9月 062013
 

源码编译版本squid 3.3.8启动时message中的错误信息

[root@localhost etc]# ../sbin/squid
 Enter PEM pass phrase:
 [root@localhost etc]#
[root@localhost ~]# less /var/log/messages
 Sep  6 10:09:13 localhost (squid-1): No valid signing SSL certificate configured for https_port [::]:443

使用YUM安装的squid版本信息

[root@localhost ~]# rpm -q squid
 squid-3.1.10-18.el6_4.i686
 [root@localhost ~]#

在使用相同配置文件时squid的启动错误信息

[root@localhost ~]# less /var/log/squid/cache.log
 2013/09/06 10:41:40| Ignoring https_port [::]:443 due to SSL initialization failure.
[root@localhost ~]# less /var/log/messages
 Sep  5 13:35:55 localhost (squid): Cannot open HTTP Port
[root@localhost ~]# less /var/log/squid/cache.log
 2013/09/05 13:36:51| Failed to acquire SSL private key '/usr/local/squid/server.key': error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt

取消server.key的密码保护

[root@localhost ~]# openssl rsa -in server.key -out nserver.key
 Enter pass phrase for server.key:
 writing RSA key
 [root@localhost ~]#

修改squid.conf配置文件

https_port 443 accel cert=/usr/local/squid/server.pem key=/usr/local/squid/server.key defaultsite=hk.linuxcache.com vhost
 cache_peer 175.10.20.30 parent 80 0 no-query originserver name=my443
 acl hk_ssl dstdomain hk.linuxcache.com
 cache_peer_access my443 allow hk_ssl
 http_access allow hk_ssl
 http_access deny all

启动squid并查看监听端口80和443已启用

[root@localhost ~]# /usr/local/squid/sbin/squid
 [root@localhost ~]# netstat -ant
 Active Internet connections (servers and established)
 Proto Recv-Q Send-Q Local Address               Foreign Address             State
 tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
 tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
 tcp        0      0 0.0.0.0:53852               0.0.0.0:*                   LISTEN
 tcp        0     52 192.168.111.134:22          192.168.111.1:55917         ESTABLISHED
 tcp        0      0 :::111                      :::*                        LISTEN
 tcp        0      0 :::80                       :::*                        LISTEN
 tcp        0      0 :::22                       :::*                        LISTEN
 tcp        0      0 :::443                      :::*                        LISTEN
 tcp        0      0 :::32863                    :::*                        LISTEN
 [root@localhost ~]#

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据