Package: squid3
Version: 3.3.4-1
Severity: normal
Dear Maintainer,
When using more than one worker process ("workers 2" in squid.conf) squid
wants to create some sockets in /var/run/squid:
$ ls -l /var/run/squid
total 0
srwxr-x--- 1 proxy proxy 0 May 28 13:00 coordinator.ipc
srwxr-x--- 1 proxy proxy 0 May 28 13:00 kid-1.ipc
srwxr-x--- 1 proxy proxy 0 May 28 13:00 kid-2.ipc
If this directory does not exist squid starts, but fails to listen on any of
the defined http_port:
2013/05/28 11:40:33 kid2| commBind: Cannot bind socket FD 15 to [::]: (2) No
such file or directory
As now /var/run is a symlink to /run, which is a tmpfs, we need to recreate
this directory before starting squid.
I propose something like the following in /etc/init.d/squid3:
--- /etc/init.d/squid3~ 2013-05-14 17:46:35.000000000 +0200
+++ /etc/init.d/squid3 2013-05-28 12:07:03.287783823 +0200
@@ -58,6 +58,9 @@
cache_dir=`find_cache_dir cache_dir`
cache_type=`find_cache_type cache_dir`
+ mkdir -p /var/run/squid
+ chown proxy /var/run/squid
+
#
# Create spool dirs if they don't exist.
#
Greetings
Haegar
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-sdinet155-hetzner (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages squid3 depends on:
ii adduser 3.113+nmu3
ii libbsd0 0.4.2-1
ii libc6 2.13-38
ii libcap2 1:2.22-1.2
ii libcomerr2 1.42.5-1.1
ii libdb5.1 5.1.29-5
ii libecap2 0.2.0-1
ii libexpat1 2.1.0-1
ii libgcc1 1:4.7.2-5
ii libgssapi-krb5-2 1.10.1+dfsg-5
ii libk5crypto3 1.10.1+dfsg-5
ii libkrb5-3 1.10.1+dfsg-5
ii libldap-2.4-2 2.4.31-1+nmu2
ii libltdl7 2.4.2-1.1
ii libnetfilter-conntrack3 1.0.3-1
ii libpam0g 1.1.3-7.1
ii libsasl2-2 2.1.25.dfsg1-6
ii libstdc++6 4.7.2-5
ii libxml2 2.8.0+dfsg1-7+nmu1
ii logrotate 3.8.1-4
ii lsb-base 4.1+Debian8
ii netbase 5.0
ii squid3-common 3.3.4-1
squid3 recommends no packages.
Versions of packages squid3 suggests:
pn resolvconf <none>
pn smbclient <none>
pn squid-cgi <none>
pn squid-purge <none>
pn squidclient <none>
pn ufw <none>
pn winbindd <none>
-- Configuration Files:
/etc/init.d/squid3 changed:
NAME=squid3
DESC="Squid HTTP Proxy 3.x"
DAEMON=/usr/sbin/squid3
PIDFILE=/var/run/$NAME.pid
CONFIG=/etc/squid3/squid.conf
SQUID_ARGS="-YC -f $CONFIG"
[ ! -f /etc/default/squid3 ] || . /etc/default/squid3
. /lib/lsb/init-functions
PATH=/bin:/usr/bin:/sbin:/usr/sbin
[ -x $DAEMON ] || exit 0
ulimit -n 65535
find_cache_dir () {
w=" " # space tab
res=`sed -ne '
s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
t end;
d;
:end q' < $CONFIG`
[ -n "$res" ] || res=$2
echo "$res"
}
find_cache_type () {
w=" " # space tab
res=`sed -ne '
s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
t end;
d;
:end q' < $CONFIG`
[ -n "$res" ] || res=$2
echo "$res"
}
start () {
cache_dir=`find_cache_dir cache_dir`
cache_type=`find_cache_type cache_dir`
mkdir -p /var/run/squid
chown proxy /var/run/squid
#
# Create spool dirs if they don't exist.
#
if [ "$cache_type" = "coss" -a -d "$cache_dir" -a ! -f
"$cache_dir/stripe" ] || [ "$cache_type" != "coss" -a -d "$cache_dir" -a ! -d
"$cache_dir/00" ]
then
log_warning_msg "Creating $DESC cache structure"
$DAEMON -z -f $CONFIG
fi
umask 027
ulimit -n 65535
cd $cache_dir
start-stop-daemon --quiet --start \
--pidfile $PIDFILE \
--exec $DAEMON -- $SQUID_ARGS < /dev/null
return $?
}
stop () {
PID=`cat $PIDFILE 2>/dev/null`
start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
#
# Now we have to wait until squid has _really_ stopped.
#
sleep 2
if test -n "$PID" && kill -0 $PID 2>/dev/null
then
log_action_begin_msg " Waiting"
cnt=0
while kill -0 $PID 2>/dev/null
do
cnt=`expr $cnt + 1`
if [ $cnt -gt 24 ]
then
log_action_end_msg 1
return 1
fi
sleep 5
log_action_cont_msg ""
done
log_action_end_msg 0
return 0
else
return 0
fi
}
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$NAME"
if start ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
if stop ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
reload|force-reload)
log_action_msg "Reloading $DESC configuration files"
start-stop-daemon --stop --signal 1 \
--pidfile $PIDFILE --quiet --exec $DAEMON
log_action_end_msg 0
;;
restart)
log_daemon_msg "Restarting $DESC" "$NAME"
stop
if start ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
status)
status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit 3
;;
*)
echo "Usage: /etc/init.d/$NAME
{start|stop|reload|force-reload|restart|status}"
exit 3
;;
esac
exit 0
/etc/squid3/squid.conf changed:
workers 2
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/htpasswd
acl own_to_localhost url_regex -i ^(https?|ftp)://(localhost|127\.0\.0)
acl localnet src 193.103.159.0/24
acl localnet src 2001:6f8:94b::/48
acl localnet src 192.168.22.0/24
acl localnet src 182.168.18.0/23
acl localnet src 2001:6f8:96b::/48
acl to_localnet url_regex -i ^(https?|ftp)://193\.103\.159\.
acl to_localnet url_regex -i ^(https?|ftp)://192\.168\.22\.
acl to_localnet url_regex -i ^(https?|ftp)://192\.168\.19\.
acl to_localnet url_regex -i ^(https?|ftp)://192\.168\.18\.
acl to_localnet url_regex -i ^(https?|ftp)://172\.31\.22\.
acl to_localnet url_regex -i ^(https?|ftp)://172\.31\.19\.
acl to_localnet url_regex -i ^(https?|ftp)://172\.31\.18\.
acl blacklist url_regex -i ^http://alive.boingo.com/
acl blacklist url_regex -i
^http://android.clients.google.com/packages/ota/google_crespo/
acl SSL_ports port 80 # http
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 1863 # msn
acl SSL_ports port 3690 # svn
acl SSL_ports port 5222 # jabber
acl SSL_ports port 5223 # jabber
acl SSL_ports port 8090 # SHS Hummingbird
acl SSL_ports port 9418 # git
acl SSL_ports port 9443 # vmware esx
acl Safe_ports port 80 # http
acl Safe_ports port 81
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl CONNECT method CONNECT
acl passwd proxy_auth REQUIRED
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny own_to_localhost
http_access deny blacklist
http_access allow localnet
http_access allow localhost
http_access deny to_localnet
http_access allow passwd
http_access deny all
icp_access deny all
http_port 3127
http_port 3126 transparent disable-pmtu-discovery=transparent
hierarchy_stoplist
hierarchy_stoplist-disabled-e7a0ffa1793cf55da5d23082c838116acb24e0a2
cache_mem 256 MB
if ${process_number} = 1
cache_dir aufs /var/spool/squid3/1 1024 8 8
endif
if ${process_number} = 2
cache_dir aufs /var/spool/squid3/2 1024 8 8
endif
maximum_object_size 256 MB
coredump_dir none
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz|.bz2)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
via off
shutdown_lifetime 2 seconds
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
