KfWiki: Squid web cache and proxy

Revision [3879]

Last edited on 2010-11-03 01:16:58 by KenFong

Additions:

===Squid web cache and proxy===

Revision [3878]

Edited on 2010-11-03 01:14:56 by KenFong

Additions:

Install on Ubuntu-9.10 - yea I hate IPv6, or any other half-ass bullshit.
--sysconfdir=/etc/squid3 --localstatedir=/var --disable-ipv6

Deletions:

Install on Ubuntu-9.10
--sysconfdir=/etc/squid3 --localstatedir=/var

Revision [3669]

Edited on 2010-03-12 08:03:53 by KenFong

Additions:

===Squid-3.0===
Install on Ubuntu-9.10
./configure --with-aio --with-openssl=/usr --with-large-files \
--enable-stacktraces --enable-linux-netfilter --enable-ssl \
--enable-kill-parent-hack --enable-delay-pools \
--enable-storeio=ufs,aufs --enable-icmp \
--sysconfdir=/etc/squid3 --localstatedir=/var

Revision [3581]

Edited on 2009-11-20 09:33:34 by WikiAdmin

Additions:

===cache_peer===
One can configure squid to pass request to another squid based on the dst domain:
# define cache_peer
cache_peer 10.8.0.6 parent 3128 3130 proxy-only name=xxx-squid
# define list of domains
acl dp-domains dstdomain .xxx.net
acl dp-domains dstdomain .xxx.com
# tell squid to use xxx-squid for xxx-domains
cache_peer_access xxx-squid allow xxx-domains
# Stop squid from trying to DIRECT ssl requests for xxx-domains
never_direct allow xxx-domains

Revision [1961]

Edited on 2008-09-19 21:30:10 by WikiAdmin

Additions:

Then just create the passwd file with **htpasswd**

Revision [1960]

Edited on 2008-09-19 21:26:11 by WikiAdmin

Additions:

tcp_outgoing_address 1.2.3.4 # if you want to mask your outgoing address

Revision [1959]

Edited on 2008-09-19 20:41:52 by WikiAdmin

Additions:

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm My Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive on

Deletions:

proxy_auth_realm My Proxy Server
authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/passwd

Revision [1958]

Edited on 2008-09-19 20:38:55 by WikiAdmin

Additions:

===Squid authentication (for forward proxies)===
From squid's source
cd helpers/basic_auth/NCSA/
make
make install
Then add these into squid.conf
proxy_auth_realm My Proxy Server
acl authusers proxy_auth REQUIRED
http_access allow authusers
authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/passwd

Revision [1957]

Edited on 2008-09-19 20:26:45 by WikiAdmin

Additions:

""""

Deletions:

~~'' ''~~

Revision [1956]

Edited on 2008-09-19 20:26:13 by WikiAdmin

Additions:

==Squid Redhat init script==
''

#!/bin/bash 
### BEGIN INIT INFO 
# Provides: squid 
# chkconfig: - 90 25 
# pidfile: /var/run/squid.pid 
# config: /etc/squid/squid.conf 
# Short-Description: starting and stopping Squid Internet Object Cache 
# Description: Squid - Internet Object Cache. Internet object caching is \ 
# a way to store requested Internet objects (i.e., data available \ 
# via the HTTP, FTP, and gopher protocols) on a system closer to the \ 
# requesting site than to the source. Web browsers can then use the \ 
# local Squid cache as a proxy HTTP server, reducing access time as \ 
# well as bandwidth consumption. 
### END INIT INFO 
PATH=/usr/bin:/sbin:/bin:/usr/sbin 
export PATH 
# Source function library. 
. /etc/rc.d/init.d/functions 
# Source networking configuration. 
. /etc/sysconfig/network 
if [ -f /etc/sysconfig/squid ]; then 
	. /etc/sysconfig/squid 
fi 
# don't raise an error if the config file is incomplete 
# set defaults instead: 
SQUID_OPTS=${SQUID_OPTS:-"-D"} 
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20} 
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100} 
# determine the name of the squid binary 
[ -f /usr/sbin/squid ] && SQUID=squid 
if [ "$1" == "status" ]; then 
	[ -z "$SQUID" ] && exit 4 
else 
	[ -z "$SQUID" ] && exit 1 
fi 
prog="$SQUID" 
# determine which one is the cache_swap directory 
CACHE_SWAP=`sed -e 's/#.*//g' /etc/squid/squid.conf | \ 
	grep cache_dir | awk '{ print $3 }'` 
[ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/spool/squid 
RETVAL=0 
probe() { 
	# Check that networking is up. 
	[ ${NETWORKING} = "no" ] && exit 1 
	# check if the squid conf file is present 
	[ -f /etc/squid/squid.conf ] || exit 6 
} 
start() { 
	probe 
	$SQUID -k parse 
	RETVAL=$? 
	if [ $RETVAL -ne 0 ]; then 
		echo -n $"Starting $prog: " 
		echo_failure 
		echo 
		return 1 
	fi 
	for adir in $CACHE_SWAP; do 
		if [ ! -d $adir/00 ]; then 
			echo -n "init_cache_dir $adir... " 
			$SQUID -z -F -D >> /var/log/squid/squid.out 2>&1 
		fi 
	done 
	echo -n $"Starting $prog: " 
	$SQUID $SQUID_OPTS >> /var/log/squid/squid.out 2>&1 
	RETVAL=$? 
	if [ $RETVAL -eq 0 ]; then 
		timeout=0; 
		while : ; do 
			[ ! -f /var/run/squid.pid ] || break 
			if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then 
				RETVAL=1 
				break 
			fi 
			sleep 1 && echo -n "." 
			timeout=$((timeout+1)) 
		done 
	fi 
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID 
	[ $RETVAL -eq 0 ] && echo_success 
	[ $RETVAL -ne 0 ] && echo_failure 
	echo 
	return $RETVAL 
} 
stop() { 
	echo -n $"Stopping $prog: " 
	$SQUID -k check >> /var/log/squid/squid.out 2>&1 
	RETVAL=$? 
	if [ $RETVAL -eq 0 ] ; then 
		$SQUID -k shutdown & 
		rm -f /var/lock/subsys/$SQUID 
		timeout=0 
		while : ; do 
			[ -f /var/run/squid.pid ] || break 
			if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then 
				echo 
				return 1 
			fi 
			sleep 2 && echo -n "." 
			timeout=$((timeout+2)) 
		done 
		echo_success 
		echo 
	else 
		echo_failure 
		echo 
	fi 
	return $RETVAL 
} 
reload() { 
	$SQUID $SQUID_OPTS -k reconfigure 
} 
restart() { 
	stop 
	start 
} 
condrestart() { 
	[ -e /var/lock/subsys/squid ] && restart || : 
} 
rhstatus() { 
	status $SQUID && $SQUID -k check 
} 
case "$1" in 
start) 
	start 
	;; 
stop) 
	stop 
	;; 
reload) 
	reload 
	;; 
restart) 
	restart 
	;; 
condrestart) 
	condrestart 
	;; 
status) 
	rhstatus 
	;; 
probe) 
	probe 
		return 0 
	;; 
*) 
	echo $"Usage: $0 {start|stop|status|reload|restart|condrestart|probe}" 
	exit 2 
esac 
exit $?

Revision [1955]

Edited on 2008-09-19 20:24:51 by WikiAdmin

Additions:

./configure \
--localstatedir=/var \
--sysconfdir=/etc/squid \
--enable-icmp \
--enable-ssl \
--enable-large-cache-files \
--enable-storeio=ufs,aufs

Deletions:

~~./configure --enable-icmp --enable-ssl --enable-large-cache-files --enable-storeio=ufs,aufs~~

Revision [1944]

Edited on 2008-09-11 09:06:06 by WikiAdmin

Additions:

httpd_accel_uses_host_header on

Revision [1924]

Edited on 2008-09-03 20:28:52 by WikiAdmin

Additions:

===Squid2.7===
My install on FreeBSD:
./configure --enable-icmp --enable-ssl --enable-large-cache-files --enable-storeio=ufs,aufs

Revision [1875]

Edited on 2008-08-07 01:54:50 by WikiAdmin

Additions:

==Squid URL acl==
Set up the acl the http_access list
acl whitelist_domains dstdomain "/etc/squid/whitelist.domains"
acl blacklist_domains dstdomain "/etc/squid/blacklist.domains"
http_access deny blacklist_domains
http_access allow trusted_net whitelist_domains
Then create the .domains files
.blah.com
.foo.com

Revision [1608]

Edited on 2008-04-07 03:56:43 by WikiAdmin

Additions:

Read: Squid-2.6 configuration manual http://www.visolve.com/squid/squid26/contents.php

Deletions:

~~oracel~~

Revision [1607]

Edited on 2008-04-07 03:22:01 by WikiAdmin

No differences.

Revision [1606]

Edited on 2008-04-07 03:21:36 by WikiAdmin

Additions:

===Setting up squid-2.6 as reverse proxy===
I'm not gonna bore you with the details. Just add these in additional to the stock config file.
http_port SQUID_EXTERNAL_IP:80 vhost vport
cache_peer REAL_WEB_IP parent 80 0 originserver default
acl valid_dst dstdomain .accelerated.com
http_access allow valid_dst
===Setting up Squid 2.4/2.5 as reversed proxy===

Deletions:

~~===Setting up Squid as reversed proxy===~~

Revision [1497]

Edited on 2008-03-16 21:21:01 by WikiAdmin

Additions:

===Squid logs in UTC===
Easy.
%%(perl;convert_utc.pl)
#! /usr/bin/perl -p
s/^\d+\.\d+/localtime $&/e;

Revision [1142]

Edited on 2007-11-10 20:37:39 by disabled (unregistered user)

Additions:

oracel

Revision [872]

The oldest known version of this page was created on 2007-08-13 02:10:58 by WikiAdmin

KfWiki : Squid

Revision [3879]

Additions:

Revision [3878]

Additions:

Deletions:

Revision [3669]

Additions:

Revision [3581]

Additions:

Revision [1961]

Additions:

Revision [1960]

Additions:

Revision [1959]

Additions:

Deletions:

Revision [1958]

Additions:

Revision [1957]

Additions:

Deletions:

Revision [1956]

Additions:

Revision [1955]

Additions:

Deletions:

Revision [1944]

Additions:

Revision [1924]

Additions:

Revision [1875]

Additions:

Revision [1608]

Additions:

Deletions:

Revision [1607]

Revision [1606]

Additions:

Deletions:

Revision [1497]

Additions:

Revision [1142]

Additions:

Revision [872]