comment and symlinks. Any chance this fix can be automated?
-
Not in the package. It fails before it gets to a point where the package can run any code.
-
I've pushed a fix to make sure all symlinks pointing to /usr/pbi are removed when upgrade from 2.2 to 2.3. It'll be available on next snapshots
-
And if you're already on 2.3, you can use the command from that commit to clean up manually:
find / -type l -lname '/usr/pbi/*' -delete -
And I was just going to ask this :)
-
I fixed some more issues in squid today and have a few notes for those who may be upgrading from 2.2.x or earlier to 2.3 and having problems:
1. Make sure that the most current version of the squid package is loaded (>= 0.4.12)
2. Clean up leftover PBI messes:
find / -type l -print0 | xargs -0 ls -l | egrep '(squid|perl|pbi)'Remove any symlinks still pointing to PBI dirs, especially things like perl, lightsquid, perl5, etc.
For example:
lrwxr-xr-x 1 root wheel 39 May 7 2015 /usr/bin/perl -> /usr/pbi/lightsquid-i386/local/bin/perl lrwxr-xr-x 1 root wheel 45 May 7 2015 /usr/local/etc/lightsquid -> /usr/pbi/lightsquid-i386/local/etc/lightsquid lrwxr-xr-x 1 root wheel 40 May 7 2015 /usr/local/lib/perl5 -> /usr/pbi/lightsquid-i386/local/lib/perl5 lrwxr-xr-x 1 root wheel 45 Nov 5 10:32 /usr/local/www/lightsquid -> /usr/pbi/lightsquid-i386/local/www/lightsquid3. Blow away the cache:
mv /var/squid/cache /var/squid/cache.old squid -z rm -rf /var/squid/cache.old/pkg_edit.php: The command '/usr/local/sbin/squid -z -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'FATAL: getpwnam failed to find userid for effective user 'squid' Squid Cache (Version 3.5.12): Terminated abnormally. CPU Usage: 0.018 seconds = 0.018 user + 0.000 sys Maximum Resident Size: 50000 KB Page faults with physical i/o: 0' -
That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow
-
It mostly worked for me. I was able to install freeradius but squid returned an error. Did you catch it in my other post?
-
That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow
work
-
squidguard
errorwarning on instalation>>> Installing pfSense-pkg-squidGuard... Updating pfSense-core repository catalogue... pfSense-core repository is up-to-date. Updating pfSense repository catalogue... pfSense repository is up-to-date. All repositories are up-to-date. The following 3 package(s) will be affected (of 0 checked): New packages to be INSTALLED: pfSense-pkg-squidGuard: 1.12 [pfSense] squidGuard: 1.4_15 [pfSense] db5: 5.3.28_3 [pfSense] The process will require 15 MiB more space. 1 MiB to be downloaded. Fetching pfSense-pkg-squidGuard-1.12.txz: ..... done Fetching squidGuard-1.4_15.txz: .... done Fetching db5-5.3.28_3.txz: .......... done Checking integrity... done (0 conflicting) [1/3] Installing db5-5.3.28_3... [1/3] Extracting db5-5.3.28_3: .......... done [2/3] Installing squidGuard-1.4_15... [2/3] Extracting squidGuard-1.4_15: ..... done [3/3] Installing pfSense-pkg-squidGuard-1.12... [3/3] Extracting pfSense-pkg-squidGuard-1.12: .......... done Saving updated package information... done. Loading package configuration... done. Configuring package components... Loading package instructions... Warning: file_put_contents(/usr/local/etc/squidGuard/squidguard_conf.xml): failed to open stream: No such file or directory in /usr/local/pkg/squidguard.inc on line 1045 Call Stack: 0.0004 228704 1\. {main}() /etc/rc.packages:0 0.1839 10561792 2\. install_package_xml() /etc/rc.packages:77 0.4223 11047992 3\. require_once('/usr/local/pkg/squidguard.inc') /etc/inc/pkg-utils.inc:702 0.4543 12883648 4\. convert_pfxml_to_sgxml() /usr/local/pkg/squidguard.inc:100 0.4574 12913928 5\. file_put_contents() /usr/local/pkg/squidguard.inc:1045 Custom commands... Executing custom_php_install_command()...done. Executing custom_php_resync_config_command()...done. Menu items... done. Services... done. Writing configuration... done. Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.Message from squidGuard-1.4_15: =================================================================== In order to activate squidGuard you have to edit squid.conf To the contain "url_rewrite_program /usr/local/bin/squidGuard" and create a configuration file for squidGuard. Sample blacklists have been installed in /usr/local/share/examples/squidGuard. A sample configuration file has beeen installed in /usr/local/etc/squid/squidGuard.conf.sample. You need to edit the configuration and compile the blacklist you choose to use with: squidGuard -d -C all Please bear in mind that this is just a sample configuration file and for any real world usage you need to download or create your own updated blacklists and create your own configuration file. Check documentation here: http://www.squidguard.org/Doc/ To activate the changes do a /usr/local/sbin/squid -k reconfigure =================================================================== Message from pfSense-pkg-squidGuard-1.12: Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details. >>> Cleaning up cache... done. Success -
squidguard
errorwarning on instalationI'll push a fix for that, looks easy enough to correct.
-
error on lightsquid
Jan 21 16:31:22 php-fpm 28398 /rc.start_packages: [lightsquid] Error: Could not load default '/usr/local/etc/lightsquid/lightsquid.cfg.dist' configuration file. Jan 21 16:31:22 php-fpm 28398 /rc.start_packages: [lightsquid] Error: Could not create '/usr/local/etc/lightsquid/lightsquid.cfg' configuration file. Jan 21 16:31:22 php-fpm 28398 /rc.start_packages: [lightsquid] Removing old cronjobs... -
Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.
-
Fired up a test vm with a clean 2.3 install, squid appears to be working as long as I disable clamav and c-icap.
I seriously lack time lately, after a (really) quick check it doesn't seem to build the .sock file and it probably misses something else.
I think you guys are well-aware of it but I'll be happy to provide more info as soon as I can if needed.Thank you once again for the awesome job you keep doing.
See ya! -
We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.
-
When ever i turn on Transparent HTTP Proxy i couldn't browse any website , but there is no problem if i use explicit proxy .
Any one have the same issue ???
-
I can't use transparent or adding it to my system direct. They both fail. Looks like a few of us having the problem but no cause or solution yet to my knowledge.
-
Clean install, restore configs, problem remains.
-
Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.
We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.
What does this mean? It's fixed in 2.3 final right?
