Ubuntu squid #squid

Squidが稼働していることを確認

root@proxy102:~# /etc/init.d/squid status
● squid.service - LSB: Squid HTTP Proxy version 3.x
   Loaded: loaded (/etc/init.d/squid; generated)
   Active: active (running) since Fri 2020-10-09 04:53:14 UTC; 18min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 5757 ExecReload=/etc/init.d/squid reload (code=exited, status=0/SUCCESS)
    Tasks: 4 (limit: 4915)
   CGroup: /system.slice/squid.service
           ├─5421 /usr/sbin/squid -YC -f /etc/squid/squid.conf
           ├─5423 (squid-1) -YC -f /etc/squid/squid.conf
           ├─5771 (logfile-daemon) /var/log/squid/access.log
           └─5772 (pinger)

Oct 09 04:53:14 proxy102 systemd[1]: Starting LSB: Squid HTTP Proxy version 3.x...
Oct 09 04:53:14 proxy102 squid[5365]:  * Starting Squid HTTP Proxy squid
Oct 09 04:53:14 proxy102 squid[5421]: Squid Parent: will start 1 kids
Oct 09 04:53:14 proxy102 squid[5365]:    ...done.
Oct 09 04:53:14 proxy102 systemd[1]: Started LSB: Squid HTTP Proxy version 3.x.
Oct 09 04:53:14 proxy102 squid[5421]: Squid Parent: (squid-1) process 5423 started
Oct 09 05:11:04 proxy102 systemd[1]: Reloading LSB: Squid HTTP Proxy version 3.x.
Oct 09 05:11:04 proxy102 squid[5757]:  * Reloading Squid HTTP Proxy configuration files
Oct 09 05:11:04 proxy102 squid[5757]:    ...done.
Oct 09 05:11:04 proxy102 systemd[1]: Reloaded LSB: Squid HTTP Proxy version 3.x.

Squidの設定読み込み、スタート、再起動、ログ確認

root@proxy102:~# systemctl reload squid

root@proxy102:~# /etc/init.d/squid start
[ ok ] Starting squid (via systemctl): squid.service.

/etc/init.d/squid restart

sudo cat /var/log/squid/access.log

squid.conf

acl localnet src 10.1.82.0/24
acl localnet src 10.1.10.0/24
\http_access allow all
http_port 3128

--verboseオプションをつけるとエラーの詳細が出る。

root@proxy102:~# curl  --proxy http://localhost:3128 https://qiita.com --verbose
* Rebuilt URL to: https://qiita.com/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to qiita.com:443
> CONNECT qiita.com:443 HTTP/1.1
> Host: qiita.com:443
> User-Agent: curl/7.58.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to qiita.com:443
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to qiita.com:443

curl test (localhost)

root@proxy102:~# curl --proxy http://localhost:3128 qiita.com
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
 /*
 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 Stylesheet for Squid Error pages
 Adapted from design by Free CSS Templates
 http://www.freecsstemplates.org
 Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
* {
    font-family: verdana, sans-serif;
}

html body {
    margin: 0;
    padding: 0;
    background: #efefef;
    font-size: 12px;
    color: #1e1e1e;
}

/* Page displayed title area */
#titles {
    margin-left: 15px;
    padding: 10px;
    padding-left: 100px;
    background: url('/squid-internal-static/icons/SN.png') no-repeat left;
}

/* initial title */
#titles h1 {
    color: #000000;
}
#titles h2 {
    color: #000000;
}

/* special event: FTP success page titles */
#titles ftpsuccess {
    background-color:#00ff00;
    width:100%;
}

/* Page displayed body content area */
#content {
    padding: 10px;
    background: #ffffff;
}

/* General text */
p {
}

/* error brief description */
#error p {
}

/* some data which may have caused the problem */
#data {
}

/* the error message received from the system or other software */
#sysmsg {
}

pre {
    font-family:sans-serif;
}

/* special event: FTP / Gopher directory listing */
#dirmsg {
    font-family: courier;
    color: black;
    font-size: 10pt;
}
#dirlisting {
    margin-left: 2%;
    margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
    border-bottom: groove;
}
#dirlisting td.size {
    width: 50px;
    text-align: right;
    padding-right: 5px;
}

/* horizontal lines */
hr {
    margin: 0;
}

/* page displayed footer area */
#footer {
    font-size: 9px;
    padding-left: 10px;
}


body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
:lang(he) { direction: rtl; }
 --></style>
</head><body id=ERR_READ_ERROR>
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>

<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href="http://qiita.com/">http://qiita.com/</a></p>

<blockquote id="error">
<p><b>Read Error</b></p>
</blockquote>

<p id="sysmsg">The system returned: <i>(104) Connection reset by peer</i></p>

<p>An error condition occurred while reading data from the network. Please retry your request.</p>

<p>Your cache administrator is <a href="mailto:webmaster?subject=CacheErrorInfo%20-%20ERR_READ_ERROR&amp;body=CacheHost%3A%20proxy102%0D%0AErrPage%3A%20ERR_READ_ERROR%0D%0AErr%3A%20(104)%20Connection%20reset%20by%20peer%0D%0ATimeStamp%3A%20Mon,%2012%20Oct%202020%2006%3A21%3A01%20GMT%0D%0A%0D%0AClientIP%3A%20127.0.0.1%0D%0AServerIP%3A%20qiita.com%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2F%20HTTP%2F1.1%0AUser-Agent%3A%20curl%2F7.58.0%0D%0AAccept%3A%20*%2F*%0D%0AProxy-Connection%3A%20Keep-Alive%0D%0AHost%3A%20qiita.com%0D%0A%0D%0A%0D%0A">webmaster</a>.</p>
<br>
</div>

<hr>
<div id="footer">
<p>Generated Mon, 12 Oct 2020 06:21:01 GMT by proxy102 (squid/3.5.27)</p>
<!-- ERR_READ_ERROR -->
</div>
</body></html>

curl （外向けInterface指定）

root@proxy102:~# curl --proxy http://10.1.92.102:3128 qiita.com
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
 /*
 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 Stylesheet for Squid Error pages
 Adapted from design by Free CSS Templates
 http://www.freecsstemplates.org
 Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
* {
    font-family: verdana, sans-serif;
}

html body {
    margin: 0;
    padding: 0;
    background: #efefef;
    font-size: 12px;
    color: #1e1e1e;
}

/* Page displayed title area */
#titles {
    margin-left: 15px;
    padding: 10px;
    padding-left: 100px;
    background: url('/squid-internal-static/icons/SN.png') no-repeat left;
}

/* initial title */
#titles h1 {
    color: #000000;
}
#titles h2 {
    color: #000000;
}

/* special event: FTP success page titles */
#titles ftpsuccess {
    background-color:#00ff00;
    width:100%;
}

/* Page displayed body content area */
#content {
    padding: 10px;
    background: #ffffff;
}

/* General text */
p {
}

/* error brief description */
#error p {
}

/* some data which may have caused the problem */
#data {
}

/* the error message received from the system or other software */
#sysmsg {
}

pre {
    font-family:sans-serif;
}

/* special event: FTP / Gopher directory listing */
#dirmsg {
    font-family: courier;
    color: black;
    font-size: 10pt;
}
#dirlisting {
    margin-left: 2%;
    margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
    border-bottom: groove;
}
#dirlisting td.size {
    width: 50px;
    text-align: right;
    padding-right: 5px;
}

/* horizontal lines */
hr {
    margin: 0;
}

/* page displayed footer area */
#footer {
    font-size: 9px;
    padding-left: 10px;
}


body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
:lang(he) { direction: rtl; }
 --></style>
</head><body id=ERR_READ_ERROR>
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>

<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href="http://qiita.com/">http://qiita.com/</a></p>

<blockquote id="error">
<p><b>Read Error</b></p>
</blockquote>

<p id="sysmsg">The system returned: <i>(104) Connection reset by peer</i></p>

<p>An error condition occurred while reading data from the network. Please retry your request.</p>

<p>Your cache administrator is <a href="mailto:webmaster?subject=CacheErrorInfo%20-%20ERR_READ_ERROR&amp;body=CacheHost%3A%20proxy102%0D%0AErrPage%3A%20ERR_READ_ERROR%0D%0AErr%3A%20(104)%20Connection%20reset%20by%20peer%0D%0ATimeStamp%3A%20Mon,%2012%20Oct%202020%2006%3A23%3A22%20GMT%0D%0A%0D%0AClientIP%3A%2010.1.92.102%0D%0AServerIP%3A%20qiita.com%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2F%20HTTP%2F1.1%0AUser-Agent%3A%20curl%2F7.58.0%0D%0AAccept%3A%20*%2F*%0D%0AProxy-Connection%3A%20Keep-Alive%0D%0AHost%3A%20qiita.com%0D%0A%0D%0A%0D%0A">webmaster</a>.</p>
<br>
</div>

<hr>
<div id="footer">
<p>Generated Mon, 12 Oct 2020 06:23:22 GMT by proxy102 (squid/3.5.27)</p>
<!-- ERR_READ_ERROR -->
</div>
</body></html>

参考リンク

Squid の設定と使い方