Date: Tue, 01 Jun 2010 10:41:41 -0500 From: CyberLeo Kitsana <cyberleo@cyberleo.net> To: Kaya Saman <SamanKaya@netscape.net> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Squid not starting from rc in Jail, however works when run from root as command?? Message-ID: <4C052A35.4040906@cyberleo.net> In-Reply-To: <4C04C15F.7060800@netscape.net> References: <4C03FA45.50008@netscape.net> <4C04C15F.7060800@netscape.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/01/2010 03:14 AM, Kaya Saman wrote: > Kaya Saman wrote: >> Hi guys, >> >> I've just built a new BSD server running on a Mini-ITX NAS chassis and >> it's working beautifully :-) >> >> I also took the time to learn how to build jails too as this is only >> my second BSD build so am still really new to it although not to UNIX >> as I use Solaris and Linux frequently. >> >> Anyhow I'm trying to migrate config which was on an old SPARC server >> running Solaris 9 with a version of Squid got from the Blastwave repos >> and currently I'm having major issues with it. >> >> Basically I think I've worked through to figure out that running as >> user Squid or Proxy doesn't give me access to ports <1024, basically >> the 'well known' ports. >> >> Here is the error message I get from Squid when trying to start it >> using the rc.d file: >> >> May 31 17:47:11 proxy squid[4360]: Cannot open HTTP Port >> May 31 17:47:11 proxy squid[4358]: Squid Parent: child process 4360 >> exited due to signal 6 >> May 31 17:47:14 proxy squid[4358]: Squid Parent: child process 4364 >> started >> May 31 17:47:15 proxy squid[4364]: Cannot open HTTP Port >> May 31 17:47:15 proxy squid[4358]: Squid Parent: child process 4364 >> exited due to signal 6 >> May 31 17:47:18 proxy squid[4358]: Squid Parent: child process 4367 >> started >> May 31 17:47:18 proxy squid[4367]: Cannot open HTTP Port >> May 31 17:47:18 proxy squid[4358]: Squid Parent: child process 4367 >> exited due to signal 6 >> May 31 17:47:21 proxy squid[4358]: Squid Parent: child process 4370 >> started >> May 31 17:47:21 proxy squid[4370]: Cannot open HTTP Port >> May 31 17:47:21 proxy squid[4358]: Squid Parent: child process 4370 >> exited due to signal 6 >> >> >> If however I start Squid using /usr/local/sbin/squid -NCd1 as root I >> get this and Squid works: >> >> proxy# /usr/local/sbin/squid -NCd1 >> 2010/05/31 17:55:54| Starting Squid Cache version 2.7.STABLE7 for >> amd64-portbld-freebsd8.0... >> 2010/05/31 17:55:54| Process ID 4484 >> 2010/05/31 17:55:54| With 11095 file descriptors available >> 2010/05/31 17:55:54| Using kqueue for the IO loop >> 2010/05/31 17:55:54| Performing DNS Tests... >> 2010/05/31 17:55:54| Successful DNS name lookup tests... >> 2010/05/31 17:55:54| DNS Socket created at 0.0.0.0, port 39116, FD 6 >> 2010/05/31 17:55:54| Adding nameserver 192.168.1.100 from >> /etc/resolv.conf >> 2010/05/31 17:55:54| Adding nameserver 192.168.1.101 from >> /etc/resolv.conf >> 2010/05/31 17:55:54| logfileOpen: opening log /var/log/squid/access.log >> 2010/05/31 17:55:54| Unlinkd pipe opened on FD 11 >> 2010/05/31 17:55:54| Swap maxSize 102400 + 8192 KB, estimated 8507 >> objects >> 2010/05/31 17:55:54| Target number of buckets: 425 >> 2010/05/31 17:55:54| Using 8192 Store buckets >> 2010/05/31 17:55:54| Max Mem size: 8192 KB >> 2010/05/31 17:55:54| Max Swap size: 102400 KB >> 2010/05/31 17:55:54| logfileOpen: opening log /var/log/squid/store.log >> 2010/05/31 17:55:54| Rebuilding storage in /usr/local/squid/cache (DIRTY) >> 2010/05/31 17:55:54| Using Least Load store dir selection >> 2010/05/31 17:55:54| Set Current Directory to /var/spool/squid >> 2010/05/31 17:55:54| Loaded Icons. >> 2010/05/31 17:55:54| Accepting accelerated HTTP connections at >> 192.168.1.110, port 80, FD 13. >> 2010/05/31 17:55:54| Accepting ICP messages at 0.0.0.0, port 3130, FD 14. >> 2010/05/31 17:55:54| Accepting SNMP messages on port 3401, FD 15. >> 2010/05/31 17:55:54| WCCP Disabled. >> 2010/05/31 17:55:54| Configuring x-ray Parent x-ray/80/0 >> 2010/05/31 17:55:54| Configuring zeta-ray Parent zeta-ray/80/0 >> 2010/05/31 17:55:54| Configuring delta-ray Parent delta-ray/80/0 >> 2010/05/31 17:55:54| Configuring g-stat-1 Parent g-stat-1/80/0 >> 2010/05/31 17:55:54| Ready to serve requests. >> 2010/05/31 17:55:54| Done reading /usr/local/squid/cache swaplog (0 >> entries) >> 2010/05/31 17:55:54| Finished rebuilding storage from disk. >> 2010/05/31 17:55:54| 0 Entries scanned >> 2010/05/31 17:55:54| 0 Invalid entries. >> 2010/05/31 17:55:54| 0 With invalid flags. >> 2010/05/31 17:55:54| 0 Objects loaded. >> 2010/05/31 17:55:54| 0 Objects expired. >> 2010/05/31 17:55:54| 0 Objects cancelled. >> 2010/05/31 17:55:54| 0 Duplicate URLs purged. >> 2010/05/31 17:55:54| 0 Swapfile clashes avoided. >> 2010/05/31 17:55:54| Took 0.4 seconds ( 0.0 objects/sec). >> 2010/05/31 17:55:54| Beginning Validation Procedure >> 2010/05/31 17:55:54| Completed Validation Procedure >> 2010/05/31 17:55:54| Validated 0 Entries >> 2010/05/31 17:55:54| store_swap_size = 0k >> 2010/05/31 17:55:55| storeLateRelease: released 0 objects >> >> >> >> Running uname -a gives me this: >> >> FreeBSD Zeta-Ray.optiplex-networks.com 8.0-RELEASE FreeBSD 8.0-RELEASE >> #0: Sat Nov 21 15:02:08 UTC 2009 >> root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >> >> and also Squid was built from ports too!! >> >> Because I built the system in a Jail I am using this syntax to bind >> the port to the IP address: >> >> http_port 192.168.1.110:80 accel defaultsite=domain.com vhost >> >> When I mean Jail I am talking about FreeBDS Jails and not chroot >> syntax :-) >> >> Can anybody offer me any advice or anywhere else to turn as I really >> don't know what's going on???? >> >> Many thanks! >> >> Kaya > > Just to add that I've tested my config on the default Squid port, 3128 > instead of port 80 using the provided http_port line above which then > starts when used in conjunction with the rc script...... > > I'm using config based around this as a reverse proxy: > > http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers > > Since this is a production based system I really need to get the rc > script working but not sure where to begin going about it as I seem to > have one of those very specific or not too much observed problems!! I use Squid in HTTP accelerator mode, mostly to support directing name-vhosts to different backend servers. It must start as root to listen on port 80, but it will drop permissions on demand if requested. Set 'squid_user="root"' in rc.conf, then set 'cache_effective_user proxy' (or whatever your squid username) in squid.conf. It will start as root, bind the ports, open the logfiles, and then fork and drop root to handle actual requests. Also, now that you've run squid as root, you might have to fix the permissions on your cache directories. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net <CyberLeo@CyberLeo.Net> Furry Peace! - http://wwww.fur.com/peace/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C052A35.4040906>