Squid

yuricolen
(usa Debian)

Enviado em 22/04/2016 - 16:58h

Olá!
estou estudando linux e to apanhando pra botar meu squid pra funcionar. Já revisei as configurações do meu squid.conf e nada. Já limpei o cache, dei permissão 777 pras pastas relacionadas ao squid, criei o usuário e o grupo squid. Este arquivo já está funcionando em outra máquina, mas na minha não da certo. Podem ajudar?

cache_effective_user squid

cache_effective_group squid



visible_hostname SRVDebian

#

# Recommended minimum configuration:

#



# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)

acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)

acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)

acl localhet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines

acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)

acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)

acl localnet src fc00::/7       	# RFC 4193 local private network range

acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines



acl SSL_ports port 443

acl SSL_ports port 9443



acl Safe_ports port 80		# http

acl Safe_ports port 81		# painel

acl Safe_ports port 8890	# F.Popular

acl Safe_ports port 9443	# F.Popular

acl Safe_ports port 82		# CobrancaWeb

acl Safe_ports port 21		# ftp

acl Safe_ports port 443		# https

acl Safe_ports port 70		# gopher

acl Safe_ports port 210		# wais

acl Safe_ports port 1025-65535	# unregistered ports

acl Safe_ports port 280		# http-mgmt

acl Safe_ports port 488		# gss-http

acl Safe_ports port 591		# filemaker

acl Safe_ports port 777		# multiling http

acl CONNECT method CONNECT



#

# Recommended minimum Access Permission configuration:

#

# Deny requests to certain unsafe ports

http_access deny !Safe_ports



# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports



# Only allow cachemgr access from localhost

http_access allow localhost manager

http_access deny manager



# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost



#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

acl ip_liberado src "/etc/squid3/var/ipsLiberados"

http_access allow ip_liberado





acl sitesLiberados url_regex -i "/etc/squid3/var/sitesLiberados"

http_access deny !sitesLiberados



http_reply_access allow  sitesLiberados localnet

http_access allow CONNECT sitesLiberados



# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost



# And finally deny all other access to this proxy

http_access deny all



# Squid normally listens to port 3128

http_port 192.168.248.165: 3128 transparent



# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /etc/squid3/var/cache/squid 100 16 256



# Leave coredumps in the first cache dir

coredump_dir /etc/squid3/var/cache/squid



#

# Add any of your own refresh_pattern entries above these.

#

refresh_pattern ^ftp:		1440	20%	10080

refresh_pattern ^gopher:	1440	0%	1440

refresh_pattern -i (/cgi-bin/|\?) 0	0%	0

refresh_pattern .		0	20%	4320



 

SarusKant
(usa CentOS)

Enviado em 24/04/2016 - 03:46h

Opa, poste aqui o conteúdo do log gerado pelo squid no qual detalha o erro.

No aguardo.
--
Bruno Thomaz

JJSantos
(usa Gentoo)

Enviado em 24/04/2016 - 19:08h

Fiz algumas modificações no seu arquivo, pois haviam algums erros!
Você criou esse squid.conf ou pegou em algum lugar da internet??

Para fins de estudo é sempre uma boa ideia comecar com arquivo básico.

cache_effective_user squid

cache_effective_group squid



visible_hostname SRVProxy

#

# Recommended minimum configuration:

#



# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)

acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)

acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)

acl localhet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines

acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)

acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)

acl localnet src fc00::/7       	# RFC 4193 local private network range

acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines



acl SSL_ports port 443

acl SSL_ports port 9443



acl Safe_ports port 80		# http

acl Safe_ports port 81		# painel

acl Safe_ports port 8890	# F.Popular

acl Safe_ports port 9443	# F.Popular

acl Safe_ports port 82		# CobrancaWeb

acl Safe_ports port 21		# ftp

acl Safe_ports port 443		# https

acl Safe_ports port 70		# gopher

acl Safe_ports port 210		# wais

acl Safe_ports port 1025-65535	# unregistered ports

acl Safe_ports port 280		# http-mgmt

acl Safe_ports port 488		# gss-http

acl Safe_ports port 591		# filemaker

acl Safe_ports port 777		# multiling http

acl CONNECT method CONNECT



#

# Recommended minimum Access Permission configuration:

#

# Deny requests to certain unsafe ports

http_access deny !Safe_ports



# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports



# Only allow cachemgr access from localhost

http_access allow localhost manager

http_access deny manager



# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost



#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

acl ip_liberado src "/etc/squid/ipsLiberados"

http_access allow ip_liberado





acl sitesLiberados url_regex -i "/etc/squid/sitesLiberados"

http_access deny !sitesLiberados



http_reply_access allow  sitesLiberados localnet

http_access allow CONNECT sitesLiberados



# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost



# And finally deny all other access to this proxy

http_access deny all



# Squid normally listens to port 3128

http_port 3128 intercept



# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /var/cache/squid/ 100 16 256



# Leave coredumps in the first cache dir

coredump_dir /var/cache/squid/



#

# Add any of your own refresh_pattern entries above these.

#

refresh_pattern ^ftp:		1440	20%	10080

refresh_pattern ^gopher:	1440	0%	1440

refresh_pattern -i (/cgi-bin/|\?) 0	0%	0

refresh_pattern .		0	20%	4320



 

[/quote]

jjsantos:/home/josue/Documentos # systemctl status squid.service

squid.service - Squid caching proxy

   Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled)

   Active: active (running) since Dom 2016-04-24 19:05:58 BRT; 3min 36s ago

  Process: 15576 ExecStart=/usr/sbin/squid -F $SQUID_START_OPTIONS -f /etc/squid/squid.conf (code=exited, status=0/SUCCESS)

  Process: 15570 ExecStartPre=/bin/sh -c test -d "`sed -n 's/^cache_dir \+[[:alnum:]]\+ \+\([[:graph:]\/]\+\) .*/\1/p' /etc/squid/squid.conf | sed '1 q'`/00" || /usr/sbin/squid -z -F -N -S -f /etc/squid/squid.conf (code=exited, status=0/SUCCESS)

 Main PID: 15581 (squid)

   CGroup: /system.slice/squid.service

           ├─15579 /usr/sbin/squid -F -sY -f /etc/squid/squid.conf

           ├─15581 (squid-1) -F -sY -f /etc/squid/squid.conf

           ├─15582 (logfile-daemon) /var/log/squid/access.log

           └─15583 (unlinkd)



Abr 24 19:05:58 jjsantos.workgroup squid[15581]: 0 Objects cancelled.

Abr 24 19:05:58 jjsantos.workgroup squid[15581]: 0 Duplicate URLs purged.

Abr 24 19:05:58 jjsantos.workgroup squid[15581]: 0 Swapfile clashes avoided.

Abr 24 19:05:58 jjsantos.workgroup squid[15581]: Took 0.11 seconds (  0.00 objects/sec).

Abr 24 19:05:58 jjsantos.workgroup squid[15581]: Beginning Validation Procedure

Abr 24 19:05:58 jjsantos.workgroup squid[15581]: Completed Validation Procedure

Abr 24 19:05:58 jjsantos.workgroup squid[15581]: Validated 0 Entries

Abr 24 19:05:58 jjsantos.workgroup squid[15581]: store_swap_size = 0.00 KB

Abr 24 19:05:58 jjsantos.workgroup squid[15581]: ERROR: No forward-proxy ports configured.

Abr 24 19:05:58 jjsantos.workgroup squid[15581]: storeLateRelease: released 0 objects

jjsantos:/home/josue/Documentos # 

 

JJSantos
(usa Gentoo)

Enviado em 24/04/2016 - 19:11h

Fica a vontade para alterar ai.

Até.

yuricolen
(usa Debian)

Enviado em 03/05/2016 - 10:52h

Este squid.conf eu peguei pronto em um servidor que já está funcionando, só precisei alterar os diretórios, pois o que está lá foi compilado.
Vou estudar mais, pois o problema deve estar na minha VM, já que a configuração do squid já está em uso em outro servidor e funcionando normalmente.

Yuri Martins Colen

JJSantos
(usa Gentoo)

Enviado em 05/05/2016 - 22:55h

Verifique as versões, certamente são diferentes.