langgenius / dify

Dify is an open-source LLM app development platform. Dify's intuitive interface combines AI workflow, RAG pipeline, agent capabilities, model management, observability features and more, letting you quickly go from prototype to production.
https://dify.ai
Other
53.37k stars 7.8k forks source link

`docker-ssrf_proxy-1` container won't start after upgrading version 0.6.8 #4371

Closed qkdxorjs1002 closed 5 months ago

qkdxorjs1002 commented 6 months ago

Self Checks

Dify version

0.6.8

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

git checkout -f
git pull
docker compose up -d
2024-05-14T07:24:05.856308115Z /usr/local/bin/entrypoint.sh: line 30:    12 Aborted                 (core dumped) /usr/sbin/squid "$@"
2024-05-14T07:24:12.574889526Z 2024/05/14 07:24:12| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2024-05-14T07:24:12.575006234Z 2024/05/14 07:24:12| aclIpParseIpData: IPv6 has not been enabled.
2024-05-14T07:24:12.575013706Z 2024/05/14 07:24:12| aclIpParseIpData: IPv6 has not been enabled.
2024-05-14T07:24:12.575015515Z 2024/05/14 07:24:12| aclIpParseIpData: IPv6 has not been enabled.
2024-05-14T07:24:12.575369621Z 2024/05/14 07:24:12| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2024-05-14T07:24:12.575438099Z 2024/05/14 07:24:12| aclIpParseIpData: IPv6 has not been enabled.
2024-05-14T07:24:12.575442006Z 2024/05/14 07:24:12| aclIpParseIpData: IPv6 has not been enabled.
2024-05-14T07:24:12.575572847Z 2024/05/14 07:24:12| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2024-05-14T07:24:12.575575572Z 2024/05/14 07:24:12| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2024-05-14T07:24:12.575577305Z 2024/05/14 07:24:12| WARNING: You should probably remove '::/0' from the ACL named 'all'
2024-05-14T07:24:12.584167824Z 2024/05/14 07:24:12| Created PID file (/run/squid.pid)
2024-05-14T07:24:12.584190192Z 2024/05/14 07:24:12| FATAL: xcalloc: Unable to allocate 1073741816 blocks of 432 bytes!
2024-05-14T07:24:12.584193235Z
2024-05-14T07:24:12.584194825Z 2024/05/14 07:24:12| Squid Cache (Version 6.1): Terminated abnormally.

I temporarily added max_filedescriptors 1024 to the squid.conf file to resolve it, but I didn't know exactly the cause.

✔️ Expected Behavior

All of docker containers started successfully.

❌ Actual Behavior

docker-ssrf_proxy-1 container keeps in restarting.

FATAL: xcalloc: Unable to allocate 1073741816 blocks of 432 bytes!
...
Squid Cache (Version 6.1): Terminated abnormally.

in container logs

dosubot[bot] commented 6 months ago

The error message FATAL: xcalloc: Unable to allocate 1073741816 blocks of 432 bytes! indicates that Squid is running out of memory. Here's how you can address this:

  1. Increase Docker Container Memory: Adjust the memory limits in your docker-compose.yaml to allocate more memory to the container. For example, use mem_limit: 512m under the service definition to increase the memory limit.

  2. Optimize squid.conf Settings: Since you've already adjusted max_filedescriptors, consider reviewing other settings within squid.conf that might impact memory usage, such as cache size configurations. Adjust these settings based on your system's resources.

  3. Monitor System Resources: Utilize system monitoring tools to track the memory usage of the Squid container. This can help identify if the issue is with Squid's configuration or another service's resource consumption.

  4. Update Squid Image: Ensure you're using the latest Squid image by running docker pull ubuntu/squid:latest, as updates may include memory management improvements.

These steps are aimed at resolving memory allocation issues by adjusting resource limits and configurations. If the problem persists, further investigation into Squid and Docker's documentation on memory management might be necessary.

#### Details **Sources** - [docker/docker-compose.middleware.yaml](https://github.com/langgenius/dify/blob/main/docker/docker-compose.middleware.yaml) - [docker/docker-compose.yaml](https://github.com/langgenius/dify/blob/main/docker/docker-compose.yaml) - [docker/volumes/ssrf_proxy/squid.conf](https://github.com/langgenius/dify/blob/main/docker/volumes/ssrf_proxy/squid.conf)
**About Dosu** This response is meant to be useful and save you time. It is **not meant to be a precise solution**, but rather a starting point for your own research. Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

To continue the conversation, mention @dosu.

qkdxorjs1002 commented 6 months ago

container docker-ssrf_proxy-1 's ubuntu/squid consume too many fds

command result from container:

# ulimit -a
...
open files                          (-n) 1073741816
...

log from container:

2024/05/16 06:31:01| FATAL: xcalloc: Unable to allocate 1073741816 blocks of 432 bytes!
dosubot[bot] commented 6 months ago

The xcalloc allocation error and the excessive number of file descriptors (fds) you're encountering with the docker-ssrf_proxy-1 container are indicative of a configuration issue within Squid or Docker's handling of resource limits. Here's a more focused approach to address your problem:

  1. Adjust File Descriptors Limit: The ulimit -n value you've shown is excessively high. Set a more reasonable limit for file descriptors in your Docker container using the --ulimit nofile option, for example:

    docker run --ulimit nofile=65535:65535 ...

    This change should be applied to your Docker run command or Docker Compose configuration to ensure it takes effect.

  2. Optimize Squid's Configuration: Limiting access to necessary networks or IP addresses can significantly reduce the load on Squid. Adjust your squid.conf to manage access controls effectively, which can help in reducing the demand for file descriptors.

  3. Ensure Compatibility and Update: Verify that your Squid version is compatible with the Docker version you're using. If necessary, update Squid to the latest version to benefit from any fixes or improvements related to resource management.

  4. Use Monitoring Tools: Tools like lsof for monitoring open files and strace for tracing system calls can be invaluable in diagnosing why Squid is attempting to allocate so many file descriptors.

  5. Review Docker and Squid Documentation: Since the issue arose after an upgrade, it's also worth reviewing the release notes for Docker version 0.6.8 and Squid to identify any known issues or changes in behavior that could be affecting your setup.

By focusing on these specific areas, you should be able to identify and resolve the root cause of the excessive file descriptor allocation and the resulting xcalloc error in your docker-ssrf_proxy-1 container.

#### Details **Sources** - [docker/volumes/ssrf_proxy/squid.conf](https://github.com/langgenius/dify/blob/main/docker/volumes/ssrf_proxy/squid.conf) - [en/getting-started/install-self-hosted/install-faq.md](https://github.com/langgenius/dify-docs/blob/main/en/getting-started/install-self-hosted/install-faq.md) - [docker/docker-compose.yaml](https://github.com/langgenius/dify/blob/main/docker/docker-compose.yaml)
**About Dosu** This response is meant to be useful and save you time. It is **not meant to be a precise solution**, but rather a starting point for your own research. Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

To continue the conversation, mention @dosu.

qkdxorjs1002 commented 6 months ago

ssrf-proxy occured ERROR: Connection to sandbox failed error. This error is thought to make the code block unavailable to use.

2024/05/16 07:25:06| ERROR: Connection to sandbox failed
2024/05/16 07:25:06| Detected DEAD Parent: sandbox
[root@localhost docker]# docker logs -f docker-ssrf_proxy-1
2024/05/16 07:25:06| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2024/05/16 07:25:06| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2024/05/16 07:25:06| WARNING: You should probably remove '::/0' from the ACL named 'all'
2024/05/16 07:25:06| Created PID file (/run/squid.pid)
2024/05/16 07:25:06| Set Current Directory to /var/spool/squid
2024/05/16 07:25:06| Creating missing swap directories
2024/05/16 07:25:06| No cache_dir stores are configured.
2024/05/16 07:25:06| Removing PID file (/run/squid.pid)
2024/05/16 07:25:06| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2024/05/16 07:25:06| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2024/05/16 07:25:06| WARNING: You should probably remove '::/0' from the ACL named 'all'
2024/05/16 07:25:06| Created PID file (/run/squid.pid)
2024/05/16 07:25:06| Set Current Directory to /var/spool/squid
2024/05/16 07:25:06| Creating missing swap directories
2024/05/16 07:25:06| No cache_dir stores are configured.
2024/05/16 07:25:06| Removing PID file (/run/squid.pid)
2024/05/16 07:25:06| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| aclIpParseIpData: IPv6 has not been enabled.
2024/05/16 07:25:06| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2024/05/16 07:25:06| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2024/05/16 07:25:06| WARNING: You should probably remove '::/0' from the ACL named 'all'
2024/05/16 07:25:06| Created PID file (/run/squid.pid)
2024/05/16 07:25:06| Set Current Directory to /var/spool/squid
2024/05/16 07:25:06| Starting Squid Cache version 6.1 for x86_64-pc-linux-gnu...
2024/05/16 07:25:06| Service Name: squid
2024/05/16 07:25:06| Process ID 40
2024/05/16 07:25:06| Process Roles: master worker
2024/05/16 07:25:06| With 65536 file descriptors available
2024/05/16 07:25:06| Initializing IP Cache...
2024/05/16 07:25:06| DNS IPv4 socket created at 0.0.0.0, FD 8
2024/05/16 07:25:06| Adding nameserver 127.0.0.11 from /etc/resolv.conf
2024/05/16 07:25:06| Adding ndots 1 from /etc/resolv.conf
2024/05/16 07:25:06| Logfile: opening log daemon:/var/log/squid/access.log
2024/05/16 07:25:06| Logfile Daemon: opening log /var/log/squid/access.log
2024/05/16 07:25:06| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2024/05/16 07:25:06| Store logging disabled
2024/05/16 07:25:06| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2024/05/16 07:25:06| Target number of buckets: 1008
2024/05/16 07:25:06| Using 8192 Store buckets
2024/05/16 07:25:06| Max Mem  size: 262144 KB
2024/05/16 07:25:06| Max Swap size: 0 KB
2024/05/16 07:25:06| Using Least Load store dir selection
2024/05/16 07:25:06| Set Current Directory to /var/spool/squid
2024/05/16 07:25:06| Finished loading MIME types and icons.
2024/05/16 07:25:06| HTCP Disabled.
2024/05/16 07:25:06| Pinger socket opened on FD 14
2024/05/16 07:25:06| Squid plugin modules loaded: 0
2024/05/16 07:25:06| Adaptation support is off.
2024/05/16 07:25:06| Accepting HTTP Socket connections at conn2 local=0.0.0.0:3128 remote=[::] FD 11 flags=9
    listening port: 3128
2024/05/16 07:25:06| Accepting reverse-proxy HTTP Socket connections at conn4 local=0.0.0.0:8194 remote=[::] FD 12 flags=9
    listening port: 8194
2024/05/16 07:25:06| Configuring Parent sandbox
2024/05/16 07:25:06| ERROR: Connection to sandbox failed
2024/05/16 07:25:06| Detected DEAD Parent: sandbox
2024/05/16 07:25:06 pinger| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2024/05/16 07:25:06 pinger| Initialising ICMP pinger ...
2024/05/16 07:25:06 pinger| ICMP socket opened.
2024/05/16 07:25:06 pinger| ICMPv6 socket opened
2024/05/16 07:25:07| storeLateRelease: released 0 objects
...
dosubot[bot] commented 6 months ago

To address the "ERROR: Connection to sandbox failed" and related issues in your docker-ssrf_proxy-1 container, follow these targeted steps:

  1. Enable IPv6 in Docker: If your Docker setup lacks IPv6 support, enable it by configuring Docker's daemon.json with "ipv6": true and specifying a "fixed-cidr-v6". Restart Docker after making these changes.

  2. Review ACL Configurations: Ensure your ACLs in Squid's configuration are correctly set up, particularly for localhost and localnet, to avoid connection denials.

  3. Resolve Sandbox Connection: Verify the sandbox hostname is resolvable within the Docker container. If it's another container, ensure they're on the same network or linked. For DNS issues, manually add the sandbox host and IP to /etc/hosts.

  4. Check Squid Compatibility: Make sure all directives in your squid.conf are compatible with Squid version 6.1.

  5. Update Docker Version: The mentioned Docker version seems outdated. Verify and use a recent Docker version for improved compatibility and features.

  6. Increase Logging for Troubleshooting: Add debug_options ALL,1 to Squid's configuration for detailed logs, aiding in identifying specific issues.

  7. Inspect Firewall and Network Policies: Confirm no firewall or network policy blocks connections between your Docker container and the sandbox.

  8. Adjust SSRF Proxy Configuration: Tailor the SSRF proxy setup in squid.conf to your needs, ensuring proper ACL adjustments for network access control.

For detailed Squid configuration guidance, refer to the official Squid documentation. Ensure your configurations and Docker environment are correctly set up to resolve the connection issues and improve the stability of your docker-ssrf_proxy-1 container.

#### Details **Sources** - [docker/volumes/ssrf_proxy/squid.conf](https://github.com/langgenius/dify/blob/main/docker/volumes/ssrf_proxy/squid.conf) - [en/getting-started/install-self-hosted/install-faq.md](https://github.com/langgenius/dify-docs/blob/main/en/getting-started/install-self-hosted/install-faq.md)
**About Dosu** This response is meant to be useful and save you time. It is **not meant to be a precise solution**, but rather a starting point for your own research. Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

To continue the conversation, mention @dosu.

yw662 commented 5 months ago

This line WARNING: You should probably remove '::/0' from the ACL named 'all' looks like a solution here. But how can it be removed if it is never indeed added ? @dosu

yw662 commented 5 months ago

I can reproduce this on latest fedora with kernel 6.9.6 but not on some old things with kernel 3.x. It can be a kernel version related issue.

crazywoola commented 5 months ago

Do you still get this error on v0.6.12 ?

liudonghua123 commented 5 months ago

I have the similar issue when start squid in docker, I followed the docs on https://fariszr.com/squid-proxy-docker-setup/.

[root@ha-master-1 squid]# docker compose up
WARN[0000] /root/app/squid/compose.yml: `version` is obsolete 
[+] Running 1/1
 ✔ Container squid-proxy-1  Recreated                                                                                                                         
Attaching to proxy-1
proxy-1  | 2024/07/03 09:15:38| Processing Configuration File: /etc/squid/squid.conf (depth 0)
proxy-1  | 2024/07/03 09:15:38| WARNING: 'ha-master-1' rDNS test failed: (0) No error.
proxy-1  | 2024/07/03 09:15:38| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
proxy-1  | 2024/07/03 09:15:38| WARNING: 'ha-master-1' rDNS test failed: (0) No error.
proxy-1  | 2024/07/03 09:15:38| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
proxy-1  | 2024/07/03 09:15:38| WARNING: 'ha-master-1' rDNS test failed: (0) No error.
proxy-1  | 2024/07/03 09:15:38| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
proxy-1  | 2024/07/03 09:15:38| Created PID file (/run/squid.pid)
proxy-1  | 2024/07/03 09:15:38| FATAL: xcalloc: Unable to allocate 1073741816 blocks of 432 bytes!
proxy-1  | 
proxy-1  | 2024/07/03 09:15:38| Squid Cache (Version 6.6): Terminated abnormally.
proxy-1  | CPU Usage: 0.019 seconds = 0.013 user + 0.006 sys
proxy-1  | Maximum Resident Size: 72592 KB
proxy-1  | Page faults with physical i/o: 5
proxy-1  | 2024/07/03 09:15:38| storeDirWriteCleanLogs: Starting...
proxy-1  | 2024/07/03 09:15:38|   Finished.  Wrote 0 entries.
proxy-1  | 2024/07/03 09:15:38|   Took 0.00 seconds (  0.00 entries/sec).
proxy-1  | /usr/local/bin/entrypoint.sh: line 29:    40 Aborted                 (core dumped) /usr/sbin/squid -Nz
proxy-1  | CPU Usage: 0.018 seconds = 0.012 user + 0.006 sys
proxy-1  | Maximum Resident Size: 71072 KB
proxy-1  | Page faults with physical i/o: 0
proxy-1  | 2024/07/03 09:15:38| Processing Configuration File: /etc/squid/squid.conf (depth 0)
proxy-1  | 2024/07/03 09:15:38| WARNING: 'ha-master-1' rDNS test failed: (0) No error.
proxy-1  | 2024/07/03 09:15:38| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
proxy-1  | 2024/07/03 09:15:38| WARNING: 'ha-master-1' rDNS test failed: (0) No error.
proxy-1  | 2024/07/03 09:15:38| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
proxy-1  | 2024/07/03 09:15:38| WARNING: 'ha-master-1' rDNS test failed: (0) No error.
proxy-1  | 2024/07/03 09:15:38| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
proxy-1  | 2024/07/03 09:15:38| Created PID file (/run/squid.pid)
proxy-1  | 2024/07/03 09:15:38| FATAL: xcalloc: Unable to allocate 1073741816 blocks of 432 bytes!
proxy-1  | 
proxy-1  | 2024/07/03 09:15:38| Squid Cache (Version 6.6): Terminated abnormally.
proxy-1  | /usr/local/bin/entrypoint.sh: line 30:    41 Aborted                 (core dumped) /usr/sbin/squid "$@"
proxy-1 exited with code 134
[root@ha-master-1 squid]#
[root@ha-master-1 squid]# docker run --rm -it --entrypoint bash ubuntu/squid
root@5824af580598:/# ulimit 
unlimited
root@5824af580598:/# ulimit -n
1073741816
root@5824af580598:/# ulimit -a
real-time non-blocking time  (microseconds, -R) unlimited
core file size              (blocks, -c) unlimited
data seg size               (kbytes, -d) unlimited
scheduling priority                 (-e) 0
file size                   (blocks, -f) unlimited
pending signals                     (-i) 254913
max locked memory           (kbytes, -l) 8192
max memory size             (kbytes, -m) unlimited
open files                          (-n) 1073741816
pipe size                (512 bytes, -p) 8
POSIX message queues         (bytes, -q) 819200
real-time priority                  (-r) 0
stack size                  (kbytes, -s) 8192
cpu time                   (seconds, -t) unlimited
max user processes                  (-u) unlimited
virtual memory              (kbytes, -v) unlimited
file locks                          (-x) unlimited
root@5824af580598:/# exit
exit
[root@ha-master-1 squid]#

I tried to add mem_limit: 5120m in compose.yml, but it didn't work for me. I have to use ulimits instead.

The final working compose.yml is:

[root@ha-master-1 squid]# cat compose.yml 
version: "3"
services:
  proxy:
    image: ubuntu/squid
    # ports:
    #   - "3128:3128"
    environment:
      - TZ=UTC
    volumes:
      - ./squid.conf:/etc/squid/squid.conf
    network_mode: host
    # mem_limit: 5120m

    ulimits:
      nofile:
        soft: "65536"
        hard: "65536"
[root@ha-master-1 squid]#

And squid.conf:

http_port 3128
http_access allow all
Tommickey2020gmail commented 4 months ago

0.6.13 still have this error. 2024/07/11 02:35:57| Configuring Parent sandbox 2024/07/11 02:35:57 pinger| Initialising ICMP pinger ... 2024/07/11 02:35:57 pinger| Open icmp_sock: (1) Operation not permitted 2024/07/11 02:35:57 pinger| ERROR: Unable to start ICMP pinger. 2024/07/11 02:35:57 pinger| Open icmp_sock: (1) Operation not permitted 2024/07/11 02:35:57 pinger| ERROR: Unable to start ICMPv6 pinger. 2024/07/11 02:35:57 pinger| FATAL: Unable to open any ICMP sockets. 2024/07/11 02:35:58| storeLateRelease: released 0 objects

conglei1981 commented 2 months ago

0.7.3 have this error.

2024/09/11 08:36:07| Closing HTTP(S) port [::]:8194 listening port: 8194 2024/09/11 08:36:07| storeDirWriteCleanLogs: Starting... 2024/09/11 08:36:07| Finished. Wrote 0 entries. 2024/09/11 08:36:07| Took 0.00 seconds ( 0.00 entries/sec). 2024/09/11 08:36:07| FATAL: I don't handle this error well! 2024/09/11 08:36:07| Squid Cache (Version 6.6): Terminated abnormally. CPU Usage: 0.028 seconds = 0.012 user + 0.016 sys Maximum Resident Size: 96544 KB Page faults with physical i/o: 3 2024/09/11 08:36:07| Removing PID file (/run/squid.pid) 2024/09/11 08:36:07| Closing Pinger socket on FD 14 [ENTRYPOINT] re-create snakeoil self-signed certificate removed in the build process [ENTRYPOINT] replacing environment variables in the template 2024/09/11 08:37:00| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2024/09/11 08:37:00| WARNING: aclIpParseIpData: Netmask masks away part of the specified IP in '172.19.0.0/12' 2024/09/11 08:37:00| WARNING: (B) '172.16.0.0/12' is a subnetwork of (A) '172.16.0.0/12' 2024/09/11 08:37:00| WARNING: because of this '172.16.0.0/12' is ignored to keep splay tree searching predictable 2024/09/11 08:37:00| WARNING: You should probably remove '172.16.0.0/12' from the ACL named 'localnet' 2024/09/11 08:37:00| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1) 2024/09/11 08:37:00| Processing Configuration File: /etc/squid/conf.d/rock.conf (depth 1) 2024/09/11 08:37:00| Created PID file (/run/squid.pid) 2024/09/11 08:37:00| ERROR: Cannot open cache_log (/var/log/squid/cache.log) for writing; fopen(3) error: (13) Permission denied 2024/09/11 08:37:00| Set Current Directory to /var/spool/squid 2024/09/11 08:37:00| Creating missing swap directories 2024/09/11 08:37:00| No cache_dir stores are configured. 2024/09/11 08:37:00| Removing PID file (/run/squid.pid) [ENTRYPOINT] starting squid 2024/09/11 08:37:00| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2024/09/11 08:37:00| WARNING: aclIpParseIpData: Netmask masks away part of the specified IP in '172.19.0.0/12' 2024/09/11 08:37:00| WARNING: (B) '172.16.0.0/12' is a subnetwork of (A) '172.16.0.0/12' 2024/09/11 08:37:00| WARNING: because of this '172.16.0.0/12' is ignored to keep splay tree searching predictable 2024/09/11 08:37:00| WARNING: You should probably remove '172.16.0.0/12' from the ACL named 'localnet' 2024/09/11 08:37:00| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1) 2024/09/11 08:37:00| Processing Configuration File: /etc/squid/conf.d/rock.conf (depth 1) 2024/09/11 08:37:00| Created PID file (/run/squid.pid) 2024/09/11 08:37:00| ERROR: Cannot open cache_log (/var/log/squid/cache.log) for writing; fopen(3) error: (13) Permission denied 2024/09/11 08:37:00| Set Current Directory to /var/spool/squid 2024/09/11 08:37:00| Starting Squid Cache version 6.6 for x86_64-pc-linux-gnu... 2024/09/11 08:37:00| Service Name: squid 2024/09/11 08:37:00| Process ID 17 2024/09/11 08:37:00| Process Roles: master worker 2024/09/11 08:37:00| With 1024 file descriptors available 2024/09/11 08:37:00| Initializing IP Cache... 2024/09/11 08:37:00| DNS IPv6 socket created at [::], FD 7 2024/09/11 08:37:00| DNS IPv4 socket created at 0.0.0.0, FD 8 2024/09/11 08:37:00| Adding nameserver 127.0.0.11 from /etc/resolv.conf 2024/09/11 08:37:00| Adding domain luoyang.cloud.lypt.edu.cn. from /etc/resolv.conf 2024/09/11 08:37:00| Adding ndots 1 from /etc/resolv.conf 2024/09/11 08:37:00| Logfile: opening log daemon:/var/log/squid/access.log 2024/09/11 08:37:00| Logfile Daemon: opening log /var/log/squid/access.log 2024/09/11 08:37:00| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2024/09/11 08:37:00| Store logging disabled 2024/09/11 08:37:00| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2024/09/11 08:37:00| Target number of buckets: 1008 2024/09/11 08:37:00| Using 8192 Store buckets 2024/09/11 08:37:00| Max Mem size: 262144 KB 2024/09/11 08:37:00| Max Swap size: 0 KB 2024/09/11 08:37:00| Using Least Load store dir selection 2024/09/11 08:37:00| Set Current Directory to /var/spool/squid fopen: Permission denied 2024/09/11 08:37:00| Finished loading MIME types and icons. 2024/09/11 08:37:00| HTCP Disabled. 2024/09/11 08:37:00| Pinger socket opened on FD 14 2024/09/11 08:37:00| Squid plugin modules loaded: 0 2024/09/11 08:37:00| Adaptation support is off. 2024/09/11 08:37:00| Accepting HTTP Socket connections at conn3 local=[::]:3128 remote=[::] FD 11 flags=9 listening port: 3128 2024/09/11 08:37:00| Accepting reverse-proxy HTTP Socket connections at conn5 local=[::]:8194 remote=[::] FD 12 flags=9 listening port: 8194 2024/09/11 08:37:00| Configuring Parent sandbox 2024/09/11 08:37:00 pinger| Initialising ICMP pinger ... 2024/09/11 08:37:00 pinger| Open icmp_sock: (1) Operation not permitted 2024/09/11 08:37:00 pinger| ERROR: Unable to start ICMP pinger. 2024/09/11 08:37:00 pinger| Open icmp_sock: (1) Operation not permitted 2024/09/11 08:37:00 pinger| ERROR: Unable to start ICMPv6 pinger. 2024/09/11 08:37:00 pinger| FATAL: Unable to open any ICMP sockets. 2024/09/11 08:37:01| ERROR: logfileHandleWrite: daemon:/var/log/squid/access.log: error writing ((32) Broken pipe) 2024/09/11 08:37:01| Closing HTTP(S) port [::]:3128 listening port: 3128 2024/09/11 08:37:01| Closing HTTP(S) port [::]:8194 listening port: 8194 2024/09/11 08:37:01| storeDirWriteCleanLogs: Starting... 2024/09/11 08:37:01| Finished. Wrote 0 entries. 2024/09/11 08:37:01| Took 0.00 seconds ( 0.00 entries/sec). 2024/09/11 08:37:01| FATAL: I don't handle this error well! 2024/09/11 08:37:01| Squid Cache (Version 6.6): Terminated abnormally. CPU Usage: 0.029 seconds = 0.020 user + 0.008 sys Maximum Resident Size: 96960 KB Page faults with physical i/o: 3 2024/09/11 08:37:01| Removing PID file (/run/squid.pid) 2024/09/11 08:37:01| Closing Pinger socket on FD 14