Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

boot failure with squid #2383

Closed
SebastienLeMoal opened this issue May 3, 2018 · 6 comments
Closed

boot failure with squid #2383

SebastienLeMoal opened this issue May 3, 2018 · 6 comments
Assignees
@fichtner @AdSchellevis
Labels
bug Production bug
Milestone
19.1

Comments

@SebastienLeMoal
Copy link

SebastienLeMoal commented May 3, 2018
edited by fichtner
Loading

I left a new image, redo the installation several times, updated ... I still have the same problem.

The startup blocks after:

pf disabled
pf enabled
Firewall rules loaded.
Starting API dispatcher
Install : zone 0
overlay user template package for zone 0
Start : zone 0
Apr 11 09:49:27 lighttpd[16196]: (server.c.1423) server started (lighttpd/1.4.49)
start captiveportal background process
Starting squid.
2018/04/11 09:49:28| Warning: empty ACL: acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"

To finish the boot I need to connect to a GUI dashboard that I stop web proxy, and that I restart it (restart not found).
at this point he finishes booting:

>>>> Invoking start script 'carp'
>>> Invoking start script 'cron'
Starting Cron: OK
>>> Invoking start script 'beep'
Root file system: / dev / gpt / rootfs

I can provide an image to find and fix the problem very blocking.
@fichtner fichtner self-assigned this May 3, 2018
@fichtner fichtner added the bug Production bug label May 3, 2018
@fichtner fichtner added this to the 18.7 milestone May 3, 2018
@fichtner
Copy link
Member

fichtner commented May 3, 2018
edited
Loading

Hi Sebastien,

I'm guessing /usr/local/etc/squid/nobumpsites.acl is empty, but what are the steps to reproduce? This doesn't happen on a fresh image... do you import an existing config and reboot?

Cheers,
Franco

@SebastienLeMoal
Copy link
Author

Hi Franco,

I leave a fresh installation, I configure everything without importing anything,
I always have the same problem.

here is the step-by-step procedure of my configuration.

Captive.portal.and.web proxy.Wiki.pdf

@fichtner fichtner mentioned this issue Jul 26, 2018
Closed
@fichtner fichtner modified the milestones: 18.7, 19.1 Jul 26, 2018
@AdSchellevis
Copy link
Member

I guess nobody tried to leave the no bump sites empty before, usually the are some address in there like your bank and other sites which may not be intercepted by a man in the middle scenario.

Maybe we should enforce input there if sslbumping is enabled, although the warning should logically not be more then a warning.

@SebastienLeMoal if you add some nobump sites, does it bootup normally then? (I don't expect so, but just to be sure). If not there might be some other configuration issue preventing dns access, which may cause squid to behave like this.

@fichtner
Copy link
Member

fichtner commented Sep 4, 2018

@SebastienLeMoal we've been stabbing at this for a while and it's a very weird timing issue that we've been unable to reliably avoid. it has to do with ipfw/dummynet temporarily blocking squid's local socket and preventing it from going into daemon mode. worst combination of unfortunate events ever...

@fichtner
Copy link
Member

Continue in
#2569

Maybe FreeBSD 11.2 fixes this...

@fichtner
Copy link
Member

FYI fixed via be0cdeb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fichtner fichtner

@AdSchellevis AdSchellevis

Labels
bug Production bug
Milestone
19.1
Development

No branches or pull requests
3 participants
@fichtner @AdSchellevis @SebastienLeMoal