Meniu

Squid - minimal installation and configuration

The Squid server is derived from the Harvest project started by ARPA, being further developed by the National Laboratory for Applied Network Research. Supports http, https, ftp and gopher protocols.

Squid can help us limit the use of available bandwidth, to reduce costs or not overload the network. This is possible due to the fact that:

Keeping web pages, images and other types of files on your hard drive. In case someone addresses one and the same page - it will no longer be accessed from the internet, but taken from cash. With the help of this function, an average of 30% of the band can be saved (depending on the sites visited, and other parameters).

In addition, we can use the delay pool function to limit access to some sites (for example that contain the word porn in the url) or prohibit the download of certain types of files.

We download the sources from the official website - www.squid-cache.org

1.Installation -

tar -xjvf squid-2.5.STABLE3.tar.bz2
cd squid-2.5.STABLE3
CC="gcc" \
CFLAGS="-O3 -march=i686 -funroll-loops -fomit-frame-pointer" \
./configure \
--prefix=/usr \
--exec-prefix=/usr \
--bindir=/usr/sbin \
--libexecdir=/usr/lib/squid \
--sysconfdir=/etc/squid \
--enable-delay-pools \
--enable-cache-digests \
--enable-poll \
--disable-ident-lookups \
--enable-truncate \
--enable-xmalloc-statistics \
--enable-linux-netfilter \
--enable-stacktraces && make all && make install

2. To increase squid performance, you need a partition, or if not possible - create a cache directory.

 mkdir / cache 

A SCSI hard disk allocation would be best suited for squid allocation. We add the squid user and the squid group, without shell (in order not to run the proxy server as root)

groupadd squid
useradd -d /cache -s /sbin/nologin -g squid squid
chown -R squid:squid /cache

Cream the / var / log / squid directory, with the owner - squid

mkdir /var/log/squid
chown squid:squid /var/log/squid

3. Configuration:
Next I will present the minimum structure of the /etc/squid/squid.conf file

#####################################################
# Portul si adresa ip pe care va astepta conexiuni squid
http_port 192.168.1.1:8080
# Directorul in care se va afla cache-ul si dimensiunea lui in Mb
#(in cazul de mai jos - 6000 mb)
cache_dir ufs /cache 6000 16 256
# Userul si grupul sub care va rula serverul squid
cache_effective_user squid
cache_effective_group squid
#Portul pe care squid va trimite si primi cereri catre cache a altor proxy servere vecine
#Daca nu mai avem alte proxy, specificam 0
icp_port 0
# Cream acl-urile (acess control list):
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/8
acl lan src 192.168.1.0/24 #clientii proxy serverului nostru
#Paginile ce se creeaza dinamic vor fi accesate direct de la sursa
hierarchy_stoplist cgi-bin php asp ?
# Obiectele create dinamic nu vor fi salvate in cache
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# Permitem accesul de la masina locala(daca este cazul)
http_access allow localhost
# Permitem calculatoarelor din reteaua locala sa
# utilizeze proxy serverul
http_access allow lan
# Interzicem celorlalti sa acceseze squid-ul
http_access deny all
# Specificam unde squid va pastra logurile
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
# Pidul procesului
pid_filename /var/run/squid.pid
#####################################################

This is the minimum configuration for squid to run. We initialize the cache by command:

squid -f /etc/squid/squid.conf -z

If you receive a message like:

2003/08/11 20: 30: 28 | aclParseIpData: WARNING: Netmask masks away part of the specified IP in '127.0.0.1/8' don't be scared, it's not an error, it's a warning.

The first time we start the squid with the command:

squid -NDCd1

to see any error messages. If everything is ok - we have the message:

2003/08/11 20:30:29| Ready to serve requests.

Squid is ready to accept connections.

We add in the system start and stop scripts to squid to start, respectively to stop at the start and stop of the computer.

And let's not forget to close port 8080 for external connections with the help of the firewall, and leave it open for clients in the network.

FlorinM

Utilizator Linux - Solus OS, pasionat de calatorii.
  • | 2708 articole

Nici un comentariu inca. Fii primul!
  • powered by Verysign