[Eisfair] squid
Fridrich Bartel
FrBartel at hotmail.com
So Aug 21 19:46:29 CEST 2016
Am 20.08.2016 um 15:22 schrieb Marcus Roeckrath:
> Das Skript:
>
> #!/bin/sh
> # Stoppen von Squid, könnte so was sein, du
> # hast dazu keine Infos geliefert:
> #
> # /etc/rc0.d/r?????squid
rc455.squid
> #
> # Löschen
> rm -rf /squid/cache/*
> rm -f /squid/logs/access.log.*
> rm -f /squid/logs/cache.log.*
> # Reboot
> /sbin/reboot
Bei Stoppen vom squid, da hängt es. Der wird von der Webseite
Cachemanger aus gestoppt.
da ist dann das hinterlegt:
Router-IP/admin/cachemgr.cgi?host=localhost&port=3128&user_name=&operation=shutdown&auth=
Neustart erfolgte dann von Hand auf der Konsole.
Inhalt der rc455.squid
#------------------------------------------------------------------------------
# /etc/rc.d/rc.squid - start proxy-server squid
#
# OPT basiert auf - OPT_SQUID 2.1.7 - 1.1
# von Hermann Strassner (hermann.strassner at web.de)
#
# - OPT_NEWSQUID 2.0
# von Dominik Egert (fli4l at killus.net)
#
# Letzte Bearbeitung: 27.08.2006 Ingo Winiarski (iwiniarski at gmx.de)
#------------------------------------------------------------------------------
case $OPT_SQUID in
yes)
begin_script SQUID "setting up squid ..."
initcache=no
startsquid=yes
# --------------
# - Funktionen -
# --------------
# squid_iterate function variable1 variable2 ...
squid_iterate ()
{
if [ $# -lt 2 ]
then
log_error "squid_iterate: not enough parameters"
return
fi
func=$1
shift
for var in $*
do
eval var_n='$'${var}_N;
[ 0$var_n -eq 0 ] || for index in `seq 1 $var_n`
do
eval val='$'${var}_$index
$func "$val"
done
done
}
write_acl ()
{
set $1
case $1 in
'' | 0.0.0.0 | 0.0.0.0/0) ;;
*)
echo acl from_intranet src $1
echo acl to_intranet dst $1
;;
esac
}
# -----------------------------
# - Verzeichnisse vorbereiten -
# -----------------------------
if [ ! -d $SQUID_WORK_DIR ] # already existing?
then # yes, don't mkdir
mkdir -p $SQUID_WORK_DIR
chmod +w $SQUID_WORK_DIR
fi
if [ ! -d $SQUID_WORK_DIR/cache ]
then
mkdir -p $SQUID_WORK_DIR/cache
chmod +w $SQUID_WORK_DIR/cache
chown -R nobody $SQUID_WORK_DIR
fi
if [ ! -d $SQUID_WORK_DIR/cache/01 ] # no cache?
then # then create it..
initcache=yes
fi
if [ ! -d $SQUID_WORK_DIR/logs ] # already existing?
then # yes, don't mkdir
mkdir -p $SQUID_WORK_DIR/logs
chmod +w $SQUID_WORK_DIR/logs
chown -R nobody $SQUID_WORK_DIR
fi
mkdir /etc/squid
cp /usr/local/squid/etc/squid.conf /etc/squid/squid.conf
cp /usr/local/squid/etc/mime.conf /etc/squid/mime.conf
echo "$SQUID_WORK_DIR" > /etc/squid/workdir # used for cgi's and
log rotating
# ---------------------------------------
# - Sprache der Error-Seiten einstellen -
# ---------------------------------------
case $LOCALE in
de) SQUID_LANGUAGE=German ;;
en) SQUID_LANGUAGE=English ;;
fr) SQUID_LANGUAGE=French ;;
nl) SQUID_LANGUAGE=Dutch ;;
esac
# -----------------------
# - squid.conf erzeugen -
# -----------------------
# NETWORK OPTIONS
# ---------------
if [ "$SQUID_TRANSPARENT_CACHING" = "yes" ]
then
echo "http_port $SQUID_HTTP_PORT transparent" >>
/etc/squid/squid.conf
else
echo "http_port $SQUID_HTTP_PORT" >> /etc/squid/squid.conf
fi
{
echo "icp_port 0"
} >> /etc/squid/squid.conf
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------
if [ "$SQUID_NEXT_PROXY" = "yes" ]
then
echo "cache_peer $SQUID_NEXT_PROXY_URL parent
$SQUID_NEXT_PROXY_PORT 0 no-query" >> /etc/squid/squid.conf
echo "prefer_direct off" >> /etc/squid/squid.conf
fi
# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------
{
echo "cache_mem $SQUID_MEM_CACHE_SIZE MB"
echo "cache_swap_low 90"
echo "cache_swap_high 95"
echo "maximum_object_size $SQUID_MAX_OBJECT_SIZE KB"
echo "minimum_object_size 0 KB"
echo "maximum_object_size_in_memory 8 KB"
echo "ipcache_size 1024"
echo "ipcache_low 90"
echo "ipcache_high 95"
echo "fqdncache_size 1024"
} >> /etc/squid/squid.conf
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# ---------------------------------------
{
echo "cache_dir ufs $SQUID_WORK_DIR/cache
$SQUID_DISK_CACHE_SIZE 16 256"
} >> /etc/squid/squid.conf
if [ "$SQUID_ACCESS_LOG" = "yes" ]
then
echo "access_log $SQUID_WORK_DIR/logs/access.log" >>
/etc/squid/squid.conf
else
echo "access_log none" >> /etc/squid/squid.conf
fi
{
echo "cache_log $SQUID_WORK_DIR/logs/cache.log"
echo "cache_store_log none"
} >> /etc/squid/squid.conf
if [ "$SQUID_HTTPD_LIKE_LOG" = "yes" ]
then
echo "emulate_httpd_log on" >> /etc/squid/squid.conf
else
echo "emulate_httpd_log off" >> /etc/squid/squid.conf
fi
{
echo "log_ip_on_direct on"
echo "mime_table /usr/local/squid/etc/mime.conf"
echo "log_mime_hdrs off"
echo "pid_filename /var/run/squid.pid"
echo "debug_options ALL,1"
echo "log_fqdn off"
echo "client_netmask 255.255.255.255"
} >> /etc/squid/squid.conf
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -------------------------------------
{
echo "ftp_user squid@$DOMAIN_NAME"
echo "ftp_list_width 45"
echo "ftp_passive on"
echo "ftp_sanitycheck on"
echo "dns_retransmit_interval 5 seconds"
echo "dns_timeout 2 minutes"
echo "hosts_file /etc/hosts"
echo "unlinkd_program /usr/local/squid/libexec/unlinkd"
} >> /etc/squid/squid.conf
# OPTIONS FOR TUNING THE CACHE
# ----------------------------
{
echo "request_header_max_size 20 KB"
echo "request_body_max_size 0 KB"
echo "quick_abort_min 16 KB"
echo "quick_abort_max 16 KB"
echo "quick_abort_pct 95"
echo "negative_ttl 30 seconds"
echo "positive_dns_ttl 360 minutes"
echo "negative_dns_ttl 30 seconds"
echo "range_offset_limit 0 KB"
} >> /etc/squid/squid.conf
# TIMEOUTS
# --------
{
echo "connect_timeout $SQUID_CONNECT_TIMEOUT seconds"
echo "peer_connect_timeout 30 seconds"
echo "read_timeout 15 minutes"
echo "request_timeout 5 minutes"
echo "persistent_request_timeout 1 minutes"
echo "client_lifetime 1440 minutes"
echo "half_closed_clients off"
echo "pconn_timeout 120 seconds"
echo "ident_timeout 10 seconds"
echo "shutdown_lifetime 2 seconds"
} >> /etc/squid/squid.conf
# ADMINISTRATIVE PARAMETERS
# -------------------------
{
echo "cache_mgr squid@$DOMAIN_NAME"
echo "cache_effective_user nobody"
echo "cache_effective_group nogroup"
echo "visible_hostname $HOSTNAME.$DOMAIN_NAME"
} >> /etc/squid/squid.conf
# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# ------------------------------------------
{
echo "announce_period 0"
echo "announce_host tracker.ircache.net"
echo "announce_port 3131"
} >> /etc/squid/squid.conf
# MISCELLANEOUS
# -------------
{
echo "dns_testnames netscape.com internic.net nlanr.net
microsoft.com"
echo "logfile_rotate $SQUID_CYCLE_LOG_N"
echo "append_domain .$DOMAIN_NAME"
echo "tcp_recv_bufsize 0"
echo "memory_pools on"
echo "memory_pools_limit 0"
echo "forwarded_for off"
echo "log_icp_queries on"
echo "icp_hit_stale off"
echo "minimum_direct_hops 4"
echo "minimum_direct_rtt 400"
echo "cachemgr_passwd none all"
echo "cachemgr_passwd $PASSWORD config shutdown"
echo "store_avg_object_size 13 KB"
echo "store_objects_per_bucket 50"
echo "client_db on"
echo "netdb_low 900"
echo "netdb_high 1000"
echo "netdb_ping_period 5 minutes"
echo "query_icmp off"
echo "test_reachability off"
echo "buffered_logs off"
echo "reload_into_ims off"
echo "icon_directory /usr/local/squid/share/icons"
echo "error_directory
/usr/local/squid/share/errors/$SQUID_LANGUAGE"
echo "maximum_single_addr_tries 3"
#echo "snmp_port 3401"
#echo "snmp_access deny all"
#echo "snmp_incoming_address 0.0.0.0"
#echo "snmp_outgoing_address 255.255.255.255"
echo "as_whois_server whois.ra.net"
echo "wccp_router 0.0.0.0"
echo "wccp_version 4"
} >> /etc/squid/squid.conf
# xxx
# ---
{
echo "incoming_icp_average 6"
echo "incoming_http_average 4"
echo "incoming_dns_average 4"
echo "min_icp_poll_cnt 8"
echo "min_dns_poll_cnt 8"
echo "min_http_poll_cnt 8"
echo "max_open_disk_fds 0"
echo "offline_mode off"
echo "uri_whitespace strip"
echo "nonhierarchical_direct on"
echo "prefer_direct off"
echo "strip_query_terms on"
echo "redirector_bypass off"
echo "ignore_unknown_nameservers on"
echo "client_persistent_connections on"
echo "server_persistent_connections on"
echo "pipeline_prefetch off"
echo "high_response_time_warning 0"
echo "high_page_fault_warning 0"
echo "high_memory_warning 0"
echo "store_dir_select_algorithm least-load"
echo "ie_refresh on"
echo "vary_ignore_expire off"
echo "sleep_after_fork 0"
} >> /etc/squid/squid.conf
# -------------------
# - ACCESS CONTROLS -
# -------------------
{
echo "acl all src 0.0.0.0/0.0.0.0"
echo "acl manager proto cache_object"
echo "acl localhost src 127.0.0.1/255.255.255.255"
echo "acl SSL_ports port 443 563"
echo "acl Safe_ports port 80 # http"
echo "acl Safe_ports port 21 # ftp"
echo "acl Safe_ports port 443 563 # https, snews"
echo "acl Safe_ports port 70 # gopher"
echo "acl Safe_ports port 210 # wais"
echo "acl Safe_ports port 1025-65535 # unregistered ports"
echo "acl Safe_ports port 280 # http-mgmt"
echo "acl Safe_ports port 488 # gss-http"
echo "acl Safe_ports port 591 # filemaker"
echo "acl Safe_ports port 777 # multiling http"
echo "acl CONNECT method CONNECT"
squid_iterate write_acl SQUID_ACCESS_NET
case $SQUID_AUTO_CONFIG in
yes) squid_iterate write_acl IP_NET IP_ROUTE ;;
esac
case $SQUID_TRANSPARENT_CACHING in
yes) write_acl 127.0.0.1 ;;
esac
echo "http_access allow manager localhost"
echo "http_access deny manager"
echo "http_access deny !Safe_ports"
echo "http_access deny CONNECT !SSL_ports"
echo "http_access allow from_intranet"
echo "http_access deny !from_intranet"
echo "http_access deny all"
echo "http_reply_access allow all"
echo "icp_access deny all"
echo "ident_lookup_access deny all"
echo "reply_header_max_size 20 KB"
echo "reply_body_max_size 0 allow all"
echo "no_cache deny to_intranet"
echo "always_direct allow from_intranet to_intranet"
} >> /etc/squid/squid.conf
#
---------------------------------------------------------------------------------
# - Cache-Strategien anpassen
-
# - http://www.tecchannel.de/server/linux/402346/index4.html
-
# - Achtung: squid muss mit --enable-removal-policies=heap,lru
compiliert werden! -
# - Kontrolle: squid -v
-
#
---------------------------------------------------------------------------------
echo cache_replacement_policy heap LFUDA >> /etc/squid/squid.conf
echo memory_replacement_policy heap GDSF >> /etc/squid/squid.conf
# ---------------------------
# - Weitere Cache Directory -
# ---------------------------
[ 0$SQUID_CACHE_DIR_N -eq 0 ] || for idx in `seq 1 $SQUID_CACHE_DIR_N`
do
eval cachedir='$SQUID_CACHE_'$idx'_DIR'
eval cachesize='$SQUID_CACHE_'$idx'_SIZE'
echo "cache_dir ufs $cachedir $cachesize 16 256" >>
/etc/squid/squid.conf
if [ ! -d $cachedir ]
then
mkdir -p $cachedir
fi
if [ ! -d $cachedir/01 ] # no cache?
then # then create it..
initcache=yes
fi
chmod +w $cachedir
done
# ----------------------------------------------------------------
# - Squid als transparenten Proxy einrichten -
# - http://www.christian-gerner.de/computer/linux/squidtrans.htm -
# ----------------------------------------------------------------
if [ "$SQUID_TRANSPARENT_CACHING" = "yes" ]
then
colecho "setting up transparent caching (REDIRECT Port 80 to
$SQUID_HTTP_PORT) .." gn
do_insmod_once ipt_REDIRECT
# Portforwarding for all used eth0...ethx
for idx in `seq 1 $IP_NET_N`
do
eval ethdevice='$IP_NET_'$idx'_DEV'
eval ipnet='$IP_NET_'$idx''
# if no ip address, skip configuration
if [ -n "$ipnet" ]
then
ipaddress=`echo $ipnet | sed -e 's/\/.*//'`
colecho " ..for $ethdevice"
/sbin/iptables -t nat -A PREROUTING -i $ethdevice -d !
$ipaddress -p tcp --dport 80 -j REDIRECT --to-port $SQUID_HTTP_PORT -m
comment --comment "OPT_SQUID"
fi
done
fi
# ----------------------------------
# - Cache Directory initialisieren -
# ----------------------------------
if [ "$initcache" = "yes" ] # cache build required?
then # yes, let's do it
colecho "setting up squid's cache ..." gn
/usr/local/squid/sbin/squid -f /etc/squid/squid.conf -s -z
else
colecho "NOTICE: found cache .. leaving it untouched .." rd
colecho " you can manually rebuild cache by executing:" rd
colecho " /usr/local/squid/sbin/squid -s -z -f
/etc/squid/squid.conf" rd
fi
# -----------------
# - Squid starten -
# -----------------
colecho "starting squid ..." gn
echo 0 > /proc/sys/net/ipv4/tcp_ecn
/usr/local/squid/sbin/squid -f /etc/squid/squid.conf -D -X -s 2>
/etc/squid/squid.out
# ----------------------
# - log_rotate starten -
# ----------------------
echo SQUID_CYCLE_LOG_TIME=$SQUID_CYCLE_LOG_TIME >
/var/run/squid_log_rotate.conf
colecho "starting squid's log cycle ..." gn
/usr/local/squid/bin/squid_log_rotate &
# -----------------------------------
# - symlinks auf cgi-Dateien setzen -
# -----------------------------------
if [ -f /opt/files/usr/sbin/mini_httpd ]
then
for i in cachemgr main_squid squid_action squid_catlog
squid_showlog
do
ln -s /opt/files/usr/local/squid/bin/cgi/$i.cgi /srv/www/admin/
done
fi
# --------------------------
# - Link im httpd einfügen -
# --------------------------
if [ -f /srv/www/admin/main_squid.cgi -a -f
/usr/local/bin/httpd-menu.sh ]
then
/usr/local/bin/httpd-menu.sh add "main_squid.cgi" "Squid"
fi
end_script
;;
esac
Mehr Informationen über die Mailingliste Eisfair