Squid

ScooterB · 11-02-2004, 09:52 AM

Hello all, I am trying to get my squid up and running. I have done a basic configuration file and it is working. I only have one machine configured to use it right now because of testing. I would like to access the info from Webmin and look at the cache there. I am trying to access the cache manager part and it keeps asking me for a Managers name and password. I don't remember doing this during the setup part. I feel comfortable with the CLI so that isn't a problem. I have tried going through the O'Reilly manual to see where you set this up and it does mention it, but I guess I am too stupid to figure it out. Any help would be appreciated. TIA!!!

jeremy · 11-02-2004, 10:41 AM

Do you have any "acl manager" lines in your squid.conf? By default you should be able to just hit submit with no login info, as long as your web server is on the same machine as squid.

--jeremy

ScooterB · 11-02-2004, 12:51 PM

I haven't tried that. Dooh! To answer your question; yes. I accepted all the defaults and added one to allow my local network access. I'll try just hitting enter and then repost. Thanks for the help!

ScooterB · 11-02-2004, 01:28 PM

I left everything like the default page (no manager user name and no password entered) and hit enter, It came back saying that the connection was refused (#111). Any ideas? Thanks

jeremy · 11-02-2004, 01:50 PM

What was logged in cache.log? Can you post the pertinent parts of your squid.conf?

--jeremy

ScooterB · 11-02-2004, 01:58 PM

That's such a large file. I am new at this so I don't really know which parts would be pertinent. Can you tell me which parts you would like to see? Thanks!!

jeremy · 11-02-2004, 02:00 PM

For squid.conf, only the lines that don't start with # are processed (you shouldn't have many of them). For cache.log I only need the couple lines that are around the time you got the error message.

--jeremy

ScooterB · 11-02-2004, 02:03 PM

Okay. Stand by just a bit and I'll get those and repost.

ScooterB · 11-02-2004, 02:27 PM

From my squid.conf:

http_port 192.168.10.4:3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
memory_replacement_policy lru
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
log_ip_on_direct on
mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
dns_retransmit_interval 5 seconds
dns_timeout 5 minutes
redirect_children 5
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
connect_timeout 2 minutes
peer_connect_timeout 30 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
acl locallan src 192.168.247.2-192.168.247.50/255.255.255.192
acl all src 0.0.0.0/0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl manager_localhost proto http cache_object
# Only allow cachemgr access from localhost
http_access allow all
http_access allow manager_localhost
http_access allow locallan
# Deny requests to unknown ports
http_access deny manager
# Deny CONNECT to other than SSL ports
http_access deny !Safe_ports
http_access deny to_localhost
http_access allow 192.168.247.0/24
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_reply_access allow all
icp_access allow all
cache_mgr root
cache_effective_user squid
cache_effective_group squid
dns_testnames netscape.com internic.net nlanr.net microsoft.com
logfile_rotate 10
coredump_dir /var/spool/squid

That's all there. If I didn't screw up the copy/paste, that's the order that there in. Now for the cache.log:

[root@localhost squid]# tail -f /var/log/squid/cache.log
2004/11/02 13:55:31| 0 Objects expired.
2004/11/02 13:55:31| 0 Objects cancelled.
2004/11/02 13:55:31| 0 Duplicate URLs purged.
2004/11/02 13:55:31| 0 Swapfile clashes avoided.
2004/11/02 13:55:31| Took 5.3 seconds ( 30.9 objects/sec).
2004/11/02 13:55:31| Beginning Validation Procedure
2004/11/02 13:55:31| Completed Validation Procedure
2004/11/02 13:55:31| Validated 164 Entries
2004/11/02 13:55:31| store_swap_size = 1208k
2004/11/02 13:55:33| storeLateRelease: released 0 objects

That's all that showed. It doesn't even sem as though it's logging the failed attempt. I hope this helps! Thanks again.

jeremy · 11-02-2004, 03:47 PM

For now, take out the "cache_mgr root" line. Also, the manager acl line should be:
http_access allow manager localhost

--jeremy

ScooterB · 11-03-2004, 07:26 AM

I made the changes you recommended. Still no luck. Is there something else I have to do to allow Webmin to access the files? Maybe something else in the ACL's or Proxy Restrictions? Thanks for your help!

jeremy · 11-03-2004, 08:36 AM

Sorry, I misread the first post. I thought you wanted to use Squid's web-based "cache manager". I have *no* idea how to get webmin working. I tend to hate apps like that... Hopefully someone else has used webmin+squid and knows the problem.

--jeremy

ScooterB · 11-03-2004, 08:45 AM

I really appreciate your help. I was looking in the squid manual and I think that webmin pulls up the same cgi page as if you were doing from Mozilla. So I will continue searching.

P.S. I don't really care for most of these apps either, but when you are first getting started with a new app it does provide some quick insite into what you are dealing with. I like to start there and then expand into using the CLI as I get more comfortable with the syntax for that app. I do appreciate your help though. I know you have alot to do with keeping this site going. And I might add that this site is the BEST and I really appreciate your efforts. Good Job!

jeremy · 11-03-2004, 10:27 AM

The cgi based manager that comes with squid isn't all that bad. Have you tried to get that to work? If nothing else, it may at least provide some indication in the logs as to where things are failing.

--jeremy

ScooterB · 11-03-2004, 11:08 AM

Not yet. I haven't made it that far into the O'Reilly book on how to access the different pages and so forth. Is there some basic syntax you have that would work? I assume (that usually means trouble) that youi would simply open up mozilla and type in the IP address and then the page you need. Correct? How do you get the list of pages, etc... Thanks again for your help!