Squid 代理服务器自编译安装 - ssl_crtd 帮助程序崩溃

Squid 代理服务器自编译安装 - ssl_crtd 帮助程序崩溃

我正在尝试使用 SSL-Dump 配置从 squid-cache.org 设置 Squid-Proxy Server 3.5.26。使用标准 apt-get 方法安装 Squid-Proxy 不包括所需的 OpenSSL 模块。我遵循此指南:SSL 转储指南

为了使用 OpenSSL 模块编译 Squid,我参考了文档并成功编译和安装了 Squid。为了编译/安装 Squid,我还在指南底部附近添加了 Debian/Ubuntu 附加内容,以设置正确的文件位置。

安装完成后我完成了初始化脚本部分,从提供的链接下载 init 文件/etc/init.d/squid。然后将文件的权限设置为 755,并将所有权分配给 root(这与 中的其他文件相匹配init.d)。

如果我使用默认的 squid 配置文件/etc/squid/squid.confhttp_port 3128服务可以正常启动。但是,当我将其更新为以下内容时:

http_port 3128 ssl-bump \
cert=/etc/squid/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

# For squid 3.5.x
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB

acl step1 at_step SslBump1

ssl_bump peek step1
ssl_bump bump all

squid 服务将不再启动,并/var/log/syslog包含以下错误

squid[2062] Squid Parent: (squid-1) Process 2128 started
squid(squid-1) The ssl_crtd helpers are crashing to rapidly, need help!
squid[2062] Squid Parent: (squid-1) Process 2128 exited with status 1
squid[2062] Squid Parent (squid-1) process 2128 will not be restarted due to repeated, 
frequent failures.

如果您能就如何使 ssl-dump 正常工作提出任何建议,我将不胜感激:)

更新

在文件中发现了有关崩溃的更多详细信息cache.log。我注意到尚未ssl_db初始化。但运行建议的命令(但使用 Ubuntu 相关路径)/lib/squid/ssl_crtd -c -2会返回Can not create directory

2017/07/11 14:38:20 kid1| Set Current Directory to /var/cache/squid
2017/07/11 14:38:20 kid1| Starting Squid Cache version 3.5.26 for x86_64-pc-
linux-gnu...
2017/07/11 14:38:20 kid1| Service Name: squid
2017/07/11 14:38:20 kid1| Process ID 2128
2017/07/11 14:38:20 kid1| Process Roles: worker
2017/07/11 14:38:20 kid1| With 65535 file descriptors available
2017/07/11 14:38:20 kid1| Initializing IP Cache...
2017/07/11 14:38:20 kid1| DNS Socket created at [::], FD 6
2017/07/11 14:38:20 kid1| DNS Socket created at 0.0.0.0, FD 7
2017/07/11 14:38:20 kid1| Adding nameserver 192.168.1.254 from 
/etc/resolv.conf
2017/07/11 14:38:20 kid1| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2017/07/11 14:38:20 kid1| helperOpenServers: Starting 5/32 'ssl_crtd' 
processes
(ssl_crtd): Uninitialized SSL certificate database directory: 
/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /var/lib/ssl_db".
(ssl_crtd): Uninitialized SSL certificate database directory: 
/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /var/lib/ssl_db".
2017/07/11 14:38:20 kid1| Logfile: opening log 
daemon:/var/log/squid/access.log
2017/07/11 14:38:20 kid1| Logfile Daemon: opening log 
/var/log/squid/access.log
(ssl_crtd): Uninitialized SSL certificate database directory: 
/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /var/lib/ssl_db".
(ssl_crtd): Uninitialized SSL certificate database directory: 
/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /var/lib/ssl_db".
(ssl_crtd): Uninitialized SSL certificate database directory: 
/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /var/lib/ssl_db".
2017/07/11 14:38:20 kid1| Unlinkd pipe opened on FD 25
2017/07/11 14:38:20 kid1| Store logging disabled
2017/07/11 14:38:20 kid1| Swap maxSize 102400 + 262144 KB, estimated 28041 
objects
2017/07/11 14:38:20 kid1| Target number of buckets: 1402
2017/07/11 14:38:20 kid1| Using 8192 Store buckets
2017/07/11 14:38:20 kid1| Max Mem  size: 262144 KB
2017/07/11 14:38:20 kid1| Max Swap size: 102400 KB
2017/07/11 14:38:20 kid1| Rebuilding storage in /var/cache/squid (clean log)
2017/07/11 14:38:20 kid1| Using Least Load store dir selection
2017/07/11 14:38:20 kid1| Set Current Directory to /var/cache/squid
2017/07/11 14:38:20 kid1| Finished loading MIME types and icons.
2017/07/11 14:38:20 kid1| HTCP Disabled.
2017/07/11 14:38:20 kid1| Squid plugin modules loaded: 0
2017/07/11 14:38:20 kid1| Adaptation support is off.
2017/07/11 14:38:20 kid1| Accepting SSL bumped HTTP Socket connections at 
local=[::]:3128 remote=[::] FD 28 flags=9
2017/07/11 14:38:20 kid1| Done reading /var/cache/squid swaplog (0 entries)
2017/07/11 14:38:20 kid1| Store rebuilding is 0.00% complete
2017/07/11 14:38:20 kid1| Finished rebuilding storage from disk.
2017/07/11 14:38:20 kid1|         0 Entries scanned
2017/07/11 14:38:20 kid1|         0 Invalid entries.
2017/07/11 14:38:20 kid1|         0 With invalid flags.
2017/07/11 14:38:20 kid1|         0 Objects loaded.
2017/07/11 14:38:20 kid1|         0 Objects expired.
2017/07/11 14:38:20 kid1|         0 Objects cancelled.
2017/07/11 14:38:20 kid1|         0 Duplicate URLs purged.
2017/07/11 14:38:20 kid1|         0 Swapfile clashes avoided.
2017/07/11 14:38:20 kid1|   Took 0.01 seconds (  0.00 objects/sec).
2017/07/11 14:38:20 kid1| Beginning Validation Procedure
2017/07/11 14:38:20 kid1|   Completed Validation Procedure
2017/07/11 14:38:20 kid1|   Validated 0 Entries
2017/07/11 14:38:20 kid1|   store_swap_size = 0.00 KB
2017/07/11 14:38:20 kid1| WARNING: ssl_crtd #Hlpr1 exited
2017/07/11 14:38:20 kid1| Too few ssl_crtd processes are running (need 1/32)
2017/07/11 14:38:20 kid1| Closing HTTP port [::]:3128
2017/07/11 14:38:20 kid1| storeDirWriteCleanLogs: Starting...
2017/07/11 14:38:20 kid1|   Finished.  Wrote 0 entries.
2017/07/11 14:38:20 kid1|   Took 0.00 seconds (  0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

Squid Cache (Version 3.5.26): Terminated abnormally.
CPU Usage: 0.044 seconds = 0.028 user + 0.016 sys
Maximum Resident Size: 98768 KB
Page faults with physical i/o: 0
2017/07/12 10:32:53| Set Current Directory to /var/cache/squid

更新 2

删除文件夹/var/lib/ssl_db然后重新运行/lib/squid/ssl_crtd -c -2成功。缓存日志中的错误已清除,但服务仍然无法启动 :(。

更新 3

重新启动后,服务可以正常启动。我会将此作为答案发布。

答案1

检查/var/log/squid/cache.log文件后发现,ssl_crtd由于 SSL_db 未正确初始化,因此崩溃。修复此问题的过程如下:

  1. 删除ssl_db文件夹,日志文件中显示的位置
  2. 跑步/lib/squid/ssl_crtd -c -s
  3. 重启服务器
  4. 启动服务

相关内容