25
04
25
 1 Comment

Squid unexpectedly stopped working

Posted by | Network and Internet, Ubuntu |

Squid unexpectedly stopped working with my home internet connection. I created a temporary user:

cd /etc/squid/
sudo htpasswd -B squid-password temp
sudo service squid reload

tried the following command

curl -v -x https://developernote.com:3129 --proxy-user temp:<password> -I https://api.ipify.org/

with another internet provider and it succeeded.

But from my home machine it hangs up with the following output:

*   Trying 172.236.29.157:3129...
* Connected to (nil) (172.236.29.157) port 3129 (#0)
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Proxy certificate:
*  subject: CN=developernote.com
*  start date: Apr 17 19:59:30 2025 GMT
*  expire date: Jul 16 19:59:29 2025 GMT
*  subjectAltName: host "(nil)" matched cert's "developernote.com"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
* allocate connect buffer!
* Establish HTTP proxy tunnel to api.ipify.org:443
* Proxy auth using Basic with user 'temp'
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
&gt; CONNECT api.ipify.org:443 HTTP/1.1
&gt; Host: api.ipify.org:443
&gt; Proxy-Authorization: Basic dGVtcDpVaG9vdzFvaGNoMEY=
&gt; User-Agent: curl/7.81.0
&gt; Proxy-Connection: Keep-Alive
&gt;
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
&lt; HTTP/1.1 200 Connection established
HTTP/1.1 200 Connection established
&lt;

* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
^C

and I can see the following in its logs:

sudo tail /var/log/squid/access.log

1745578447.885    132 172.236.29.157 TCP_TUNNEL/200 3779 CONNECT api.ipify.org:443 temp HIER_DIRECT/172.67.74.152 -
1745578831.222  15363 91.122.37.167 TCP_TUNNEL/200 39 CONNECT api.ipify.org:443 temp HIER_DIRECT/104.26.12.205 -
1745578842.191  15003 91.122.37.167 TCP_TUNNEL/200 39 CONNECT api.ipify.org:443 temp HIER_DIRECT/104.26.12.205 -

while the normal output is the following:

* Host developernote.com:3129 was resolved.
* IPv6: (none)
* IPv4: 172.236.29.157
*   Trying 172.236.29.157:3129...
* Connected to developernote.com (172.236.29.157) port 3129
* ALPN: curl offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server did not agree on a protocol. Uses default.
* Proxy certificate:
*  subject: CN=developernote.com
*  start date: Apr 17 19:59:30 2025 GMT
*  expire date: Jul 16 19:59:29 2025 GMT
*  subjectAltName: host "developernote.com" matched cert's "developernote.com"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* CONNECT tunnel: HTTP/1.1 negotiated
* allocate connect buffer
* Proxy auth using Basic with user 'temp'
* Establish HTTP proxy tunnel to api.ipify.org:443
&gt; CONNECT api.ipify.org:443 HTTP/1.1
&gt; Host: api.ipify.org:443
&gt; Proxy-Authorization: Basic dGVtcDpMaWEwQVZvOWl0aGk=
&gt; User-Agent: curl/8.5.0
&gt; Proxy-Connection: Keep-Alive
&gt;
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
&lt; HTTP/1.1 200 Connection established
HTTP/1.1 200 Connection established
&lt;

* CONNECT phase completed
* CONNECT tunnel established, response 200
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=ipify.org
*  start date: Mar 11 14:08:25 2025 GMT
*  expire date: Jun  9 15:08:19 2025 GMT
*  subjectAltName: host "api.ipify.org" matched cert's "*.ipify.org"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
*   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://api.ipify.org/
* [HTTP/2] [1] [:method: HEAD]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: api.ipify.org]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
&gt; HEAD / HTTP/2
&gt; Host: api.ipify.org
&gt; User-Agent: curl/8.5.0
&gt; Accept: */*
&gt;
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
&lt; HTTP/2 520
HTTP/2 520
&lt; date: Fri, 25 Apr 2025 11:16:12 GMT
date: Fri, 25 Apr 2025 11:16:12 GMT
&lt; content-type: text/plain; charset=UTF-8
content-type: text/plain; charset=UTF-8
&lt; content-length: 15
content-length: 15
&lt; x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
&lt; referrer-policy: same-origin
referrer-policy: same-origin
&lt; cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
&lt; expires: Thu, 01 Jan 1970 00:00:01 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
&lt; server: cloudflare
server: cloudflare
&lt; cf-ray: 935d6d463900943d-LHR
cf-ray: 935d6d463900943d-LHR
&lt; server-timing: cfL4;desc="?proto=TCP&amp;rtt=7358&amp;min_rtt=2185&amp;rtt_var=10746&amp;sent=6&amp;recv=9&amp;lost=0&amp;retrans=0&amp;sent_bytes=3400&amp;recv_bytes=780&amp;delivery_rate=1325400&amp;cwnd=253&amp;unsent_bytes=0&amp;cid=743886e81608dcff&amp;ts=731&amp;x=0"
server-timing: cfL4;desc="?proto=TCP&amp;rtt=7358&amp;min_rtt=2185&amp;rtt_var=10746&amp;sent=6&amp;recv=9&amp;lost=0&amp;retrans=0&amp;sent_bytes=3400&amp;recv_bytes=780&amp;delivery_rate=1325400&amp;cwnd=253&amp;unsent_bytes=0&amp;cid=743886e81608dcff&amp;ts=731&amp;x=0"

&lt;
* Connection #0 to host developernote.com left intact

Maybe an hour later I started working again from my home machine and the output was the following:

*   Trying 172.236.29.157:3129...
* Connected to (nil) (172.236.29.157) port 3129 (#0)
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Proxy certificate:
*  subject: CN=developernote.com
*  start date: Apr 17 19:59:30 2025 GMT
*  expire date: Jul 16 19:59:29 2025 GMT
*  subjectAltName: host "(nil)" matched cert's "developernote.com"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
* allocate connect buffer!
* Establish HTTP proxy tunnel to api.ipify.org:443
* Proxy auth using Basic with user 'temp'
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
&gt; CONNECT api.ipify.org:443 HTTP/1.1
&gt; Host: api.ipify.org:443
&gt; Proxy-Authorization: Basic dGVtcDpMaWEwQVZvOWl0aGk=
&gt; User-Agent: curl/7.81.0
&gt; Proxy-Connection: Keep-Alive
&gt;
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
&lt; HTTP/1.1 200 Connection established
&lt;
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=ipify.org
*  start date: Mar 11 14:08:25 2025 GMT
*  expire date: Jun  9 15:08:19 2025 GMT
*  subjectAltName: host "api.ipify.org" matched cert's "*.ipify.org"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x5589aaffc9f0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
&gt; GET / HTTP/2
&gt; Host: api.ipify.org
&gt; user-agent: curl/7.81.0
&gt; accept: */*
&gt;
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
&lt; HTTP/2 200
&lt; date: Fri, 25 Apr 2025 12:21:41 GMT
&lt; content-type: text/plain
&lt; content-length: 14
&lt; vary: Origin
&lt; cf-cache-status: DYNAMIC
&lt; server: cloudflare
&lt; cf-ray: 935dcd356f9cef44-LHR
&lt; server-timing: cfL4;desc="?proto=TCP&amp;rtt=1244&amp;min_rtt=1193&amp;rtt_var=367&amp;sent=5&amp;recv=10&amp;lost=0&amp;retrans=0&amp;sent_bytes=3378&amp;recv_bytes=819&amp;delivery_rate=2322373&amp;cwnd=240&amp;unsent_bytes=0&amp;cid=fe094c1361ca7b1c&amp;ts=138&amp;x=0"
&lt;
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host (nil) left intact

1 Response to Squid unexpectedly stopped working

  1. dmitriano says:
    April 25, 2025 at 2:27 pm

    Run Curl Commands Online
    https://reqbin.com/curl
    curl -x https://developernote.com:3129 –proxy-user temp:XXXXXXX -I https://api.ipify.org/

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *