It's still available, but only as an intel package as the ppc package wasn't stable. Just run it on another machine on your network. Works great. https://jonathanalland.com/downloads/legacy-mac-proxy.dmg
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Fix for broken HTTPS / TLS / Certificates in Leopard-Webkit
- Thread starter wicknix
- Start date
- Sort by reaction score
Well do you by chance still have the PowerPC build? Don't mind if it's unstable, just need to access some pages on WebKit again...
Sounds like you may have forgetten to "trust" the certificate, or have the wrong proxy setting. They should look like this:
View attachment 1746608
It's also possible squid didn't start. Check activity monitor. If you are trying to connect a PPC to another "newer" machine running squid, you need to copy the certificate from that machine to your PPC, import it, trust it, then switch the proxy IP to that machines IP port 3128. PPC Leopard support is still experimental, but it is known to work for some. @Wowfunhappy and i both recommend going the route of using anothing machine to run squid, and keep the load off the PPC machine.
Glad you still find TFT useful. Just curious why you still use the older v3 when v5 has been out for awhile now with tons more features. Unless of course you just prefer v3 for its simplicity.
Cheers
Hi. I didn’t want to resurrect this part of the thread unless I reached an impasse — which I now find myself.
I’ve been following your path of installing squid4 with Macports on the target server where squid will live, and using the squid.conf prepared helpfully by @Wowfunhappy in his all-in-one install for Snow Leopard (I extracted it with Pacifist and copied that over into the config file location, per your steps in the opening post), I’m running into an issue with trying to import the cacert.cae into Keychains.
Whether I try to use the version supplied in the @Wowfunhappy installer, or if I grab the latest from here, I run into the following issue:
When I click to “View Certificates”, this occurs:
And, ultimately, efforts to add the certificate terminates with this error:
I should add that I’m mostly just testing the add of this certificate on a 10.6.8 system, even though I was hoping to use it on a Leopard Mac.
I did skim through most of this thread, and it’s entirely possible I missed something really basic.
Squid4Leopard.zip
drive.google.com
Be prepared for 100% cpu when it crashes. Better off using it on another machine to act as the proxy, or use tenfourfox/interwebppc/arcticfoxppc for those pages.
Squid4Leopard.zip
Be prepared for 100% cpu when it crashes. Better off using it on another machine to act as the proxy, or use tenfourfox/interwebppc/arcticfoxppc for those pages.
Thanks for the warning.
The plan is to have squid server set up on my mostly-idle G5 (which — let’s call this 10.0.0.1 — sits around as a file server for the most part these days and also looks pretty), and then use that for other older Macs in the local network to use as the proxy server in Network settings (i.e., HTTPS proxy set to 10.0.0.1:3128 on, say, a client box which lives at 10.0.0.73).
This additional file you pointed to for download did have a certificate Keychains would recognize, thank you!
I copied the /Library/Squid contents to those locations on client device 10.0.0.73 and also on 10.0.0.1, the server. (I also copied your LaunchAgents file over to /Library/LaunchAgents/ on 10.0.0.1, unsure whether a restart would use that or use the port load command to launch squid).
I set up the certificate with Keychains, on both the squid server box and on the test client box. (I surmised this is for the client, but abundance of caution.) On the server, I opened /opt/local/etc/squid/squid.conf (inside which I’d previously pasted @wowfunhappy’s squid.conf’s contents from the OP link) to make sure everything up top read as follows:
Code:
http_port 3128 ssl-bump generate-host-certificates=on cert=/Library/Squid/Certificates/squid.pem key=/Library/Squid/Certificates/squid-key.pem
tls_outgoing_options cafile=/Library/Squid/Certificates/cacert.pem
sslcrtd_program /Library/Squid/security_file_certgenThat seemed fine, so I rebooted the server and checked the system.log:
Code:
Apr 6 13:50:53 ontologia squid[2561]: Created PID file (/tmp/squid.pid)
Apr 6 13:50:53 ontologia squid[2561]: Squid Parent: will start 1 kids
Apr 6 13:50:53 ontologia squid[2561]: Squid Parent: (squid-1) process 2563 started
Apr 6 13:50:54 ontologia squid[2563]: Current Directory is /
Apr 6 13:50:54 ontologia squid[2563]: Starting Squid Cache version 4.17 for powerpc-apple-darwin9.8.0...
Apr 6 13:50:54 ontologia squid[2563]: Service Name: squid
Apr 6 13:50:54 ontologia squid[2563]: Process ID 2563
Apr 6 13:50:54 ontologia squid[2563]: Process Roles: worker
Apr 6 13:50:54 ontologia squid[2563]: With 256 file descriptors available
Apr 6 13:50:54 ontologia squid[2563]: Initializing IP Cache...
Apr 6 13:50:54 ontologia squid[2563]: DNS Socket created at [::], FD 10
Apr 6 13:50:54 ontologia squid[2563]: DNS Socket created at 0.0.0.0, FD 15
Apr 6 13:50:54 ontologia squid[2563]: Adding domain [homewifi].local from /etc/resolv.conf
Apr 6 13:50:54 ontologia squid[2563]: Adding nameserver 94.140.14.14 from /etc/resolv.conf
Apr 6 13:50:54 ontologia squid[2563]: Adding nameserver 76.76.19.19 from /etc/resolv.conf
Apr 6 13:50:54 ontologia squid[2563]: helperOpenServers: Starting 5/32 'security_file_certgen' processes
Apr 6 13:50:54 ontologia squid[2563]: Store logging disabled
Apr 6 13:50:54 ontologia squid[2563]: Swap maxSize 0 + 262144 KB, estimated 20164 objects
Apr 6 13:50:54 ontologia squid[2563]: Target number of buckets: 1008
Apr 6 13:50:54 ontologia squid[2563]: Using 8192 Store buckets
Apr 6 13:50:54 ontologia squid[2563]: Max Mem size: 262144 KB
Apr 6 13:50:54 ontologia squid[2563]: Max Swap size: 0 KB
Apr 6 13:50:54 ontologia squid[2563]: Using Least Load store dir selection
Apr 6 13:50:54 ontologia squid[2563]: Current Directory is /
Apr 6 13:50:54 ontologia squid[2563]: Finished loading MIME types and icons.
Apr 6 13:50:54 ontologia squid[2563]: HTCP Disabled.
Apr 6 13:50:54 ontologia squid[2563]: Adaptation support is off.
Apr 6 13:50:54 ontologia squid[2563]: Accepting SSL bumped HTTP Socket connections at local=[::]:3128 remote=[::] FD 26 flags=9
Apr 6 13:50:55 ontologia squid[2563]: storeLateRelease: released 0 objectsLooks good, and idle CPU is way up, as your note forewarned.
On the client, I checked Network settings once more and I ran a quick curl test:
Code:
sh-4.3# curl -x http://10.0.0.1:3128 -I http://google.com
curl: (28) Failed to connect to 10.0.0.1 port 3128 after 74684 ms: Operation timed outSo something is still hanging me up. I’ll keep working at it. Thanks again.
Yeah, if your cpu is spiked it crashed and hung up. Killing it and restarting it will help for a little while before it hangs again. Never could figure out why the ppc version was so anal. If you have the ability to run the intel version on a spare machine its rock solid.
Cheers
Cheers
I knew if I walked away from this and then came back, something profusely simple would come to me.
And it did: I forgot to make a rule for squid in my firewall 🤦 :
And lo:
Squid definitly takes up some CPU, but it’s not capping out or anything like that.
Next up: digging through the other parts of this thread to get Wikipedia working inside Dictionary.
Thanks again, @wicknix !
Attachments
You’re trying to import the wrong certificate, you want to import “squid.pem”. This certificate is generated when you run the installer so that it’s unique to every machine, which we want for security reasons.
I’m on mobile right now, but take a look at the post install scripts.
Thanks for the chime-in.
The approach I followed to set up Squid was more in line with what @wicknix supplied in the opening post, and that seemed to do the job.
Also, drawing from a view of the legacy-mac-proxy.dmg in Pacifist (attached), I didn’t see a “squid.pem” — only “cacert.pem”. This was where @wicknix came in with a separate file, Squid4Leopard.zip, which did contain that “squid.pem”.
In any event, Squid is working now. Thanks once more for your work!
Yes, I understand. But bear in mind I never followed the path of using your installer to install squid4. I used macports, much as @wicknix did in the opening post. I’ve been trying to work from ports and compiling source code whenever I can.
Since there is still interest in this unstable ppc port (i get gdrive emails regularly asking for access to this file) i decided to upload it to the garden. I also got rid of the launchagent script and made a small script with an icon to start/stop the service instead. It just makes it easier when it hangs. The script is generic and poorly done, but it seems to work. If anybody has a better way of doing it i'd be interested.
Cheers
Cheers
You could mimic the conf adjusting the paths. You could also use the certs as well. That's what i did when i turned my early intel mac mini in to a headless squid proxy running linux for my older machines.
Cheers
Cheers
I've run into a problem while installing the proxy on my mac server. When I've installed it and tried to add the proxy to my network settings no websites will load. Is there a way to check if squid is running? When I type in squid to terminal it says unknown. When I try to start it from terminal it says "Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
I don't want to beat a dead horse, but....
I made some headway and actually got squid to build on Tiger and not crash immediately after starting it. It's actually been working pretty stable for the last few hours. Fingers crossed. No promises on an updated PPC release yet. Just something that i'm determined to get working. It's driving me nuts, but maybe, just maybe, i got it finally. Time will tell.
It actually idling at 0% cpu!
Cheers
I made some headway and actually got squid to build on Tiger and not crash immediately after starting it. It's actually been working pretty stable for the last few hours. Fingers crossed. No promises on an updated PPC release yet. Just something that i'm determined to get working. It's driving me nuts, but maybe, just maybe, i got it finally. Time will tell.
It actually idling at 0% cpu!
Cheers
@wicknix I'm very interested to hear if you've made any progress with a stable build of Squid on PPC Tiger and/or Leopard. A while ago I put some effort into writing a bash script that would kill and regenerate the Squid process periodically in the hopes that it would make it usable but unfortunately I just couldn't get the timing right.
I'm amazed how many sites still load correctly using Squid under Leopard WebKit.
I'm amazed how many sites still load correctly using Squid under Leopard WebKit.
I still poke away at it here and there, but no real progress yet. I think i may know the issue however. After scouring the net it might come down to how many processes the kernel can handle. Sadly 10.4 and 10.5's kernel cant handle all that many. Squid creates quite a few child processes for every site visited and console shows errors with something like "child process died, not enough resources" or something to that effect. So the PPC builds might be fine, but the kernel is just too limited (or old) to handle it.
Cheers
Cheers
Where in Console are the Squid related errors logged? I checked the system.log at the exact moment that Squid crashes and don't see any new errors.
The Squid process seems to only generate 6 processes (plus login and bash processes for the launch script). I'm not sure how this would overload the OS kernel?
There does appear to be a pattern/consistency as to which websites cause Squid to crash - it is not totally random. I've noticed that if a particular site causes Squid to crash, it usually does so every time. If a particular site manages to load halfway when Squid crashes, killing Squid and generating a new Squid process can sometimes finish up the rest of the loading process (at which point it will usually crash again once the page is fully loaded).
What might be happening is that certain web sites contain a specific type of element that is "too complex/demanding" for the Squid process to handle. I'm not sure what this would be yet, but the fact that sometimes a second Squid process can finish loading up a "demanding" page makes me think there is some limitation within the Squid process itself. Very simple web sites like Wikipedia never seem to cause a crash.
Just sharing my ideas. This is going to be tricky to solve but I'll keep experimenting.
The Squid process seems to only generate 6 processes (plus login and bash processes for the launch script). I'm not sure how this would overload the OS kernel?
There does appear to be a pattern/consistency as to which websites cause Squid to crash - it is not totally random. I've noticed that if a particular site causes Squid to crash, it usually does so every time. If a particular site manages to load halfway when Squid crashes, killing Squid and generating a new Squid process can sometimes finish up the rest of the loading process (at which point it will usually crash again once the page is fully loaded).
What might be happening is that certain web sites contain a specific type of element that is "too complex/demanding" for the Squid process to handle. I'm not sure what this would be yet, but the fact that sometimes a second Squid process can finish loading up a "demanding" page makes me think there is some limitation within the Squid process itself. Very simple web sites like Wikipedia never seem to cause a crash.
Just sharing my ideas. This is going to be tricky to solve but I'll keep experimenting.
Well that sucks! I was hoping that MacPorts toolchain/compiler updates might eventually fix this some day!
Do you know the process limit? How did people use OS X for servers and the like back in the day?
...I've always assumed (without explicit testing/evidence) that it was websites which load many connections at once. So, when you browse Wikipedia you're basically only talking to Wikipedia's servers. When you load e.g. MacRumors you're loading content from any number of ad networks and CDNs. The sudden influx crashes Squid.
I think (?) this jives with @wicknix's theory above about processes...
I'll have to find the website again, but it explained how to manually override the default limit. It works on 10.6 and above, but doesnt allow much wiggle room on 10.4/10.5 and doesnt stick between reboots.
When i get home i'll take a look at my bash history for the command that lists the default limit. (Currently at work).
As for the console output, if you run squid with a certain switch (-d 0 maybe?) it'll stay active in the terminal and you can watch it work while you browse. Thats where i noticed the issue of child processes dying then squid crashing.
Cheers
When i get home i'll take a look at my bash history for the command that lists the default limit. (Currently at work).
As for the console output, if you run squid with a certain switch (-d 0 maybe?) it'll stay active in the terminal and you can watch it work while you browse. Thats where i noticed the issue of child processes dying then squid crashing.
Cheers
What I also find notable is that 10.6 seems to run Squid fine out of the box. So this has to be something that changed between Leopard and Snow Leopard.
Thanks. Running Squid with -d 0 does print some additional info:
Starting Squid Cache version 4.14 for powerpc-apple-darwin9.8.0...
Service name: squid
But not much beyond that.
Running squid -Nd1 produces more verbose output, but I'm still not seeing any useful errors to diagnose.
Last edited:
10.6 Intel. However, Squid has the same stability issues on Intel 10.4/10.5 as on PPC, so I don't believe that CPU architecture is the problem here.