Failed to make swap directory /tmp/squid/cache

Thanks to @dlakelan and others for several suggestions on configuring my LEDE box to handle my kids' poor choices for surfing the Internet.

I'm setting up squid now and seem to have encountered several problems doing so:

  1. I can no longer get to my LuCI interface. Was this perhaps caused by the addition of the firewall redirect rule? When I tried, I got an error page apparently generated by squid. How do I fix this?

  2. When I run squid -z, I see "FATAL: Failed to make swap directory /tmp/squid/cache: (13) Permission denied"

my squid.conf file reads in part:
cache_dir aufs /tmp/squid/cache 7500 16 512

My external filesystem is:
/dev/sda1 on /tmp/squid type btrfs (rw,relatime,noacl,space_cache,subvolid=5,subvol=/)

What am I doing wrong here?


Honestly, you don't want to be using intercepting squid. Use explicit squid, put the config on the devices. Use an iptables rule to block 80 and 443 out of your network. Anyone who doesn't set up the proxy doesn't get any web...

I'd turn off caching you're looking just for monitor and policy control, caching isn't that useful esp on a flash filesystem.


The failure to create the directory might be that the init file assumes that /var/squid/ or /tmp/squid/ exists already.

Check for a line like

mkdir -p /tmp/squid/cache 2>/dev/null

and if it's missing the -p ("create path, if needed"), adding that might resolve the problem.

Hmm, looks like squid.init should create /tmp/squid/ with

        config_dir=$(dirname $CONFIGFILE)
        [ -d $config_dir ] || mkdir -p $config_dir && chown nobody:nogroup $config_dir

though I don't see /tmp/squid/cache/ being explicitly created.


Since you're persisting this /tmp/squid to "disk" I'd just go in and mkdir /tmp/squid/cache but like I said, just turn off caching. You might still want the directory though.

1 Like

Thanks @dlakelan. Now that I think about your comment here, I think I agree. So perhaps the guidance I see for setting up squid in OpenWRT here is not the best plan? That's where the redirect rule came from.

After searching the web, I see thousands of squid configuration guides (many of which are clearly not intended for routers). Can you suggest one or two squid getting started resources for me to use in place of the link I used above? That would be a big help to me.

I removed the redirect rule from my firewall that the link above suggested, and can now access my LuCI interface again, so at least I know what caused that problem.

Actually, since I'm using squid to implement monitoring (to start with) and access control (probably later), I think I will also want squid's caching features. I think that speeding up connections by caching can only be a good idea for me (even though it's not one of my original goals). The USB drive I'm using is actually a USB 3.0 spinning magnetic disk (not a USB thumb or flash drive), so I don't think I need to worry about damaging the flash drive hardware by having squid do too many rewrites in too short a time.

I guess the permission problem (after I run squid -z) was because squid was trying to do something that only root had permission to do (like you said, creating the /tmp/squid/cache directory), but the man page says that squid -z "Create swap directories". How many swap directories under /tmp/squid will squid need to create? And does it create new ones as it's running over weeks and months? Sorry, I'm brand new to squid.

Thanks for your suggestion here, @jeff.

Question: where are you finding details like squid.init that you cite above? I don't see anything like that mentioned at this link that I've been using to set up squid.

The only mention of /dev/null I see at that link are these:

cache_log /dev/null
cache_store_log stdio:/dev/null
logfile_daemon /dev/null

and a couple of other lines "After a sysupgrade , the following may need doing..."

I thought I would change these after getting squid up and running as per the link, but I'm trying to better understand your suggestion above.

Many Unix-like systems use "init scripts" to start and stop the various background ("daemon") processes. In OpenWrt, they are typically in /etc/init.d/. Since I don't have squid installed on my system, I looked at the package source, where the file that you would see as /etc/init.d/squid is called squid.init.

The "magic line" I was looking for was a guess, based on how things are often done.

mkdir              # make a new directory
-p                 # including the path to the directory, if it doesn't already exist
/tmp/squid/cache   # with the directory called this
2>                 # take any "error" output (such as "directory already exists") and send it to
/dev/null          # the "bitbucket" - /dev/null is a special "file" that discards everything written to it

Well the web has moved on to encrypted SSL everywhere so almost nothing gets cached... It's great for something like Debian packages that are still served by http and are large and you might want to install on multiple computers, but for everyday surfing it has very little effect, particularly since browsers do their own caching.

But hey, if it's on a spinning disk, it's not going to hurt...

Have you tried the luci-app-squid package to get started using a GUI? I haven't used it myself but it might help here

1 Like

As an intensive user (and modder) of squid, not only on openwrt, I suggest first to do the intended setup on real LINUX, for the purpose of learning and to avoid the interference of LuCi and uci.
BTW: On openwrt, I completely bypass Luci/uci, too, for optimized, non-trivial configuration.

1 Like

Yeah I actually run it on Debian too, don't have experience installing it on OpenWrt.