Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: Remon on December 10, 2011, 11:39:44 am
-
Could anybody elaborate how the gateway proxy is supposed to work, or point me to the error in my setup or expectations?
-I have a normal WAN gateway by DHCP, gateway = 10.20.0.1
-With this all setup I can surf the web from my zentyal server and get software updates with apt-get and the software maintenance
-I have setup a http proxy on the WAN side of my network network on 10.20.0.33 port 8080 , so its positioned in the DMZ.
-Proxy test was OK: If i hard set in firefox on the server the proxy manual I see traffic on my proxy so its operational and reachable from the zentyal box
I now define this proxy in the Gateway section and Save
-> The proxy settings in FF on the box are set to normal again and I can goto internet BUT this is not via the proxy I see
-> I can nolonger get software updates with apt-get and the software maintenance, Access is denied
-> I so totally no attempt to address the external proxy in the proxy logs (high verbose and connection logging on).
I tried as http proxy and as socks4/5 proxy but as the system does not seem to try to open an connection is has no effect.
I checked the EXPORT settings, and as should, the proxy is listed there.
declare -x http_proxy="http://user:user@10.20.0.33:8080/"
-
Ok, proxy base issue solved. ::) :o
The proxy was not expecting a user/pass. Removing it allowed usage by the update mechanism and apt-get .
-Browsing from the zentyal box was not done automatic via the proxy although in FF the 'use system proxy' was set.
-I noticed that Zentyal HTTP Proxy does not work anymore when you define a gateway proxy.
clients using the zentyal http-proxy cannot connect anymore to any sites.
The alert events list an error hen as well:
The HTTP proxy was not able to browse www.google.com: 500 Can't connect to localhost:3128 (connect: Connection refused) (repeated 82 times
Is this an sort of internal keep alive? i could not find it configured anywhere.
-
Does your proxy use Zentyal as the gateway? Does Zentyal have the HTTP proxy module installed, enabled and in transparent mode?
This feature does three things:
1.- enable proxy configuration for APT
2.- enable system wide proxy configuration (needs reboot to be fully applied) as it configures a system wide environment variable and all services need a restart to get this configuration
3.- makes local HTTP proxy use this defined proxy as a parent server
-
This error probably comes from the HTTP proxy event, configured with your Zentyal Cloud subscription, that check proxy is properly working every few minutes.
-
> Does your proxy use Zentyal as the gateway?
No, the proxy in the "DMZ" (my WAN network) uses a normal other gateway (the central adsl router) that also is the default gw for zentyal by DHCP on the eth0 WAN interface.
>Does Zentyal have the HTTP proxy module installed, enabled and in transparent mode?
Yes, and without the gateway proxy set in Zentyal I have an operational transparent proxy with filtering for my zentyal LAN internal network PCs
>This feature does three things:
>1.- enable proxy configuration for APT
>2.- enable system wide proxy configuration (needs reboot to be fully applied) as it configures a system wide environment variable and all services need a restart to get this configuration
>3.- makes local HTTP proxy use this defined proxy as a parent server
I rebooted as I thought this was the issue then, but the clients on the Internal zentyal network still cannot then use the zentyal proxy anymore. there is no response.
In the /var/log/zentyal/zentyal.log I find the error that is mostly the same issue that the clients seem to effect:
INFO> Log.pm:118 EBox::Event::Dispatcher::Log::send - $VAR1 = bless( {
'source' => 'HTTP proxy client',
'compMessage' => 'proxy_www.google.com_500',
'level' => 'warn',
'dispatchers' => [
'any'
],
'timestamp' => 1323530331,
'message' => 'The HTTP proxy was not able to browse www.google.com: 500 Can\'t connect to localhost:3128 (connect: Connection refused)'
}, 'EBox::Event' );
I checked the running Services, and HTTPProxy is not running->> Restarting manually does not help.
2011/12/10 18:39:07 INFO> Service.pm:716 EBox::Module::Service::restartService - Restarting service for module: squid
2011/12/10 18:39:08 INFO> Base.pm:1056 EBox::Module::Base::__ANON__ - Using custom template for /etc/dansguardian/languages/ukenglish/template.html: /etc/zentyal/stubs/squid/template.html.mas
In syslog I find:
Dec 10 18:44:09 zentyal squid[21578]: Bungled squid.conf line 43: never_direct allow all
Dec 10 18:44:09 zentyal init: squid main process (21578) terminated with status 1
So I checked the squid.conf. And as the syslog indicates it fails on the line after the inserted HTTPProxy item.
cache_peer 10.20.0.33 parent 8080 0 no-query no-digest
never_direct allow all
# <EBOX> TAG_ACL #
auth_param basic realm Zentyal HTTP proxy
-
A 3 piece :) but with an ending!
I found the issue. Its hinted on this topic: http://web.archiveorange.com/archive/v/ieAjrGQtxWSVZZTQT6ov (http://web.archiveorange.com/archive/v/ieAjrGQtxWSVZZTQT6ov)
Order is critical to some things in the squid config file.
The wiki bit most relevant is here:
http://wiki.squid-cache.org/SquidFaq/OrderIsImportant (http://wiki.squid-cache.org/SquidFaq/OrderIsImportant)
In short, there are lines in your squid.conf which start "acl ". The
never_direct line MUST be somewhere underneath at very least the one
starting with "acl all src ".
I moved the line "never_direct allow all" down to the bottom under all 'acl' entries, then started directly on /etc/init.d/squid start.
The Zentyal interface creates this config normally, thus when I start or save in Zentyal the httpproxy is broken again.
------------
>> For anybody finding this thread: The issue was resolved with the 2.2.2 release of zentyal-squid package.