Hi

in the squid configfile was a # in front of this line:
#cache_dir ufs /var/spool/squid 100 16 256

Because of that the squid proxy will not start.
Remove the # and it worsk fine.

Regards Galileo77

i used versions of 6.1 and 7 and had the same error that , after http://localhost:8000 , the error on chrome shows
Forbidden
You don't have permission to access / on this server.
Apache/2.4.29 (Ubuntu) Server at localhost Port 8000

====

and the docker info is as follows

Experienced with Diladele 8.3 & 8.4 Docker image.

With the "TIME_ZONE=Europe/Berlin" var for env we provide the timezone for Diladele (or rather said Django). This works so far as can be seen well in Diladele webinterface.

What about the system timezone? It is set to etc/utc by default. I tried a bunch of stuff to change it but it won't change inside what the Diladele Webinterface is showing me. "tzdata" seems to be already installed in the base Ubuntu image that is used inside the Diladele Dockerfile.

What I tried so far:

1. Adding a var to the env that specifies the value for the actual Linux $TZ var and running a script that sets it inside the Container Ubuntu Linux:

Compose snippet from my Stack:
environment:

• TZ=Europe/Berlin
  command: >
  sh -c "ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && exec /sbin/my_init"

Result: The container boots up normally and so does Diladele. $TZ equals Europe/Berlin. /etc/timezone for some reason is empty. Diladele still shows etc/utc as the system timezone. I guess this way is not working well. The one below does better from the looks of the respective timezone and other files.

2. I mounted the Docker host timezone and localtime files as readonly inside the container with the $TZ var attached in the env:

Compose snippet from my Stack:
environment:

• TZ=Europe/Berlin
  volumes:
• "/etc/localtime:/etc/localtime:ro"
• "/etc/timezone:/etc/timezone:ro"

Result: $TZ equals the set value. Content of timezone and localtime equal what is set on the Docker host. Docker Host timezone is set to Europe/Berlin btw. Diladele still says that the system timezone is etc/utc.

3. I mixed both steps. Still Diladele says the system timezone is etc/utc.

Can this issue be even ignored? I plan on using Diladele with AD integration. Kerberos and such stuff can be very problematic with stuff like time being accurate. Do I have to build my own Image that implements fixes to this issue?

Mainly because I have a few Diladele servers running on Ubuntu 18.04 LTS with different Diladele versions. Ubuntu 18.04 LTS as you may know is EOL after May 2023 (unless you get a subscription for the Pro version which provides support until somewhere in 2027). So I discovered the Diladele Docker image.

Actually I have a list of issues with the image. I'm trying to fix issues on the way myself and write down the issue + fix at the moment to submit more issues.

github says that the latest image is 7.0. In https://hub.docker.com/r/diladele/websafety/tags the latest tag is 6.4. Has the 7.0 image been uploaded to docker hub?

i'm having issues , none of which i had in previous version, i might add for 2years atleast.
First of all i installed Squid on part D:/Squid i noticed in the conf.diladele that ssl-bump points to C:/progdata/Diladele/../.. for generated temp certs:

"http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/cygdrive/c/programdata/Diladele/DiladeleWebSafety/4.0/etc/myca.pem"

no such dir created , i assume because the websafety isn't installed and i'm hoping these config params wouldn't take effect unless it is also installed , right ?

does this mean that the websafety is now part of Squid's installation, or is it just an optional extension feature ?
hence the 4 config files

integration with Diladele Web Safety for Squid for Windows

icap_enable on
icap_preview_enable on
icap_preview_size 4096
icap_persistent_connections on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Client-Username
icap_service_failure_limit -1
icap_service qlproxy1 reqmod_precache bypass=0 icap://127.0.0.1:1344/reqmod
icap_service qlproxy2 respmod_precache bypass=0 icap://127.0.0.1:1344/respmod
acl qlproxy_icap_edomains dstdomain "/cygdrive/c/programdata/Diladele/DiladeleWebSafety/4.0/etc/squid/icap_exclusions_domains.conf"
acl qlproxy_icap_etypes rep_mime_type "/cygdrive/c/programdata/Diladele/DiladeleWebSafety/4.0/etc/squid/icap_exclusions_contenttypes.conf"
adaptation_access qlproxy1 deny qlproxy_icap_edomains
adaptation_access qlproxy2 deny qlproxy_icap_edomains
adaptation_access qlproxy2 deny qlproxy_icap_etypes
adaptation_access qlproxy1 allow all
adaptation_access qlproxy2 allow all

.. and i assume the new diladele websafety filters must be conflicting, possibly with my managed opendns setup - i haven't yet tried debugging or checking logs . I thought i had fixed it by uninstalling and clearing out the previous Squid\var ..\log ..\run folders but hellas not

on the Docs site Websafety installation mentions;

"Fully configured versions of Web Safety can be quickly deployed as virtual appliance in VMware vSphere/ESXi, Microsoft Hyper-V, Azure and Amazon AWS. It is also possible to install it on your real hardware by following corresponding articles in the administrators guide."

features of websafety i.e icap server:

"ICAP Service is installed with Filtering Service. It includes an ICAP server that enables third-party proxies to communicate with Filtering Service."

"Filtering Service interacts with ICAP Service and Network Agent to respond to Internet requests passed from the proxy via ICAP."

Hey,

i build container with latest 6.2 Version with following error

Squid Cache (Version 3.5.23): Terminated abnormally.
CPU Usage: 0.050 seconds = 0.020 user + 0.030 sys
Maximum Resident Size: 122896 KB
Page faults with physical i/o: 0
2018/01/22 18:51:38| Current Directory is /etc/service/squid
2018/01/22 18:51:38| Starting Squid Cache version 3.5.23 for x86_64-pc-linux-gnu...
2018/01/22 18:51:38| Service Name: squid
2018/01/22 18:51:38| Process ID 1917
2018/01/22 18:51:38| Process Roles: master worker
2018/01/22 18:51:38| With 65535 file descriptors available
2018/01/22 18:51:38| Initializing IP Cache...
2018/01/22 18:51:38| DNS Socket created at [::], FD 9
2018/01/22 18:51:38| DNS Socket created at 0.0.0.0, FD 10
2018/01/22 18:51:38| Adding nameserver 192.168.2.102 from /etc/resolv.conf
2018/01/22 18:51:38| helperOpenServers: Starting 5/32 'ssl_crtd' processes
(ssl_crtd): Uninitialized SSL certificate database directory: /var/spool/squid_ssldb. To initialize, run "ssl_crtd -c -s /var/spool/squid_ssldb".
(ssl_crtd): Uninitialized SSL certificate database directory: /var/spool/squid_ssldb. To initialize, run "ssl_crtd -c -s /var/spool/squid_ssldb".
(ssl_crtd): Uninitialized SSL certificate database directory: /var/spool/squid_ssldb. To initialize, run "ssl_crtd -c -s /var/spool/squid_ssldb".
2018/01/22 18:51:38| Logfile: opening log daemon:/var/log/squid/access.log
2018/01/22 18:51:38| Logfile Daemon: opening log /var/log/squid/access.log
(ssl_crtd): Uninitialized SSL certificate database directory: /var/spool/squid_ssldb. To initialize, run "ssl_crtd -c -s /var/spool/squid_ssldb".
2018/01/22 18:51:38| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2018/01/22 18:51:38| Store logging disabled
2018/01/22 18:51:38| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2018/01/22 18:51:38| Target number of buckets: 1008
2018/01/22 18:51:38| Using 8192 Store buckets
2018/01/22 18:51:38| Max Mem  size: 262144 KB
2018/01/22 18:51:38| Max Swap size: 0 KB
2018/01/22 18:51:38| Using Least Load store dir selection
2018/01/22 18:51:38| Current Directory is /etc/service/squid
2018/01/22 18:51:38| Finished loading MIME types and icons.
2018/01/22 18:51:38| HTCP Disabled.
2018/01/22 18:51:38| commBind: Cannot bind socket FD 25 to [::1]: (99) Cannot assign requested address
2018/01/22 18:51:38| commBind: Cannot bind socket FD 26 to [::1]: (99) Cannot assign requested address
2018/01/22 18:51:38| ERROR: Failed to create helper child read FD: UDP[::1]
2018/01/22 18:51:38| Squid plugin modules loaded: 0
2018/01/22 18:51:38| Adaptation support is on
2018/01/22 18:51:38| Accepting SSL bumped HTTP Socket connections at local=[::]:3128 remote=[::] FD 24 flags=9
2018/01/22 18:51:38| WARNING: ssl_crtd #Hlpr1 exited
2018/01/22 18:51:38| Too few ssl_crtd processes are running (need 1/32)
2018/01/22 18:51:38| Closing HTTP port [::]:3128
2018/01/22 18:51:38| storeDirWriteCleanLogs: Starting...
2018/01/22 18:51:38|   Finished.  Wrote 0 entries.
2018/01/22 18:51:38|   Took 0.00 seconds (  0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

Squid Cache (Version 3.5.23): Terminated abnormally.
(ssl_crtd): Uninitialized SSL certificate database directory: /var/spool/squid_ssldb. To initialize, run "ssl_crtd -c -s /var/spool/squid_ssldb".
CPU Usage: 0.030 seconds = 0.010 user + 0.020 sys
Maximum Resident Size: 122496 KB
Page faults with physical i/o: 0

Any idea?

greetings
sam

Dear,

Please ship the version 6 through docker hub so docker user are not left with an older version.

Regards,

Dear,

Could you please kindly update this dockerfile to the new 6.4 release?

Br,

The following message is continuously dumped onto the docker logs. Is there a way to make it stop?

goroutine 1 [running]:
main.main()
/home/builder/diladele/websafety/src.go/src/diladele/websafety/wsgsbd/main.go:81 +0xcc6
panic: Exiting. API key is empty

goroutine 1 [running]:

A Docker-Image for Raspberry Pi would be great.

Right now, the current Docker Image is only available for x86/x64

Hi , we are using docker diladele to try implement in our network but we notice this field must be HIDDEN, not only chars text.

It is a simple Charfield on django of PasswordInput type.

If is possible update the Docker image with this solved? thanks

Following the instructions in the README.md has some issues.
Deploying as a regular user in the dockers group.
Existing license is expired, waiting on a new trial license.

iptables needs to allow 8000 and 3128 to the photon host to get access to the web UI.
On Dashboard, General, System Information dose not display the Addresses. It shows an error about 'IP': 'IP' not being found. I needed to install iproute2 package to resolve that.
The System Time Zone shows an error "| [Errno 2] No such file or directory: 'timedatectl': 'timedatectl'". I did not resolve this issue.

Clicking on the Time Zone config shows a traceback for
FileNotFoundError at /node/system/timezone/update
[Errno 2] No such file or directory: '/etc/timezone'

With the ICAP Server stopped due to the license, the proxy did not work for me. I got The proxy server is refusing connections. I have tried both using the IP for the photon 3 VM and using an SSH tunnel using the localhost IP on the photon VM.
Trying something different, I got a error indicating a failure with the ICAP Server which makes sense since it is stopped. However, I would expect that the Squid proxy and the other features to still work without the license.

Tim

2021/06/27 15:23:37| Created PID file (/run/squid.pid)
2021/06/27 15:23:37| Current Directory is /etc/runit/runsvdir/default/squid
2021/06/27 15:23:37| Starting Squid Cache version 4.13 for x86_64-pc-linux-gnu...
2021/06/27 15:23:37| Service Name: squid
2021/06/27 15:23:37| Process ID 16298
2021/06/27 15:23:37| Process Roles: master worker
2021/06/27 15:23:37| With 65535 file descriptors available
2021/06/27 15:23:37| Initializing IP Cache...
2021/06/27 15:23:37| DNS Socket created at 0.0.0.0, FD 3
2021/06/27 15:23:37| Adding nameserver 1.1.1.2 from squid.conf
2021/06/27 15:23:37| helperOpenServers: Starting 5/32 'security_file_certgen' processes
2021/06/27 15:23:37| helperOpenServers: Starting 5/20 'safe_browsing_guard.py' processes
2021/06/27 15:23:37| Logfile: opening log daemon:/var/log/squid/access.log
2021/06/27 15:23:37| Logfile Daemon: opening log /var/log/squid/access.log
2021/06/27 15:23:38| Unlinkd pipe opened on FD 36
2021/06/27 15:23:38| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2021/06/27 15:23:38| Store logging disabled
2021/06/27 15:23:38| Swap maxSize 102400 + 524288 KB, estimated 48206 objects
2021/06/27 15:23:38| Target number of buckets: 2410
2021/06/27 15:23:38| Using 8192 Store buckets
2021/06/27 15:23:38| Max Mem size: 524288 KB
2021/06/27 15:23:38| Max Swap size: 102400 KB
2021/06/27 15:23:38| ERROR: /var/spool/squid/00: (2) No such file or directory
2021/06/27 15:23:38| Not currently OK to rewrite swap log.
2021/06/27 15:23:38| storeDirWriteCleanLogs: Operation aborted.
2021/06/27 15:23:38| FATAL: Failed to verify one of the swap directories, Check cache.log
for details. Run 'squid -z' to create swap directories
if needed, or if running Squid for the first time.
2021/06/27 15:23:38| Squid Cache (Version 4.13): Terminated abnormally.
CPU Usage: 0.065 seconds = 0.026 user + 0.039 sys
Maximum Resident Size: 123120 KB
Page faults with physical i/o: 515
2021/06/27 15:23:38| Removing PID file (/run/squid.pid)

Not sure if this is caused by the expired license but when I run the Websafety container, I get the following errors.

[2021-Jun-26 18:15:13] [info] Web Safety 7.6.0.8FAD is starting...
[2021-Jun-26 18:15:13] [info] checking license key...
[2021-Jun-26 18:15:13] [erro] Web Safety - cannot check license key, it is either expired or invalid, please get a new license key from https://www.diladele.com. Additional info: 'cannot create BIO for file: /opt/websafety/etc/license.pem'.
[2021-Jun-26 18:15:13] [info] Startup license check failed; need to stop.
[2021-Jun-26 18:15:13] [info] Web Safety is stopped.
chown: cannot access './supervise/statusmod': No such file or directory
chown: cannot access './supervise/statusmod': No such file or directory

When I search the container for "statusmod" I cant find it. I found the "supervise" directories and inside each of them, I only see "status".

root@74284b02c0cf:/etc/runit/runsvdir/default/apache2/supervise# ls
control lock ok pid stat status
root@74284b02c0cf:/etc/runit/runsvdir/default/cron/supervise# ls
control lock ok pid stat status
root@74284b02c0cf:/etc/runit/runsvdir/default/squid/supervise# ls
control lock ok pid stat status

All of these directories have similar sub directory structures but no "statusmod"
root@74284b02c0cf:/etc/runit/runsvdir/default# ls
apache2 cron squid sshd wsgsbd wsicapd wsmond wssyncd wsytgd