Proxy squid [RESOLVIDO]

1. Proxy squid [RESOLVIDO]

KiraVII
(usa CentOS)

Enviado em 31/07/2019 - 09:18h

Bom dia estou com o seguinte erro ao iniciar meu serviço de squid:

● squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Qua 2019-07-31 10:47:57 -03; 4s ago
Process: 3458 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=1/FAILURE)

Jul 31 10:47:57 mnc.local systemd[1]: Starting Squid caching proxy...
Jul 31 10:47:57 mnc.local cache_swap.sh[3458]: init_cache_dir /mnt/squid...
Jul 31 10:47:57 mnc.local systemd[1]: squid.service: control process exited...=1
Jul 31 10:47:57 mnc.local systemd[1]: Failed to start Squid caching proxy.
Jul 31 10:47:57 mnc.local systemd[1]: Unit squid.service entered failed state.
Jul 31 10:47:57 mnc.local systemd[1]: squid.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

No aguardo!

este e o código completo:

# Hostname e Porta usada pelo servidor Web Proxy Squid #
visible_hostname mnc.com.br
http_port 10.1.1.1:3128

# Diretório de erros no idioma português brasil
# Arquivo de log de acesso

error_directory /usr/share/squid/errors/pt-br
access_log /var/log/squid/access.log squid

#########################################################
# Configurações de cache de memoria e disco #
#########################################################

cache_mem 2500 MB
maximum_object_size_in_memory 1 MB
cache_log /var/log/squid/cache.log

# Definições de cache no disco #

maximum_object_size 1 MB
minimum_object_size 1 KB
cache_dir ufs /mnt/squid 30720 16 128

###### substituição de cache ########

cache_swap_low 80
cache_swap_high 90

# Feature avançada para atualização de cache
# Caso queira fazer cache de objetos de sites inclua abaixo
# Exemplo: arquivos de vídeo youtube.

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 1440

#########################################################
# Configuração de Autenticação #
#########################################################

auth_param basic program /usr/lib64/squid/basic_ldap_auth -d -R -P -b "dc=empresa,dc=com,dc=br" -D "cn=admin,dc=empresa,dc=com,dc=br" -W "/etc/squid/passwd.txt" -s sub -f "uid=%s" -h 10.1.1.5 -p 389
auth_param basic children 10
auth_param basic realm mnc.com.br requer autenticacao para navegar
auth_param basic credentialsttl 4 hours
auth_param basic casesensitive off

external_acl_type group_ldap children-startup=5 ipv4 %LOGIN /usr/lib64/squid/ext_ldap_group_acl -d -R -P -b "dc=empresa,dc=com,dc=br" -D "cn=admin,dc=empresa,dc=com,dc=br" -W "/etc/squid/passwd.txt" -s sub -f "(&(cn=%g)(memberUid=%u))" -h 10.10.10.5 -p 389

#########################################################
# ACLs #
#########################################################

#===============================================
## ACL de autenticação de grupos
#===============================================

acl group_rh external group_ldap rh

#===============================================
## ACL de autenticação de usuários
#===============================================

acl auth proxy_auth REQUIRED

# Recommended minimum configuration:

# ACLs criadas para permitir acesso de redes privadas - RFC1918.
# RFC 4193 local private network range
# RFC 4291 link-local (directly plugged) machines

acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10

# ACLs de portas que serão permitidas o encaminhamento de conexões
# ACLs de metodos

acl SSL_ports port 443
acl SSL_ports port 563
acl SSL_ports port 873
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl PURGE method PURGE

#==============================================================
# ACLs Personalizadas
#==============================================================

acl rede_local src 10.1.1.0/24
acl redes_sociais dstdomain .facebook.com .twitter.com .youtube.com

#################################################################
# Regras #
#################################################################

# Somente permite gerenciamento do cache pelo endereço local

http_access allow manager localhost
http_access deny manager

# Nega acesso a qualquer porta que não esteja nas ACLs Safe_ports e SSL_ports
# Permiti acesso do host local - localhost

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny PURGE !localhost

#=======================================================================
# Regras personalizdas
#=======================================================================

http_access deny !auth
http_access deny redes_sociais !group_rh
http_access allow rede_local
http_access deny all

# And finally deny all other access to this proxy

icp_access allow localnet
icp_access deny all

# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid
hosts_file /etc/hosts
dns_nameservers 8.8.8.8
dns_v4_first on
httpd_suppress_version_string off

0 0

Quote