Category Archives: proxy

Install Squid as Local Proxy Cache for Slackware64

Squid is a caching proxy for Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-request web pages. Squid has extensive access controls and makes a great server accelerator. Run on most available operating system and licensed under GNU GPL.

Squid is used by hundreds of Internet Providers world-wide to provide their users with the best possible web access. Squid optimises the data flow between client and server to improve performance and caches frequently-used content to save bandwidth. Squid can also route content requests to servers in a wide variety of ways to build cache server hierarchies which optimise network throughput.

Thousands of web-sites around the Internet use Squid to drastically increase their content delivery. Squid can reduce server load and improve delivery speeds to clients. Squid can also be used to deliver content from around the world – copying only the content being used, rather than inefficiently copying everything. Finally, Squid’s advanced content routing configuration allows you to build content clusters to route and load balance requests via a variety of web servers.

In this article we will discuss about how to install Squid, gives a simple configuration, and then use it as a local cache server. Our goals is to improves response times and minimizing bandwidth on Slackware64 machine.

I use following:

  1. Slackware64 14.0 with multilib support.
  2. Squid Cache 3.3.3 source code

Obtain the Materials

The only material we need is squid’s source code which can be downloaded from their official site. At the time of writing this article, the latest stable version available is version 3.3.3. The direct download can be made on here.

As stated on site, we need Perl installed on our system. On Slackware64 it, is already installed by default, unless you have uninstalled it before. Make sure Perl is available.

Installation

Create a working directory. You can use any directory you want but in this case I will use my home directory /home/xathrya/squid. The archive we got is squid-3.3.3.tar.xz.

Now extract and configure the makefile.In this article I use /usr/local/squid directory as root of installation which is the default path for installing squid. If you want to install squid on another directory, on ./configure use –prefix=/path/to/new/squid where /path/to/new/squid is a path like /usr After compilation finished, install Squid using root privilege. A complete command to do so is given below:

tar -Jxf squid-3.3.3.tar.xz
cd squid-3.3.3
./configure
make
make install clean

The compilation might took some times, depending on your machine.

Setup

Squid is officially installed on this stage, but we need to do some setup to make it work properly.

Before we proceed we need to specify what are resource allocated to squid and what configuration must we set to meet our need. In my case, the squid can be activated on demand, the directory for caching is using a dedicated partition on /cache (you can also use other directory, and a dedicated partition is not a must) which is 48.0 GiB allocated, squid can use some peer that can be configured dynamically without need for me to change the configuration file directly.

Your need might be different from me, so adjust it yourself.

Create Basic Configuration File

In this example, the configuration file is located at /usr/local/squid/etc/squid.conf, but might be vary if you install squid on different directory than /usr/local/squid. On general, squid configuration file is located on <root directory>/etc/squid.conf

Now adjust your configuration file. Below is the configuration I use:

###############################################################
##
## BlueWyvern Proxy Service
## XGN-Z30A : SquidProxy
##
###############################################################

##
#      Proxy Manager Information
##
cache_mgr xathrya@celestial-being.net
visible_hostname proxy.bluewyvern.celestial-being.net

###############################################################

##
#    Basic Configuration
##
cache_effective_user squid
cache_effective_group squid

# DNS server (not required)
# Use this if you want to specify a list of DNS servers to use instead
# of those given in /etc/resolv.conf
#dns_nameservers 127.0.0.1 8.8.8.8

# Set Squid to listens port 1351 (normally listens to port 3128)
http_port 1351

# Timeouts
dead_peer_timeout 30 seconds
peer_connect_timeout 30 seconds

# Load the peer
include /usr/local/squid/peers.conf

###############################################################

##
#    Access Control List
#
#    My machine allow client from self, so IP other than self will be rejected
#    Also define some safe ports
##
acl localnet src 10.0.0.0/8        # RFC1918 possible internal network
acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

###############################################################

##
#    Directory & Logs
#
#    We use /cache for directory
#    I have 48.0 GiB = 51 GB available
#        64 directories, 256 subdirectories for each directory
#
##

# Cache directory 48GiB = 51500MB
cache_dir ufs /cache 51500 64 256

# Coredumps is specified on /cache too
coredump_dir /cache

# Squid logs
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

# Defines an access log format
logformat custom %{%Y-%m-%d %H:%M:%S}tl %03tu %>a %tr %ul %ui %Hs %mt %rm %ru %rv %st %Sh %Ss

###############################################################

##
#    Other
##
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|?) 0    0%    0
refresh_pattern .        0    20%    4320

Make user squid and group squid if you don’t have it yet. Then create cache directory if you don’t have any and change ownership to user squid and group squid (or any user and group you assign to squid, see squid.conf). Also I use /var/log/squid directory to log things squid need to.  After all the preparations are ready, we need to do initial setup. Below is the snippet I use to do:

ln -s /usr/local/squid/sbin/squid /usr/bin/squid

/bin/egrep -i "^squid" /etc/group
if [ $? -ne 0]; then
groupadd squid
fi

/bin/egrep -i "^squid" /etc/passwd
if [ $? -ne 0 ]; then
useradd -g squid -s /bin/false -M  squid
fi

if [ ! -d /cache ]; then
mkdir /cache
fi

chown squid.squid /cache

if [ ! -d /var/log/squid ]; then
mkdir /var/log/squid
fi

chown squid.squid /var/log/squid

/usr/local/squid/sbin/squid -z

Now create a file /usr/local/squid/etc/peers.conf and write all peer you want to use.

Creating Scripts

All the system are ready. Now we need to create a control panel script which can execute system. Using this script, I can start and stop squid, and also purge content from cache. The script I use is:

#! /bin/bash
ROOTFOLDER=/usr/local/squid
SQUID=${ROOTFOLDER}/sbin/squid
SQUIDCLIENT=${ROOTFOLDER}/bin/squidclient

case $1 in
"start")
$SQUID start
ifconfig | grep inet
;;
"purge")
$SQUIDCLIENT -h 127.0.0.1 -p 8080 -m purge $2
;;
"stop")
$SQUID stop
;;
esac

Known Issues

Compile & Installation

  • Squid 3.5 onward use GnuTLS instead of OpenSSL. If you are getting error message such as “error: ‘gnutls_transport_set_int’ was not declared in this scope” then chance that you have old GnuTLS installed. Make sure you installed newer version. The safe assumption is to use the latest version. I test GnuTLS v3.3 with Nettle 2.7.1.

Runtime

The post Install Squid as Local Proxy Cache for Slackware64 appeared first on Xathrya.ID.