Squid

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.

Installation
Download the latest stable version of Squid

cd /extra/src
wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.3.tar.gz
tar zxf squid-3.5.3.tar.gz
cd squid-3.5.3

Configure Squid as a transparent proxy:

./configure --enable-linux-netfilter --enable-follow-x-forwarded-for
make
make install

Enable the default cache_effective_user, nobody, to access the log directory:

chown nobody:nobody /usr/local/squid/var/logs

Basic Configuration
The default configuration file is /usr/local/squid/etc/squid.conf. If you are going to proxy requests for your internal network, add a localnet directive for your internal network (if there isn't one already):

acl localnet src 192.168.0.0/16

If you don't want to cache any data and only log requests through the Squid proxy, you can use the cache access list to make Squid never cache anything:

cache deny all

Automatic startup
We're going to use daemontools. If you haven't already, install daemontools.

Create a directory for the Squid service:

mkdir -m 1755 /var/service/squid
cd /var/service/squid

Create the /var/service/squid/run script, making sure to change the servername:

#!/bin/sh
rm -f /var/run/squid/squid.pid
exec /usr/local/squid/sbin/squid -N 2>&1

Make the script executable:

chmod 755 run

Our log script comes from John Simpson's:

mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run

Finally, add the service to daemontools by creating the symbolic link in /service

ln -s /var/service/squid /service/squid

Confirm that the service is running:

svstat /service/squid /service/squid/log

Transparent Proxy

iptables -t nat -A PREROUTING -s SQUIDIP -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -j MASQUERADE

Restarting Squid
To reload Squid after making configuration changes:

/usr/local/squid/sbin/squid -k reconfigure

Recent Updates

  • 3 months 3 weeks ago
  • 3 months 3 weeks ago
  • 3 months 3 weeks ago
    php 8.x
  • 3 months 3 weeks ago
    10.6.7
  • 3 months 4 weeks ago
    Drop Centos 5/6 stuff