OUR CATEGORY : freeBSD
Squid -k rotate just a way to ‘clear squid cache’ although it doesn’t clear squid cache (a real cache). But it helps when browsers ’stuck’ with caches (refresh/reload pages doesn’t work)
This description from Squid FAQ
Cache/Log (Squid 1.x) or Swap.State (Squid 2.x)
This file has a rather unfortunate name. It also is often called the swap log. It is a record of every cache object written to disk. It is read when Squid starts up to “reload” the cache. If you remove this file when squid is NOT running, you will effectively wipe out your cache contents. If you remove this file while squid IS running, you can easily recreate it. The safest way is to simply shutdown the running process:
% squid -k shutdown
This will disrupt service, but at least you will have your swap log back. Alternatively, you can tell squid to rotate its log files. This also causes a clean swap log to be written.
% squid -k rotate
For Squid-1.1, there are six fields:
fileno: The swap file number holding the object data. This is mapped to a pathname on your filesystem.
timestamp: This is the time when the object was last verified to be current. The time is a hexadecimal representation of Unix time.
expires: This is the value of the Expires header in the HTTP reply. If an Expires header was not present, this will be -2 or fffffffe. If the Expires header was present, but invalid (unparsable), this will be -1 or ffffffff.
lastmod: Value of the HTTP reply Last-Modified header. If missing it will be -2, if invalid it will be -1.
size: Size of the object, including headers.
url: The URL naming this object.
If you remove the swap.state while Squid is not running, you will not lose your entire cache. In this case, Squid will scan all of the cache directories and read each swap file to rebuild the cache. This can take a very long time, so you’ll have to be patient.
By default the swap.state file is stored in the top-level of each cache_dir. You can move the logs to a different location with the cache_swap_log option.
It’s simple, use this command :
# squid -k rotate
This command rotate squid log files but also ‘clear squid cache’, without shutdown and restart squid. This command works in the situation where people have ‘a constant cache’ (refresh/reload a page doesn’t work) in their browser, and ‘clear cache’ without their notice.
What about squid -z?
squid -z is unlikely choice to clear cache if squid run consistently, because you must stop or shutdown squid before using squid -z. I will use squid -z to rebuild squid cache
I have this problem after OpenDNS setup, i can’t ‘browse’ computer on a private network by name, following a recommendation from OpenDNS, simple tweak in /etc/hosts file.
What is /etc/hosts file?
This is a way for hostnames to map to IP addresses. Operating system will attempt to resolve domain names to IP addresses by first accessing a local file called the “hosts” file, which is simply a database of IP-to-hostname mappings for hosts we know about—such as hosts on our local network—with the /etc/hosts file. /etc/hosts allows you to build a table in which each entry lists an IP address, its most common (or “official”) hostname, and any aliases (additional names that map to the same IP address), separated by spaces or tabs. This table is consulted before any DNS queries are made, so /etc/hosts acts both as a backup to DNS (if it’s not available) and an override (if it’s not serving correct information). DNS is queried only if the domain name that you are looking for is not listed in this file.
format
ip_address official_hostname alias1 alias2
example
192.168.x.x nineteenlabs.com nineteenlabs
When I fix this, also resolve a ftp error. Now, my ftp can use domain name
It’s Basic, and i forget this command all the time, use this ‘chown’ in one of servers, i want to (b)log this command :
I am using this command to change a file owner and a group of directory, its subfolders, and its files
chown -R name:group [directory path]
example :
chown -R kate:kate /usr/local/www/directory_name
UPDATED
OpenDNS (from its website) : it’s a DNS service, aim to make Internet safer, faster, smarter and more reliable.
This is how to setup OpenDNS in SQUID :
Edit squid.conf and add this :
OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
dns_nameservers 208.67.220.220 208.67.222.222
or
dns_nameservers 208.67.220.220
dns_nameservers 208.67.222.222
Save and run this :
squid -k parse
squid -k reconfigure
but if your squid add nameservers from squid.conf, just run squid -k reconfigure
If your squid add nameservers from /etc/resolv.conf, add to /etc/resolv.conf :
nameserver 208.67.220.220
nameserver 208.67.222.222
Save and run :
squid -k reconfigure, since your squid need to refresh its configuration
Where do I get OpenDNS IP? You can look at a OpenDNS Web Site.
Test the configuration : open this address in your browser http://welcome.opendns.com
For more configuration or troubleshooting you can ask OpenDNS people.
Add this to squid.conf
#Port Lists
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
or
# Port Lists
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
If users in your network access remote servers on non standard HTTP/S ports not listed in squid.conf, your browser will show an error page :
ERROR
The requested URL could not be retrieved
_____
While trying to retrieve the URL: http://xxx.xxx.xxx.xxx:1000 (this is an example)
The following error was encountered:
* Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is webmaster.
This ports restriction help limit unauthorized request.
If reboot and squid -k says it can not send stop signal again, means that squid.pid is missing
Check squid.pid in the system and if missing, here is what i can suggest :
Look into a previous post in this website, then shutdown squid
squid -k shutdown
Create squid.pid (usually squid.pid located in the same directory with log files)
touch squid.pid
squid.pid chmod permission
-rw-r--r--
squid.pid chown permission
root : squid
Since it’s empty, we must make Squid to rewrite a squid.pid file
Create Squid swap directories
squid -z
Run Squid
squid
then try reboot
The squid.pid file is missing or unreadable makes squid -k command don’t work (says it can not send stop signal). We kill Squid manually by finding the process ID with ps.
ps ax | grep squid
If there are more than one Squid process, be sure to kill the one that shows up as (squid).
example
500 ?? Is 0:00.01 squid -sD
505 ?? S 0:00.27 (squid) -sD (squid)
then kill it
kill -TERM 505
How to fix this? I learn that with a help from Squid Faq
Run squid again
squid
then do ps again
ps ax | grep squid
find squid process that shows up as (squid)
example : if the process id 82675 (remember this is example)
Create the PID file and put the process id number there
echo 82675 > /usr/local/squid/logs/squid.pid
note : /usr/local/squid/logs/squid.pid (location of squid.pid, this is probably different in your computer)
Then find the Squid process id. Send the process a HUP signal, which is the same as squid -k reconfigure
kill -HUP 82675
The reconfigure process creates a new PID file automatically.