Re: [squid-users] squid with Java Problem - Idrac 6 Hp servers

[Matus UHLAR - fantomas]

On 14/11/19 6:09 pm, --Ahmad-- wrote:





Here is Java Error log :

...


java.net.ConnectException: Operation timed out (Connection timed out)
at java.net.PlainSocketImpl.socketConnect(Native Method)


On 14.11.19 20:49, Amos Jeffries wrote:

I suggest solving that problem. It does not seem related to Squid.


either the javaws does not have proxy set, or the iDrac6 HP 
(are you sure it's idrac HP? idrac is the DELL And HP is not dell, HPs have

ILO) does not support proxy.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid with Java Problem - Idrac 6 Hp servers

[Amos Jeffries]

On 14/11/19 6:09 pm, --Ahmad-- wrote:
> Hi Matus ,
> 
> 
> Here is Log file squid , there is no Denied At all !
> 
> 
> 1573682647.451      0 213.133.221.224 NONE/000 0 NONE
> error:transaction-end-before-headers - HIER_NONE/- -

These are the client connecting, doing nothing. Then closing the connection.

No Squid problem visible. Whatever is going wrong is in the client
software. We see these a lot with "Happy Eyeballs" connections, so maybe
no problem at all there.


> 1573682651.117    952 213.133.221.224 TCP_TUNNEL/200 2690 CONNECT
> 10.0.10.22:443 - HIER_DIRECT/10.0.10.22 -

These are the client opening a tunnel to the origin server 10.0.10.22.
Which is successful and transfers some data around.

No Squid problem there either. Whatever is going wrong is in either the
client or server software - they are communicating directly with each
other over that tunnel.


> 
> 
> 
> 
> Here is Java Error log :
...
> 
> java.net.ConnectException: Operation timed out (Connection timed out)
> at java.net.PlainSocketImpl.socketConnect(Native Method)

I suggest solving that problem. It does not seem related to Squid.


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Automate SSL Certificate - Reverse Squid Proxy - vyas

[Vayalpadu, Vedavyas]

Hi Guys,

I have a reverse proxy squid server, where we are maintaining SSL certificates 
for the webshop applications, I wanted to know if there is any mechanism to,


  1.  Alert our UNIX team with a mail before 30 days of expiry.


  1.  Automate the certificate renewal,


Any suggestions are welcome.



VYAS  (Vedavyas Vayalpadu)
IT Operations Specialist - UNIX-IBM-AIX
vedavyas.vayalp...@accenture.com
+91-7032906468




This message is for the designated recipient only and may contain privileged, 
proprietary, or otherwise confidential information. If you have received it in 
error, please notify the sender immediately and delete the original. Any other 
use of the e-mail by you is prohibited. Where allowed by local law, electronic 
communications with Accenture and its affiliates, including e-mail and instant 
messaging (including content), may be scanned by our systems for the purposes 
of information security and assessment of internal compliance with Accenture 
policy. Your privacy is important to us. Accenture uses your personal data only 
in compliance with data protection laws. For further information on how 
Accenture processes your personal data, please see our privacy statement at 
https://www.accenture.com/us-en/privacy-policy.
__

www.accenture.com
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid with Java Problem - Idrac 6 Hp servers

[--Ahmad--]

Hi Matus ,


Here is Log file squid , there is no Denied At all !


1573682647.451  0 213.133.221.224 NONE/000 0 NONE 
error:transaction-end-before-headers - HIER_NONE/- -
1573682647.455  0 213.133.221.224 NONE/000 0 NONE 
error:transaction-end-before-headers - HIER_NONE/- -
1573682647.455  0 213.133.221.224 NONE/000 0 NONE 
error:transaction-end-before-headers - HIER_NONE/- -
1573682647.456  0 213.133.221.224 NONE/000 0 NONE 
error:transaction-end-before-headers - HIER_NONE/- -
1573682651.117952 213.133.221.224 TCP_TUNNEL/200 2690 CONNECT 
10.0.10.22:443 - HIER_DIRECT/10.0.10.22 -
1573682651.365   1200 213.133.221.224 TCP_TUNNEL/200 20663 CONNECT 
10.0.10.22:443 - HIER_DIRECT/10.0.10.22 -
1573682651.414   1246 213.133.221.224 TCP_TUNNEL/200 11190 CONNECT 
10.0.10.22:443 - HIER_DIRECT/10.0.10.22 -
1573682652.490   2935 213.133.221.224 TCP_TUNNEL/200 41968 CONNECT 
10.0.10.22:443 - HIER_DIRECT/10.0.10.22 -
1573682657.175  0 213.133.221.224 NONE/000 0 NONE 
error:transaction-end-before-headers - HIER_NONE/- -
1573682661.827   8037 213.133.221.224 TCP_TUNNEL/200 63802 CONNECT 
10.0.10.22:443 - HIER_DIRECT/10.0.10.22 -
1573682701.740  60994 213.133.221.224 TCP_TUNNEL/200 3680 CONNECT 
incoming.telemetry.mozilla.org:443 - HIER_DIRECT/52.35.171.123 -
1573682713.170  72358 213.133.221.224 TCP_TUNNEL/200 110961 CONNECT 
10.0.10.22:443 - HIER_DIRECT/10.0.10.22 -
1573682714.170  62607 213.133.221.224 TCP_TUNNEL/200 1340 CONNECT 
10.0.10.22:443 - HIER_DIRECT/10.0.10.22 -
1573682723.173  73017 213.133.221.224 TCP_TUNNEL/200 71908 CONNECT 
10.0.10.22:443 - HIER_DIRECT/10.0.10.22 -





Here is Java Error log :


https://10.0.10.22:443; spec="1.0+">

  iDRAC6 Virtual Console Client
  Dell Inc.
   https://10.0.10.22:443/images/logo.gif; kind="splash"/>
   
 
 
   ip=10.0.10.22
   vmprivilege=true
   helpurl=https://10.0.10.22:443/help/contents.html
   title=idrac-20RDVR1%2C+PowerEdge+R610%2C+User%3Aroot
   user=35005211
   passwd=521595368
   kmport=5900
   vport=5900
   apcp=1
   version=2
 
 
   
 
 
   
   https://10.0.10.22:443/software/avctKVM.jar; download="eager" 
main="true" />
 
 
   https://10.0.10.22:443/software/avctKVMIOWin32.jar; 
download="eager"/>
   https://10.0.10.22:443/software/avctVMWin32.jar; 
download="eager"/>
 
 
   https://10.0.10.22:443/software/avctKVMIOWin64.jar; 
download="eager"/>
   https://10.0.10.22:443/software/avctVMWin64.jar; 
download="eager"/>
 
 
   https://10.0.10.22:443/software/avctKVMIOWin64.jar; 
download="eager"/>
   https://10.0.10.22:443/software/avctVMWin64.jar; 
download="eager"/>
 
  
https://10.0.10.22:443/software/avctKVMIOLinux32.jar; 
download="eager"/>
   https://10.0.10.22:443/software/avctVMLinux32.jar; 
download="eager"/>
  
  
https://10.0.10.22:443/software/avctKVMIOLinux32.jar; 
download="eager"/>
   https://10.0.10.22:443/software/avctVMLinux32.jar; 
download="eager"/>
  
  
https://10.0.10.22:443/software/avctKVMIOLinux32.jar; 
download="eager"/>
   https://10.0.10.22:443/software/avctVMLinux32.jar; 
download="eager"/>
  
  
https://10.0.10.22:443/software/avctKVMIOLinux32.jar; 
download="eager"/>
   https://10.0.10.22:443/software/avctVMLinux32.jar; 
download="eager"/>
  
  
https://10.0.10.22:443/software/avctKVMIOLinux64.jar; 
download="eager"/>
   https://10.0.10.22:443/software/avctVMLinux64.jar; 
download="eager"/>
  
  
https://10.0.10.22:443/software/avctKVMIOLinux64.jar; 
download="eager"/>
   https://10.0.10.22:443/software/avctVMLinux64.jar; 
download="eager"/>
  
  
https://10.0.10.22:443/software/avctKVMIOMac64.jar; 
download="eager"/>
   https://10.0.10.22:443/software/avctVMMac64.jar; 
download="eager"/>
  





java.net.ConnectException: Operation timed out (Connection timed out)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at 
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at 
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at 
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666)
at 
sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)
at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:264)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at 

Re: [squid-users] squid with Java Problem - Idrac 6 Hp servers

[Matus UHLAR - fantomas]

On 12.11.19 16:20, --Ahmad-- wrote:

i have HP server which access it over IDRAC https and need java support .


you don't need java support. Apparently your java needs to be configured
with proxy. And maybe the proxy needs to allow access to idrac ports.
for that you must have rejection in proxy logs.


i have proxy in same lan .
proxy ip is 10.0.0.200
ip of Idrac is 10.0.0.70


i can’t access Console of Idrac using squid , that’d what i need to do  .

i need to be ale to access server Console “ which need java” too .

so not sure if its possible or not .

again its over https so i believe its listed already in squid safe ports

let me know your thoughts .

Kind regards




On Nov 10, 2019, at 10:55 PM, Matus UHLAR - fantomas  wrote:

listed in ssl_ports probably.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] After enabling IPv6 squid no longer responds

[James Moe]

Hello,
  squid v4.8

  I have started transitioning our local network to IPv6.
  After adding v6 addresses to the server and hosts, and enabling an RA, squid
no longer delivers anything from its cache, or is exceedingly slow about it.
  I have reviewed the wiki. The one section that discusses this issue has a
solution only for v3.1 or earlier. Does it also apply to later versions?
  What am I missing?

[ squid.conf ]
# acl manager url_regex -i ^cache_object:// /squid-internal-mgr/
acl manager_admin src 192.168.69.115
#
# acl localnet src fc00::/7
# acl localnet src fe80::/10
#
# https, cups
acl SSL_ports port 443
acl SSL_ports port 631
#
# Jumpline cPanel ports
acl SSL_ports port 2083
acl SSL_ports port 2096
#
# sma-nas-02, cgatePro, webadmin
acl SSL_ports port 5000
acl SSL_ports port 5001
acl SSL_ports port 9010
acl SSL_ports port 9100
acl SSL_ports port 1
#
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 563
acl Safe_ports port 631
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 9100
#
acl CONNECT method CONNECT
acl localnet src 192.168.69.0/24
acl localnet src fd2f:4760:521f:3f3c::0/64

access_log /data01/var/log/squid/access.log
#
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager_admin
http_access allow manager localhost
http_access deny manager
http_access allow localnet
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
# cache_dir ufs /var/cache/squid 100 16 256
cache_dir ufs /data01/var/cache/squid 51200 16 256
maximum_object_size 9 KB
cache_mem 256 MB

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i  (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320

cache_log /data01/var/log/squid/cache.log
cache_mgr ji...@sohnen-moe.com
cache_replacement_policy lru
cache_store_log /data01/var/log/squid/store.log
cache_swap_high 95
cache_swap_low 90
client_lifetime 1 days
connect_timeout 2 minutes

logfile_rotate 0

error_directory /usr/share/squid/errors/en

ftp_passive on
memory_replacement_policy lru
minimum_object_size 0 KB
[ end ]

-- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.



signature.asc
Description: OpenPGP digital signature
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid with Java Problem - Idrac 6 Hp servers

[--Ahmad--]

Hi ,

i have HP server which access it over IDRAC https and need java support .

i have proxy in same lan .
proxy ip is 10.0.0.200
ip of Idrac is 10.0.0.70 


i can’t access Console of Idrac using squid , that’d what i need to do  .

i need to be ale to access server Console “ which need java” too .

so not sure if its possible or not .

again its over https so i believe its listed already in squid safe ports 

let me know your thoughts .

Kind regards 



> On Nov 10, 2019, at 10:55 PM, Matus UHLAR - fantomas  
> wrote:
> 
> listed in ssl_ports probably.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Ubuntu 18 LTS repository for Squid 4.9 (rebuilt with sslbump support from sources in Debian unstable)

[Rafael Akchurin]

Greeting all,

The online repository with latest Squid 4.9 (rebuilt from Debian unstable with 
sslbump support) for Ubuntu 18 LTS 64-bit is available at squid49.diladele.com.
Github repo at https://github.com/diladele/squid-ubuntu contains the scripts we 
used to make this compilation.
Scripts for Ubuntu 16 are also available in that repo.

Hope you will find this helpful. Note that older repo of squid48.diladele.com 
will be taken down in 1 year.

Best regards,
Rafael Akchurin
Diladele B.V.

P.S. Here are simple instructions how to use the repo. For more information see 
readme at https://github.com/diladele/squid-ubuntu .

# add diladele apt key
wget -qO - http://packages.diladele.com/diladele_pub.asc | sudo apt-key add -

# add repo
echo "deb http://squid49.diladele.com/ubuntu/ bionic main" > 
/etc/apt/sources.list.d/squid49.diladele.com.list

# update the apt cache
apt-get update

# install
apt-get install squid-common
apt-get install squid
apt-get install squidclient



--
Please take a look at another our project - DNS Safety filtering server.  Sort 
of Web Safety implemented as DNS Server. Might be interesting in deployments 
where HTTPS decryption is not possible.
https://dnssafety.io/


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid crash - 3.5.21

[Alex Rousskov]

FTR: hindsight1 runs v4.8 despite the email subject saying "3.5.21".


On 11/11/19 9:34 PM, hindsight1 wrote:

> thank you for your reply

Thank you for detailing the problem. The best place to discuss these
low-level details is Squid Bugzilla. I suggest that you open a new bug
report there. If you want to continue here, then the primary remaining
question for me is _why_ theLevels array elements are misaligned in your
tests:

* theLevels[0]: The segments are allocated on page-boundaries so the
first level element (i.e. level[0]) should be properly aligned. I
believe your stack trace shows that this zero-offset access is misaligned.

* theLevels[n+1]: The levels array is declared using regular C++
constructs, without any casting, so subsequent elements should be
aligned properly if the first element is aligned properly.

So where does this misalignment originate from? Properly addressing this
bug probably requires answering this question.


Please note that there are GCC v4 bugs that might be relevant here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62259
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65147

What is your compiler? Does building with GCC v5.1 fix the problem?


BTW, there is a potentially useful alignas() workaround/trick shown at
https://stackoverflow.com/questions/26703297/alignment-of-atomic-variables



Thank you,

Alex.


> Sorry for my English，First of all，
>> I am not sure whether "it" in your sentence refers to gdb or Squid, but
>> if Squid dereferences an unaligned data field in shared memory, then it
>> is most likely a Squid bug.
> 
> "it" is refers to Squid.
> 
> i want to Explain my problem again 
> 
> 
> I run Squid4.8 using SMP mode on the Arm64 platform. When setting some
> worker numbers, for example 4 or 7,9 the same error Received Bus
> Error...dying appears in the log.
> Using gdb debugging, I found an error when accessing theLevels variable in
> the Ipc::Mem::PagePool::level function, due to the non-aligned address
> access caused by the atomic operation load.
> Here is stacktrace:
> 
> #0  0x9c945228 in raise () from /lib64/libc.so.6
> #1  0x9c9468a0 in abort () from /lib64/libc.so.6
> #2  0x007c6238 in death (sig=7) at tools.cc:359
> #3  
> #4  0x007c50a4 in std::__atomic_base::load
> (this=0xfff9d9d40cec, __m=std::memory_order_seq_cst) at
> /usr/include/c++/4.8.2/bits/atomic_base.h:496
> #5  0x007c4344 in std::__atomic_base::operator
> unsigned long (this=0xfff9d9d40cec) at
> /usr/include/c++/4.8.2/bits/atomic_base.h:367
> #6  0x00937f2c in Ipc::Mem::PagePool::level (this=0xde9150,
> purpose=0) at mem/PagePool.cc:46
> #7  0x00934ae8 in Ipc::Mem::PageLevel (purpose=0) at mem/Pages.cc:88
> #8  0x007c3db0 in Ipc::Mem::PagesAvailable (purpose=0) at
> ipc/mem/Pages.h:51
> #9  0x009342a4 in Ipc::Mem::GetPage
> (purpose=Ipc::Mem::PageId::cachePage, page=...) at mem/Pages.cc:36
> #10 0x007c241c in MemStore::reserveSapForWriting (this=0x10e3bb0,
> page=...) at MemStore.cc:778
> #11 0x007c1c18 in MemStore::nextAppendableSlice (this=0x10e3bb0,
> fileNo=513735, sliceOffset=@0x10e3bd8: -1) at MemStore.cc:731
> #12 0x007c145c in MemStore::copyToShm (this=0x10e3bb0, e=...) at
> MemStore.cc:682
> #13 0x007c2cdc in MemStore::write (this=0x10e3bb0, e=...) at
> MemStore.cc:856
> #14 0x009f9838 in Store::Controller::memoryOut (this=0xdd2e20,
> e=..., preserveSwappable=true) at Controller.cc:550
> #15 0x007b50e8 in StoreEntry::swapOut (this=0x125e4e0) at
> store_swapout.cc:175
> #16 0x007af4a4 in StoreEntry::invokeHandlers (this=0x125e4e0) at
> store_client.cc:720
> #17 0x007a650c in StoreEntry::flush (this=0x125e4e0) at
> store.cc:1674
> #18 0x007a6dcc in StoreEntry::startWriting (this=0x125e4e0) at
> store.cc:1844
> #19 0x0083b7e8 in Client::setFinalReply (this=0x1275b18,
> rep=0x12b36c0) at Client.cc:164
> #20 0x008401bc in Client::adaptOrFinalizeReply (this=0x1275b18) at
> Client.cc:974
> #21 0x00726344 in HttpStateData::processReply (this=0x1275b18) at
> http.cc:1246
> #22 0x00725fec in HttpStateData::readReply (this=0x1275b18, io=...)
> at http.cc:1223
> #23 0x0072fc10 in CommCbMemFunT CommIoCbParams>::doDial (this=0x1285f80) at CommCalls.h:205
> #24 0x00730070 in JobDialer::dial (this=0x1285f80,
> call=...) at base/AsyncJobCalls.h:174
> #25 0x0072f728 in AsyncCallT CommIoCbParams> >::fire (this=0x1285f50) at ../src/base/AsyncCall.h:145
> #26 0x00887728 in AsyncCall::make (this=0x1285f50) at
> AsyncCall.cc:40
> #27 0x00888270 in AsyncCallQueue::fireNext (this=0xe11e80) at
> AsyncCallQueue.cc:56
> #28 0x00888068 in AsyncCallQueue::fire (this=0xe11e80) at
> AsyncCallQueue.cc:42
> #29 0x006f4948 in EventLoop::dispatchCalls (this=0xf17422e8) at
> EventLoop.cc:144
> #30 0x006f485c in EventLoop::runOnce (this=0xf17422e8) at
> EventLoop.cc:121