This is an update to the "ddclient & squid" here
Ran into a new problem recently....though the need for SSL in squid on ubuntu is deprecated, by the fact that I'm slowly replacing this server with a FreeBSD server.
As a result, I don't pay attention to this ubuntu server as much as I used to, so I've configured unattended-upgrade. It was installed, but it didn't seem to do anything in that on other servers I'd log in to find that there are lots (40+) of patches available and more than half that are security. Since I came across how to configure it to do more than just security patches, including send me email and on some systems automatically reboot when necessary. (should've thought to see how unattended-upgrade is configured and doing such things in the Ubuntu AMI I have in AWS)
Since I got unattended-upgrade configured on this old server (32-bit Ubuntu Server, which I've heard they have a 12.04LTS download for??? They had said they dropped 32-bit server support, so there was version with 10.04LTS. So I couldn't upgrade and now I'm way past EOL, which is causing problems...probably need to hunt down the landscape and ubuntuone services and nuke them, instead of letting them degrade my server for being EOL.) I've also had to update packages on here from outside sources to keep things running, so guess I should work harder on abandoning this server.... Where it'll likely get reborn as [yet ]a[nother] FreeBSD server....along with the server that I think I have all the parts collected for it, but just need to sit down and put it together. It started as a mostly function pulled 1U server, in need of ... well either new fans or a new case.... I opted for the new case route. It also needed drives and memory. But, as a result of the new case route...aside from case/powersupply...it meant I would need to get heatsinks...since the passive ones based on the 1U case channeling air flow....would be hard to recreate in the tower case I went with. Its a huge tower case, given that its an E-ATX motherboard...yet it isn't a full tower (like the formerly windows machine called TARDIS...someday I'll work its regeneration....need money to buy all the bits and pieces that'll make that up, which I haven't fully worked out what those will be....or where it'll go since my dual 23" widescreen FreeBSD desktop has consumed all of the desk that it would've shared....and not really keen on the idea of a KVM for this situation. )
Anyways...every day I get an email from unattended-upgrade for this system.... with:
Unattended upgrade returned: True Packages that are upgraded: squid-common Packages with upgradable origin but kept back: squid squid-cgi Package installation log: Unattended-upgrades log: Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ["['Ubuntu', 'heron-security']", "['Ubuntu', 'heron-updates']"] package 'squid' upgradable but fails to be marked for upgrade (E:Unable to correct problems, you have held broken packages.) Packages that are upgraded: squid-common Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg_2013-07-06_08:05:42.056193.log' All upgrades installed
This is because of that quirk where even though I rebuilt my version with SSL, and kept it the same version...it wants to install its version to replace mine (of the same version). Which is why I did the hold thing.
I could do the alternative of add a string to make my version advance from current....though I suppose I won't unhold...so that unattended-upgrade won't upgrade should such a thing appear (unlikely since both the OS and squid are ancient...and there'll be no more updates.) But, the intent is to hopefully silence unattended-upgrade in this matter.
Though kind of surprised its still doing something....hmmm, guess there was a new security patch to squid 2.7 back on January 29, 2013....that I've been missing (suppose its already downloaded the update in its 'cache'....or the backend is still there, its just not getting updates beyond what's there....whatever, I think I'm down to one more service to move off....)
In the aftermath of the summer storm of August 13th, (hmmm, totally missed that it was a Friday the 13th), I made a tweak to my ddclient config for updating dyndns for my DSL line. Because I found that it wasn't able to update the IP change while Cox was down.
Couldn't find a way to make ddclient to bind to the local IP that routes out by DSL (or use non-default gateway). But, since I have squid proxy on the same box...and depending on what port I come in on, it can use either of my connections.
I set proxy=box.lhaven.homeip.net:3128
Couldn't use localhost, because ddclient does some kind of validation to require an fqdn+port, and localhost isn't an fqdn. And, yes, I use my dyndns domain as my home domain. So I can have bookmarks that'll work whether I'm at home or on the road
But, this change wasn't tested...as it has been less than 28 days for a refresh, and no IP change.
That was until this morning, when my IP did change.
The updates weren't working....seems that ddclient wants to do SSL all the way or not at all. No using an http proxy to connect out on SSL. But, I didn't feel like sending my dyndns password out non-SSL.... So, after some thought, I decided I would figure out how to set up SSL on squid.
I made the necessary configuration change, but no go. Seems that ubuntu doesn't distribute squid with SSL, because squid and openssl have incompatible open source licenses. So, I did a quick search to find the ubuntu way of rebuilding it from source.
apt-get source squid apt-get build-dep squid apt-get install devscripts build-essential fakeroot cd squid-2.7.STABLE7 vi debian/rules Add --enable-ssl \ to “# Configure the package” section debuild -us -uc -b cd .. dpkg -i squid??? squid-common???
Change to proxy=box.lhaven.homeip.net:3218, and it worked.
Latest Poopli Updaters -- http://lkc.me/poop
|<< <||> >>|
raid1 box «doctor who» tv «amazon prime» ups «windows 7» b2evolution woot «air purifier» replaytv raid upgrade «tivo hd» dvd cpap newegg virtualbox backuppc ubuntu usb «watch instantly» mdadm boinc eyeglasses orac netflix zen 10.04lts tardis «powersource 400» tivo «sans digital» cfengine3 «instant streaming» voip amazon.com prescription freebsd batteries linux «chicago tardis» ebay «windows xp» appletv dsl cox «hd movie» twitter lhaven