I posted this message to the list a few days ago but haven't received any responses yet. I am hoping someone might be able to provide some insight on what is going on.
I have been trying to get Squid 3.5.2 to work with the Smoothwall Express 3.1 Linux firewall distribution. Specifically, I have modified the Squid version included with Smoothwall Express 3.1 to enable HTTPS caching. I have had this working successfully up to Squid version 3.4.10. Now with trying to upgrade to Squid 3.5.2 I am having problems that I didn't encounter with prior versions of Squid. The first issue I had, which is now resolved, was improper permissions of the shm folder (in SWE found in /dev/shm). Changing the folder permissions to Squid user and group allowed Squid 3.5.2 to start. However, now it will only start with an empty cache directory. Once it starts with an empty cache directory, it seems to function correctly as far as caching SSL encrypted web pages. However, if Squid needs to be restarted for any reason, it will not restart until the cache directory (/var/spool/squid/cache) is emptied. The error I am getting when trying to start Squid 3.5.2 without an empty cache is *2015/03/14 00:29:47 kid1| Current Directory is /* *2015/03/14 00:29:47 kid1| Starting Squid Cache version 3.5.2 for i586-pc-linux-gnu...* *2015/03/14 00:29:47 kid1| Service Name: squid* *2015/03/14 00:29:47 kid1| Process ID 7261* *2015/03/14 00:29:47 kid1| Process Roles: worker* *2015/03/14 00:29:47 kid1| With 1024 file descriptors available* *2015/03/14 00:29:47 kid1| Initializing IP Cache...* *2015/03/14 00:29:47 kid1| DNS Socket created at 0.0.0.0, FD 8* *2015/03/14 00:29:47 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf* *2015/03/14 00:29:47 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes* *FATAL: Ipc::Mem::Segment::open failed to shm_open(/squid-ssl_session_cache.shm): (2) No such file or directory* *Squid Cache (Version 3.5.2): Terminated abnormally.* *CPU Usage: 0.027 seconds = 0.020 user + 0.007 sys* *Maximum Resident Size: 26752 KB* *Page faults with physical i/o: 0* *2015/03/14 00:29:47.830 kid1| Acl.cc(380) ~ACL: freeing ACL * What is the "squid-ssl_session_cache". Am I supposed to define that somewhere in the Squid configuration? Is that why I am getting that error message because an ssl_session_cache is not defined somewhere? This is my squid.conf file with SSL caching using ssl-bump enabled. *visible_hostname smoothwall* *# Uncomment the following to send debug info to /var/log/squid/cache.log* *debug_options ALL,1 33,2 28,9* *# ACCESS CONTROLS* *# ----------------------------------------------------------------* *acl localhostgreen src 192.168.100.1* *acl localnetgreen src 192.168.100.0/24 <http://192.168.100.0/24>* *acl SSL_ports port 445 443 441 563* *acl Safe_ports port 80 # http* *acl Safe_ports port 81 # smoothwall http* *acl Safe_ports port 21 # ftp * *acl Safe_ports port 445 443 441 563 # https, snews* *acl Safe_ports port 70 # gopher* *acl Safe_ports port 210 # wais * *acl Safe_ports port 1025-65535 # unregistered ports* *acl Safe_ports port 280 # http-mgmt* *acl Safe_ports port 488 # gss-http * *acl Safe_ports port 591 # filemaker* *acl Safe_ports port 777 # multiling http* *acl CONNECT method CONNECT* *# TAG: http_access* *# ----------------------------------------------------------------* *http_access deny !Safe_ports* *http_access deny CONNECT !SSL_ports* *http_access allow localnetgreen* *http_access allow CONNECT localnetgreen* *http_access allow localhostgreen* *http_access allow CONNECT localhostgreen* *# http_port and https_port* *#----------------------------------------------------------------------------* *# A random port for forward-proxy port needed for SSL* *http_port 8081* *http_port 192.168.100.1:800 <http://192.168.100.1:800/> intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem* *https_port 192.168.100.1:808 <http://192.168.100.1:808/> intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem* *sslproxy_cert_error allow all* *sslproxy_flags DONT_VERIFY_PEER* *ssl_bump server-first all* *ssl_bump none localhostgreen* *sslcrtd_program /var/smoothwall/mods/proxy/libexec/ssl_crtd -s /var/smoothwall/mods/proxy/lib/ssl_db -M 4MB* *sslcrtd_children 5* *sslproxy_session_cache_size 4 MB* *http_access deny all* *cache_replacement_policy heap GDSF* *memory_replacement_policy heap GDSF* *# CACHE OPTIONS* *# ----------------------------------------------------------------------------* *cache_effective_user squid* *cache_effective_group squid* *cache_swap_high 100* *cache_swap_low 80* *cache_mem 8 MB* *maximum_object_size_in_memory 512 KB* *cache_access_log /var/log/squid/access.log* *cache_log /var/log/squid/cache.log* *cache_store_log none* *error_directory /usr/share/errors/en-us* *log_mime_hdrs off* *cache_dir diskd /var/spool/squid/cache 1024 16 256 Q1=64 Q2=72* *request_header_access Content-Type allow all* *request_header_access Date allow all* *request_header_access Host allow all* *request_header_access If-Modified-Since allow all* *request_header_access Pragma allow all* *request_header_access Accept allow all* *request_header_access Accept-Charset allow all* *request_header_access Accept-Encoding allow all* *request_header_access Accept-Language allow all* *request_header_access Connection allow all* *request_header_access All allow all* *maximum_object_size 33 MB* *minimum_object_size 0 KB* *request_body_max_size 0 KB* *# OTHER OPTIONS* *# ----------------------------------------------------------------------------* *forwarded_for off* *pid_filename /var/run/squid.pid* *shutdown_lifetime 3 seconds* *icp_port 3130* *half_closed_clients off* *umask 022* *logfile_rotate 0* *strip_query_terms off* Any help would be greatly appresciated. Stan
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
