Squid suddenly stops

lldm30 (Luis) 2017-10-02 17:16:30 UTC #1

NethServer Version: 7.3
Module: web proxy

Hi to everyone.

I’ve deployed nethserver 7.3 and I’ve noticed a problem with the access to internet. At certain moments the squid stops and it cancel, obviously, the connection to internet. I’ve checked the processor (top command), memory comsuption and processes (ps aux) and I have not found anything related to this behavior.

My server has these attributes
CPU
model name : Intel® Xeon® CPU E31220 @ 3.10GHz

RAM
total used free
Mem: 3952 1414
Swap: 2047

The navigation is only for 1 user (lab).

Anyone have had the same issue?

mrmarkuz (Markus Neuberger) 2017-10-02 18:16:45 UTC #2

Hi @lldm30,

/var/log/messages and the log files in /var/log/squid/ may also help you. Feel free to post them.

Quite a lot of people had this issue, but it’s too general, we have to get a deeper look into it.

https://www.google.at/search?q=squid+stops+working

giacomo (Giacomo Sanchietti) 2017-10-03 07:14:41 UTC #3

Please try to disable the antivirus and check if you hit this bug:

lldm30 (Luis) 2017-10-03 14:52:19 UTC #4

thanks for the replay mmarkuz, i’ll keep searching info about this issue.

lldm30 (Luis) 2017-10-03 14:54:39 UTC #5

Hi Giacomo.

Actually I haven’t enabled the antivirus.

Slow web proxy operation

lldm30 (Luis) 2017-10-03 20:28:01 UTC #6

Hi!

I found a possible solution. I was checking documentation and this lost of connection might be related to a behavior of squid. In short text, squid tries to connect to a web page using IPv6 (don’t know why and I haven’t seen any related to IPv6 in the .conf file) so adding this line “dns_v4_first on” in the .conf file, the squid will allways use IPv4 (according to squid documentation - http://www.squid-cache.org/Doc/config/dns_v4_first/). During all day, since I put that line, the disconnection hasn’t occured. I’ll keep testing.

lldm30 (Luis) 2017-10-05 20:44:36 UTC #7

Guys…

I haven’t lost connection til now. But I realized that the line I put in squid.conf was missing so I added the same line in /etc/e-smith/templates/etc/squid/squid.conf/90options. And here I have another question. If I want to add a new domain o url inside a category pre-established, let’s say movies, I just add the domain, run the sudo -u squid /usr/sbin/ufdbConvertDB -d /var/squidGuard/blacklists/movies/ command, restart the ufdb service and it’s done… but after the “night update” that ufdb does, the domain that I’ve added, dissapears.

So, which file do I have to edit to keep this new add?

pd: sorry for my english

Valeriy (Valeriy) 2017-10-06 05:56:25 UTC #8

/etc/squid/squid.conf
DO NOT MODIFY THIS FILE
Manual changes will be lost when this file is regenerated
Which file do you want to change?

m.traeumner (Michael Träumner) 2017-10-06 07:38:10 UTC #9

Please create a custom template to add the line to squid.conf

lldm30 (Luis) 2017-10-06 14:39:13 UTC #10

Hi,

The file is squid.conf.
I just added the new line in this file > /etc/e-smith/templates/etc/squid/squid.conf/90options
and the change (new line) persists.

mrmarkuz (Markus Neuberger) 2017-10-06 14:44:19 UTC #11

Hi @lldm30,

please copy the template file to templates-custom and make the change there, so the changes will keep after updates.

mkdir -p /etc/e-smith/templates-custom/etc/squid cp /etc/e-smith/templates/etc/squid/squid.conf/90options /etc/e-smith/templates-custom/etc/squid/squid.conf/90options

Docs:
http://docs.nethserver.org/projects/nethserver-devel/en/v7/templates.html

filippo_carletti (Filippo Carletti) 2017-10-06 14:51:30 UTC #12

Please no, custom templates from copies of the original templates should be used only to override a default value or option.
In this case, simply add a new file called 91ipv4dns and put that single line in it (dns_v4_first on).

So, to recap, the best practice is to avoid copying standard templates to templates-custom directory unless you need to override a default behaviour.
And the commands for @lldm30 are:

mkdir -p /etc/e-smith/templates-custom/etc/squid
echo "dns_v4_first on" >/etc/e-smith/templates-custom/etc/squid/91ipv4dns
signal-event nethserver-squid-save

@mrmarkuz I think that we may need to expand our documentation to add some best practices.

Https sites getting very slow

What is this problem: TAG_NONE/503 0 CONNECT ... HIER_NONE

mrmarkuz (Markus Neuberger) 2017-10-06 15:26:09 UTC #13

Oh no, I really thought, that’s how to do it generally…but if there were new functions in new templates they’ll never be used as they would be overwritten by my custom templates.

OK, so what I can see it’s always possible to take 91somename for adding entries at the end.

If you want to add an option:

mkdir -p /etc/e-smith/templates-custom/ABSOLUTE_PATH_OF_FILE_TO_CHANGE
echo "option=test" > /etc/e-smith/templates-custom/ABSOLUTE_PATH_OF_FILE_TO_CHANGE/91DESCRIBING_NAME

Change a default option:

mkdir -p /etc/e-smith/templates-custom/ABSOLUTE_PATH_OF_FILE_TO_CHANGE
cp /etc/e-smith/templates/ABSOLUTE_PATH_OF_FILE_TO_CHANGE/XXOPTIONFILE /etc/e-smith/templates-custom/ABSOLUTE_PATH_OF_FILE_TO_CHANGE/
vi /etc/e-smith/templates-custom/ABSOLUTE_PATH_OF_FILE_TO_CHANGE/XXOPTIONFILE

filippo_carletti (Filippo Carletti) 2017-10-06 15:33:22 UTC #14

One final note: if the syntax permits, sometimes we can override a variable re-defining it.
As an example, amavisd.conf permits redefinition, so if you want to change log_level you can redfine it at the end with a 92loglevel custom template. This way is preferred over copying and modifying /etc/e-smith/templates/etc/amavisd/amavisd.conf/10server.

elico (Eliezer Croitoru) 2017-10-07 19:40:35 UTC #15

@mrmarkuz The first thing to check is if squid is listening and you have any ip v6 routes on the system.
If the system has any ipv6 addresses else then on lo you should remove them and disable ipv6 auto addressing before you change to “dns_v4_first on” but it’s a relevant solution.
In cases like this what I am using is:
http://gogs.ngtech.co.il/elicro/linux-ipv6-utils/src/master/remove-ipv6-addresses.sh

but do not know how it should be done on nethserver.

m.traeumner (Michael Träumner) 2017-10-09 07:08:44 UTC #16

Thanks Filippo for explanation, I did it wrong to.
What do you think about adding a hint of that in documentation for claryfying?

filippo_carletti (Filippo Carletti) 2017-10-09 08:47:34 UTC #17

Best practice build over time and experience. These are not general rules that can be applied in all cases.
I agree that a note in the manual to give some guidelines would be helpful.
Pull request welcome.

m.traeumner (Michael Träumner) 2017-10-09 11:07:25 UTC #18

Pull request is done

filippo_carletti (Filippo Carletti) 2017-10-09 14:02:00 UTC #19

I do not see any pull request. No mail notification from gituhb either. Do you have a link?

m.traeumner (Michael Träumner) 2017-10-09 14:15:14 UTC #20

I have a look tomorrow and send it to you