Squid

1. Squid

Yuri Martins Colen
yuricolen

(usa Debian)

Enviado em 22/04/2016 - 16:58h

Olá!
estou estudando linux e to apanhando pra botar meu squid pra funcionar. Já revisei as configurações do meu squid.conf e nada. Já limpei o cache, dei permissão 777 pras pastas relacionadas ao squid, criei o usuário e o grupo squid. Este arquivo já está funcionando em outra máquina, mas na minha não da certo. Podem ajudar?


cache_effective_user squid
cache_effective_group squid

visible_hostname SRVDebian
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localhet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl SSL_ports port 9443

acl Safe_ports port 80 # http
acl Safe_ports port 81 # painel
acl Safe_ports port 8890 # F.Popular
acl Safe_ports port 9443 # F.Popular
acl Safe_ports port 82 # CobrancaWeb
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
acl ip_liberado src "/etc/squid3/var/ipsLiberados"
http_access allow ip_liberado


acl sitesLiberados url_regex -i "/etc/squid3/var/sitesLiberados"
http_access deny !sitesLiberados

http_reply_access allow sitesLiberados localnet
http_access allow CONNECT sitesLiberados

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 192.168.248.165: 3128 transparent

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /etc/squid3/var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /etc/squid3/var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320




  


2. Re: Squid

Bruno Thomaz
SarusKant

(usa CentOS)

Enviado em 24/04/2016 - 03:46h

Opa, poste aqui o conteúdo do log gerado pelo squid no qual detalha o erro.

No aguardo.
--
Bruno Thomaz


3. Re: Squid

Josue de Jesus Santos
JJSantos

(usa Gentoo)

Enviado em 24/04/2016 - 19:08h

Fiz algumas modificações no seu arquivo, pois haviam algums erros!
Você criou esse squid.conf ou pegou em algum lugar da internet??

Para fins de estudo é sempre uma boa ideia comecar com arquivo básico.


cache_effective_user squid
cache_effective_group squid

visible_hostname SRVProxy
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localhet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl SSL_ports port 9443

acl Safe_ports port 80 # http
acl Safe_ports port 81 # painel
acl Safe_ports port 8890 # F.Popular
acl Safe_ports port 9443 # F.Popular
acl Safe_ports port 82 # CobrancaWeb
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
acl ip_liberado src "/etc/squid/ipsLiberados"
http_access allow ip_liberado


acl sitesLiberados url_regex -i "/etc/squid/sitesLiberados"
http_access deny !sitesLiberados

http_reply_access allow sitesLiberados localnet
http_access allow CONNECT sitesLiberados

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128 intercept

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/cache/squid/ 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid/

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

[/quote]


jjsantos:/home/josue/Documentos # systemctl status squid.service
squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled)
Active: active (running) since Dom 2016-04-24 19:05:58 BRT; 3min 36s ago
Process: 15576 ExecStart=/usr/sbin/squid -F $SQUID_START_OPTIONS -f /etc/squid/squid.conf (code=exited, status=0/SUCCESS)
Process: 15570 ExecStartPre=/bin/sh -c test -d "`sed -n 's/^cache_dir \+[[:alnum:]]\+ \+\([[:graph:]\/]\+\) .*/\1/p' /etc/squid/squid.conf | sed '1 q'`/00" || /usr/sbin/squid -z -F -N -S -f /etc/squid/squid.conf (code=exited, status=0/SUCCESS)
Main PID: 15581 (squid)
CGroup: /system.slice/squid.service
├─15579 /usr/sbin/squid -F -sY -f /etc/squid/squid.conf
├─15581 (squid-1) -F -sY -f /etc/squid/squid.conf
├─15582 (logfile-daemon) /var/log/squid/access.log
└─15583 (unlinkd)

Abr 24 19:05:58 jjsantos.workgroup squid[15581]: 0 Objects cancelled.
Abr 24 19:05:58 jjsantos.workgroup squid[15581]: 0 Duplicate URLs purged.
Abr 24 19:05:58 jjsantos.workgroup squid[15581]: 0 Swapfile clashes avoided.
Abr 24 19:05:58 jjsantos.workgroup squid[15581]: Took 0.11 seconds ( 0.00 objects/sec).
Abr 24 19:05:58 jjsantos.workgroup squid[15581]: Beginning Validation Procedure
Abr 24 19:05:58 jjsantos.workgroup squid[15581]: Completed Validation Procedure
Abr 24 19:05:58 jjsantos.workgroup squid[15581]: Validated 0 Entries
Abr 24 19:05:58 jjsantos.workgroup squid[15581]: store_swap_size = 0.00 KB
Abr 24 19:05:58 jjsantos.workgroup squid[15581]: ERROR: No forward-proxy ports configured.
Abr 24 19:05:58 jjsantos.workgroup squid[15581]: storeLateRelease: released 0 objects
jjsantos:/home/josue/Documentos #



4. Re: Squid

Josue de Jesus Santos
JJSantos

(usa Gentoo)

Enviado em 24/04/2016 - 19:11h

Fica a vontade para alterar ai.

Até.


5. squid.conf

Yuri Martins Colen
yuricolen

(usa Debian)

Enviado em 03/05/2016 - 10:52h

Este squid.conf eu peguei pronto em um servidor que já está funcionando, só precisei alterar os diretórios, pois o que está lá foi compilado.
Vou estudar mais, pois o problema deve estar na minha VM, já que a configuração do squid já está em uso em outro servidor e funcionando normalmente.

Yuri Martins Colen


6. Re: Squid

Josue de Jesus Santos
JJSantos

(usa Gentoo)

Enviado em 05/05/2016 - 22:55h

yuricolen escreveu:

Este squid.conf eu peguei pronto em um servidor que já está funcionando, só precisei alterar os diretórios, pois o que está lá foi compilado.
Vou estudar mais, pois o problema deve estar na minha VM, já que a configuração do squid já está em uso em outro servidor e funcionando normalmente.

Yuri Martins Colen


Verifique as versões, certamente são diferentes.







Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts