Services¶

When using an official ControlGuard vX distribution, all services are configured to automatically start at system boot. Only minimal configuration is required and is conveniently guided by the installation setup wizard.

Engine¶

The ControlGuard vX Engine is automatically enabled as a Systemd service and starts at system boot.

To monitor the engine's service and view its real-time logs, use the following command:

journalctl -u controlguard -f

If the service is not running or reports errors, please refer to the troubleshooting section.

Connectors¶

The startup behavior of connectors depends on their type.

Squid Connector¶

Squid connector processes are launched and managed directly by the Squid proxy service.

In the standard ControlGuard vX distributions (VMware or Docker), a pre-configured Squid Proxy instance is already included and is configured to automatically connects to the engine upon startup.

However, when deploying Squid on a separate standalone host, you must explicitly configure it to invoke the connector executable, also called a URL rewriter program.

Configuration File¶

In order to configure Squid to forward requests to one or more squid connectors instances, modify the squid.conf configuration file, by adding the below lines:

squid.conf

url_rewrite_program /opt/controguard/bin/squid_connector -c /opt/controlguard/conf/squid-connector.conf

The url_rewrite_program directive in the Squid configuration specifies the external URL rewriter program to be executed. This directive must include the full path to the Squid connector executable, followed by the -c command-line option, which specifies the path to the connector’s configuration file.

We recommended to append additional options to the url_rewrite_program directive in order to control the number of connector instances that Squid spawns and how requests are distributed among them.

squid.conf

url_rewrite_program 8 startup=1 idle=2 concurrency=0

The parameters in the example above instruct Squid to:

Maintain up to 8 running instances of the connector.
Keep at least 2 instances running when idle (startup=1 idle=2).
Disable concurrent request handling within a single instance (concurrency=0).

Connector Concurrency support

As of this writing, the Squid connector does not support concurrent requests per process. This limitation is intentional in order to keep a lightweight connector implementation and to avoid the complexity of multithreaded operation. Squid automatically load-balances requests across the available connector instances in a blocking manner.

Restarting the Service¶

After applying the configuration changes, restart the Squid service and verify that both the service and the connector processes are running correctly:

systemctl status squid
journalctl -u squid

The output of the above commands should confirm that the Squid service is active and running without errors. In particular, there should be no indications of issues when Squid attempts to spawn the connector instances.