Squid3 - New GUI with sync, normal and reverse proxy
-
I've commited my changes on GitHub: https://github.com/TheNetStriker/pfsense-packages/commit/7d926f3d44cee817475c20bde44fe6471bab4ba7 (I hope it worked, it was my first commit on GitHub)
I've added a new page to configure additional ports and added a configuration for client certificates.
-
I've added a new page to configure additional ports and added a configuration for client certificates.
I'm doing it on web servers page but I'll take a look on your code and see how can I merge it with my current uncommitted code.
Thanks for your code contribution. :)
-
squid access.log rotate problems
http://forum.pfsense.org/index.php/topic,59557.msg341017.html#msg341017
cron jobs not work
/bin/rm /var/squid/cache/swap.state; /usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.confreturns with error.
check it please marchelloc
/var/squid/logs/access.log
and my cache not works tomy squid .conf
# This file is automatically generated by pfSense # Do not edit manually ! http_port 10.50.2.1:3949 http_port 10.50.3.1:3949 http_port 127.0.0.1:3949 intercept icp_port 7 dns_v4_first on pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_default_language tr icon_directory /usr/local/etc/squid/icons visible_hostname localhost cache_mgr admin@localhost access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none sslcrtd_children 0 logfile_rotate 1 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 10.50.2.0/24 10.50.3.0/24 forwarded_for off via off httpd_suppress_version_string on uri_whitespace strip # Break HTTP standard for flash videos. Keep them in cache even if asked not to. refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private # Let the clients favorite video site through with full caching acl youtube dstdomain .youtube.com cache allow youtube # Windows Update refresh_pattern range_offset_limit -1 refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims cache_mem 512 MB maximum_object_size_in_memory 128 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir ufs /var/squid/cache 140000 16 256 minimum_object_size 0 KB maximum_object_size 4500000 KB offline_mode offcache_swap_low 90 cache_swap_high 95 # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # No redirector configured #Remote proxies # Setup some default acls acl allsrc src all acl localhost src 127.0.0.1/32 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 443 3128 1025-65535 acl sslports port 443 563 443 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT # Define protocols used for redirects acl HTTP proto HTTP acl HTTPS proto HTTPS http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc # Reverse Proxy settings deny_info TCP_RESET allsrc # Package Integration redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf redirector_bypass off url_rewrite_children 5 # Custom options # Setup allowed acls # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny allsrc
file is now 539 mb and become larger more than …
-
/bin/rm /var/squid/cache/swap.state; /usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf
the squid rotate cmd is the same from squid2
what errors do you get running it on console?
If you use sarg, you can disable squid rotate logs and enable it on sarg after report creation.
-
the squid rotate cmd is the same from squid2
what errors do you get running it on console?
If you use sarg, you can disable squid rotate logs and enable it on sarg after report creation.
i cant using sarg.
command is working but access.log file not rotating i delete today manuel that bigger than 600 mb.
access.log file rotate at 00:00 dially is important for us.
i ll check tomorrow morning.
-
Update :13-06-2013 09:00 PM access.log rotate is not working, still including yesterday log events.
1371044860.589 1479 10.50.2.115 TCP_MISS/200 39264 GET http://www.youtube.com/ - DIRECT/173.194.39.199 text/html
time stamp = GMT: Wed, 12 Jun 2013 13:47:40 GMT
-
If the script is on cron and if you can successful run it by hand, It's not related to squid.
Are you on nanobsd?
-
If the script is on cron and if you can successful run it by hand, It's not related to squid.
Are you on nanobsd?
no not nanobsd, system running at P4 PC
how to create script without delete the access.log file
if im create rm -rf command log file will be deleted. how to clean the only inside access.log file. -
how to create script without delete the access.log file
if im create rm -rf command log file will be deleted. how to clean the only inside access.log file.squid -k rotate -f /usr/local/etc/squid/squid.conf does it.
-
how to create script without delete the access.log file
if im create rm -rf command log file will be deleted. how to clean the only inside access.log file.squid -k rotate -f /usr/local/etc/squid/squid.conf does it.
oke i ll try it and inform you.
-
Does any version of Squidguard work with this -dev version of squid? I cant seem to get the Service to START.
-
Does any version of Squidguard work with this -dev version of squid? I cant seem to get the Service to START.
Since squid 3, it starts on demand. If you have access then squidguard will run.
-
squid -k rotate -f /usr/local/etc/squid/squid.conf does it.
marchelloc it does not work. still access.log file include 12.06.2013 events.
installed packagessquid3 3.1.20 pkg 2.0.6
squidguard 1.4_4 pkg v.1.9.5
Lightsquid 1.8.2 pkg v.2.32 -
Does any version of Squidguard work with this -dev version of squid? I cant seem to get the Service to START.
If you reinstalled the packages, sometimes squid is already started without "kids" or "children" active.
Somehow when squid is running it won't take the squidguard process as a child-process.
When that happens, just stop squid via the dashboard or services page and restart using the save button in the proxy server page.I use squid3-dev with squidGuard-squid3.
With squid3 and onwards I always manually edit the "squidguard_configurator.inc" to use squid3 options for child-processes.# ------------------------------------------------------------------------------ # squid config options # ------------------------------------------------------------------------------ define('REDIRECTOR_OPTIONS_REM', '# squidGuard options'); define('REDIRECTOR_PROGRAM_OPT', 'url_rewrite_program'); define('REDIRECT_BYPASS_OPT', 'url_rewrite_bypass'); define('REDIRECT_CHILDREN_OPT', 'url_rewrite_children'); define('REDIRECTOR_PROCESS_COUNT', '12 startup=8 idle=6 concurrency=0'); # redirector processes count will start with 8 do a max of 12 and idles at 6 (with v3.3+)
-
marcelloc any news ?
-
Access.log file still rise marchelloc can u check log rotation on squid3 ?
we are still looking your help. thank you.
-
Did you tried sarg instead of lightsquid?
You can disable log rotate on squid gui and enable it on sarg.
-
Did you tried sarg instead of lightsquid?
You can disable log rotate on squid gui and enable it on sarg.
many turkish ppl using lightsquid because we translated lightsquid from turkish language http://forum.pfsense.org/index.php/topic,62008.0.html
many ppl must use lightsquid can u check the problem for lightsquid package.
and i ll try it with sarg and inform you.
-
-
Do you have sarg reports created? On my machine it rotates successfully.
Remember to disable log rotating on squid and check sarg script on cron.
Did you tried to reinstall squid package to any other version?
What permissions do you have on squid logs and dir?
-
Do you have sarg reports created? On my machine it rotates successfully.
Remember to disable log rotating on squid and check sarg script on cron.
Did you tried to reinstall squid package to any other version?
What permissions do you have on squid logs and dir?
answer 1 =Do you have sarg reports created? = no i did 1 time using for force there are no auto created reports.
answer 2 =Remember to disable log rotating on squid and check sarg script on cron. = i did check in the screen shots.
answer 3 =Did you tried to reinstall squid package to any other version? =i ll try reinstall , not tryed another version.
answer 4 =What permissions do you have on squid logs and dir? = u see below/var/squid directory have 0775 chmod.
/var/squid/logs directory have 0777 chmod.
/var/squid/logs/access.log have 0640.
/var/squid/logs/cache.log have 0640.thank you.
![squid log rotate.jpg_thumb](/public/imported_attachments/1/squid log rotate.jpg_thumb)
![squid log rotate.jpg](/public/imported_attachments/1/squid log rotate.jpg) -
If sarg report was created by cron, then your cron is running.
When you run squid -k rotate by hand it works, so your squid is working.
If cron is running and squid is running, I have no idea why your logs are not rotating.
-
sarg not creating auto reports (this strange)
if im use command like screen shot sarg generating a report
and i ll use for squid rotation command squid -k rotate -f /usr/local/etc/squid/squid.conf (it is not working) there are no rotate logs (really this strange to)that is a my system log
Jun 25 00:00:14 squid[52049]: Squid Parent: child process 52389 started
Jun 25 00:00:03 php: : executing squid log rotate after sarg.
Jun 25 00:00:02 php: : Sarg: force refresh now with -ddate +%d/%m/%Y
-date +%d/%m/%Y
args, compress(on) and both action after sarg finish.wtf is that :)
update : (i ll check that command for ssh it shows )
[2.0.3-RELEASE][root@firewall.local]/root(3): /usr/bin/nice -n20 /usr/local/etc/rc.d/squidGuard_logrotate
tail: -: No such file or directory
tail: -: No such file or directory
tail: -: No such file or directory
tail: -: No such file or directory
tail: -: No such file or directory
tail: -: No such file or directory -
Are you sure your install is not corrupted?
It looks like tail is missing and cron is not running/working.
-
Are you sure your install is not corrupted?
It looks like tail is missing and cron is not running/working.
if cron is not works how to created that logs correct time ?
Jun 25 00:00:14 squid[52049]: Squid Parent: child process 52389 started
Jun 25 00:00:03 php: : executing squid log rotate after sarg.
Jun 25 00:00:02 php: : Sarg: force refresh now with -ddate +%d/%m/%Y
-date +%d/%m/%Y
args, compress(on) and both action after sarg finish. -
Where can I find the correct instructions on using squid 3 reverse proxy with HTTPS.
I been reading several forum entries and several seem to conflict. The situation is I have several HTTPS sites each with their own SSL certificate. Trying to find the best way to implement reverse proxy. Some forums seem to indicate that you can do it with one certificate and others say that you need an ssl certificate for each site. Tried a number of them and none seem to work.
I just want to know how to serve "easily" more than one 443 web site on more than one server using PFSense and Squid 3 reverse proxy for HTTPS. Is there an authoritative guide on this subject which gives step by step directions that actually works every time?
Thanks
cjb -
with one extenal ip and an wildcard ssl you can publish as many sites you need with the same domain.
with one external ip and more then one ssl, you may need one port for each site.
-
Hi,
I config reverse proxy to Exchange, but on RPC over HTTP service show MISS/401. If redirect 443 port to exchange didn't have error.
Result test in https://www.testexchangeconnectivity.com
Additional Details
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server 5a56cc6d-4eba-4f85-8b64-2e68abd4cbf7@domain.com.
The attempt to ping the endpoint failed.
Tell me more about this issue and how to resolve itAdditional Details
The RPC_E_ACCESS_DENIED error (0x5) was thrown by the RPC Runtime process. -
Can you try with squid3-dev fetching missing sasl libs.
Squid 3.1 does not has http 1.1 support but squid3.3 has.
-
One more certificate question. Is it possible to use a SAN certificate instead of a wildcard certificate for the reverse proxy?
Thanks,
grassu -
Marcelloc, I tryed use Squid3-dev, but had a problem to start squid.
pfSense php: /pkg_mgr_install.php: The command '/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '/libexec/ld-elf.so.1: Shared object "libgssapi.so.10" not found, required by "squid"'
-
marceloc,
Testei o Squid3-Dev, mas com ele ocorre um erro parecido.
Tentando realizar ping no ponto de extremidade RPC 6001 (Exchange Information Store) no servidor 5a56cc6d-4eba-4f85-8b64-2e68abd4cbf7@domain.com.
Falha ao tentar fazer ping no ponto de extremidade.Detalhes Adicionais
Erro RPC lançado pelo processo de Tempo de Execução RPC. Erro 1818 CallCancelledSe faço um NAT direto para o Exchange não ocorre erro.
Tentando realizar ping no ponto de extremidade RPC 6001 (Exchange Information Store) no servidor 5a56cc6d-4eba-4f85-8b64-2e68abd4cbf7@domain.com.
Êxito ao fazer ping no ponto de extremidade.Detalhes Adicionais
Status RPC Ok (0) retornado em 968 ms.No Log aparece isso.
10.07.2013 18:32:57 207.46.14.63 TCP_MISS_ABORTED/200 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5
10.07.2013 18:32:27 207.46.14.63 TCP_MISS/401 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5
10.07.2013 18:32:26 207.46.14.63 TCP_MISS/401 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5
10.07.2013 18:32:23 207.46.14.63 TCP_MISS/200 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5
10.07.2013 18:32:23 207.46.14.63 TCP_MISS/401 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5
10.07.2013 18:32:23 207.46.14.63 TCP_MISS/200 https://mail.domain.com/Rpc/RpcProxy.dll? - 10.1.0.5
10.07.2013 18:32:20 207.46.14.63 TCP_MISS/401 https://mail.domain.com/Rpc/RpcProxy.dll? - 10.1.0.5
10.07.2013 18:32:20 207.46.14.63 TCP_MISS/401 https://mail.domain.com/Rpc/RpcProxy.dll? - 10.1.0.5
10.07.2013 18:32:20 207.46.14.63 TCP_MISS/401 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5 -
Please upload the pbi first before updating the package information. :'(
Beginning package installation for squid3-dev . Downloading package configuration file... done. Saving updated package information... done. Downloading squid3-dev and its dependencies... Checking for package installation... Downloading http://files.pfsense.org/packages/amd64/8/All/squid-3.3.8-amd64.pbi ... could not download from there or http://files.pfsense.org/packages/amd64/8/All//squid-3.3.8-amd64.pbi. of squid-3.3.8-amd64 failed! Installation aborted.Backing up libraries... Removing package... Starting package deletion for squid-3.3.8-amd64...done. Removing squid3-dev components... Tabs items... done. Menu items... done. Services... done. Loading package instructions... Include file squid.inc could not be found for inclusion. Deinstall commands... Not executing custom deinstall hook because an include is missing. Removing package instructions...done. Auxiliary files... done. Package XML... done. Configuration... done. Cleaning up... done. Failed to install package. Installation halted.
-
Please upload the pbi first before updating the package information. :'(
Beginning package installation for squid3-dev . Downloading package configuration file... done. Saving updated package information... done. Downloading squid3-dev and its dependencies... Checking for package installation... Downloading http://files.pfsense.org/packages/amd64/8/All/squid-3.3.8-amd64.pbi ... could not download from there or http://files.pfsense.org/packages/amd64/8/All//squid-3.3.8-amd64.pbi. of squid-3.3.8-amd64 failed! Installation aborted.Backing up libraries... Removing package... Starting package deletion for squid-3.3.8-amd64...done. Removing squid3-dev components... Tabs items... done. Menu items... done. Services... done. Loading package instructions... Include file squid.inc could not be found for inclusion. Deinstall commands... Not executing custom deinstall hook because an include is missing. Removing package instructions...done. Auxiliary files... done. Package XML... done. Configuration... done. Cleaning up... done. Failed to install package. Installation halted.
getting something similar for the 32bit version.
Downloading http://files.pfsense.org/packages/8/All/squid-3.3.8.tbz … could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/squid-3.3.8.tbz.
of squid-3.3.8 failed! -
The PBI version(s) was/were fixed yesterday evening (for me), I'm now running 3.3.8.
-
Hi…I'm having the same problem with the latest Squid 3.3-Dev beta 3.3.8 pkg 2.1.2 . I've got a brand new 2.0.3-RELEASE (amd64) install and I get the following when I tried to install Squid yesterday like some of the other posters.
Beginning package installation for squid3-dev...
Downloading package configuration file... done.
Saving updated package information... done.
Downloading squid3-dev and its dependencies...
Checking for package installation...
Downloading http://files.pfsense.org/packages/amd64/8/All/squid-3.3.8.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/squid-3.3.8.tbz.
of squid-3.3.8 failed!Otherwise...love PFsense and a huge thank you to everyone who is working on this project!
-
Good day to all! Help please!
2.0.3-RELEASE (amd64)
built on Fri Apr 12 10:27:15 EDT 2013
FreeBSD 8.1-RELEASE-p13Squid3 and SquidGuard Installed. Everything works except for reverse proxy, if you turn off SquidGuard - revers proxy works fine, as soon as there is in the config Squid "redirect_program/usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf" reverse falls off. Squidguard finds sqerrore.php on the web server where was мapped reverse.
I'm sorry for my english. -
Can someone confirm if the 3.38.PBI is still broken / fixed?
Any special steps to take when installing not to break anything?
I see it in the Packages now in my PFSENSE GUI but hesitant to install.
Thanks!
-
Looks like still broken. Installed and it complains about some ClamV file missing but I do not have antivirus enabled.
- 12 days later
-
I have a pfSense 2.0.3 Box Squid3 + SquidGuard was worked nice,
i removed squid3 and installed squid3-dev from package menu i download those 6 lib file to /usr/local/lib it seems squid-dev is running since i dont have any error in system log and service status is running,But nothing can pass via pfsense i have set it up as default gateway in my workstations but not website can browse !
ping is passing without problem.i have this kind of error when trying ro restart the service or change configurations:
php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: ERROR: Could not send signal 15 to process 6614: (3) No such process'
- i didnt touch any routing,rule,nat setting they are all like default setting.
thanks