1
我嘗試配置squid(在openwrt上運行)充當ssl連接的透明代理。雖然「正常」的非ecrypted連接工作正常魷魚總是崩潰時,我試圖用SSL連接運行它。squid:透明SSL代理的總線錯誤
我該配置是這樣的:
https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/opt/ssl/ssl.pem key=/opt/ssl/ssl.pem
ssl_bump server-first all
但每次我嘗試啓動魷魚,我得到錯誤的只有一條線路:
Bus error
我使用魷魚3.5.2-2和調試日誌看起來像這樣:
2015/12/02 17:28:42.021| Initializing https proxy context
2015/12/02 17:28:42.026| support.cc(1068) method: Using SSLv2/SSLv3.
2015/12/02 17:28:42.029| support.cc(1200) sslCreateClientContext: Setting RSA key generation callback.
2015/12/02 17:28:42.029| support.cc(1204) sslCreateClientContext: NOTICE: Peer certificates are not verified for validity!
2015/12/02 17:28:42.030| support.cc(1211) sslCreateClientContext: Setting CA certificate locations.
2015/12/02 17:28:42.030| Initializing https_port [::]:3129 SSL context
2015/12/02 17:28:42.030| Using certificate in /opt/ssl/ssl.pem
2015/12/02 17:28:42.034| support.cc(1714) readSslX509CertificatesChain: Certificate is self-signed, will not be chained
2015/12/02 17:28:42.093| support.cc(1533) contextMethod: Using SSLv2/SSLv3.
2015/12/02 17:28:42.096| support.cc(855) configureSslContext: Setting RSA key generation callback.
2015/12/02 17:28:42.098| support.cc(858) configureSslContext: Setting CA certificate locations.
2015/12/02 17:28:42.100| support.cc(901) configureSslContext: Not requiring any client certificates
2015/12/02 17:28:42.101| tools.cc(543) leave_suid: leave_suid: PID 6477 called
2015/12/02 17:28:42.103| tools.cc(565) leave_suid: leave_suid: PID 6477 giving up root, becoming 'nobody'
2015/12/02 17:28:42.106| debug.cc(403) parseOptions: command-line -X overrides: ALL,1
Bus error
所以我現在的問題是:爲什麼不是魷魚,甚至開始?什麼導致了總線錯誤?
我遇到了完全相同的問題(在openwrt路由器上運行相同的squid版本)。你有沒有想出一個解決方案? – Rerito
據我所知,由於系統運行時性能不足,系統無法使用ssl處理魷魚......我在我的路由器上嘗試過它,但它沒有足夠的內存和/或cpu能力。它會導致其他進程崩潰,這將導致一個總線錯誤...有些設備不是爲了運行它...也許你應該運行在另一個更強大的設備上,只是重定向到它的流量......這工作對我來說 – ZeroTek