||<
><>|| = Introduction = Squid is a Proxy server This howto describes the process of setting up Squid as a Proxy Server Squid is a proxy server, HTTP requests are sent to Squid instead of being sent directly to the internet. Note: in many of the examples below, you may need to change "squid" to "squid3". The squid.conf file for Squid 3.x is still named squid.conf, however for Squid 3.x, the path defaults to /etc/squid3/ instead of /etc/squid/. == Installation == Install Apache {{{ # apt-get install apache2 }}} Install Squid {{{ # apt-get install squid }}} == Key File Locations == || '''File''' || '''Purpose''' || || /etc/squid3/squid.conf || Squid (3) configuration file || || /var/log/squid3/access.log || Squid (3) access log file || || /var/spool/squid3 || Squid (3) cache_dir || = Configurations = == Squid Configuration == The squid.conf file is huge, with hundreds of options. In this howto we will only be changing a few settings. Open the squid.conf file for editing {{{ gksudo gedit /etc/squid3/squid.conf }}} Turn on line numbers in gedit (Edit > Preferences) Find the `http_port tag` (should be on or around line 53, its currently Line 89 in 7.10 release) By default it reads `# http_port 3128` This is the default port that Squid will listen on for requests. If you want to change it, uncomment the line and set to the changed port. If you want Squid to listen only on one specific NIC (for a server with multiple NICs), you can also change the IP address – for example `192.168.1.5:3128` Now we'll setup who is allowed access to the proxy. Find the http_access section (should start around line 1860,line 2589 in 7.04 and line 2608 in 7.10 release) Uncomment these 2 lines: {{{ #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks }}} You'll need to change 192.168.1.0/24 to match your network (like 192.168.0.0/24, or 10.0.0.0/8) Unless you have a second subnet you can delete 192.168.2.0/24 Above, the first four sets of numbers, separated by periods ("."), form the IP address of your local area network. The last number, after the slash ("/"), is the netmask of your network and depends on your router settings. This is usually 24, meaning that the first three sets of numbers in the IP address only correspond to computers in your network while all others exist outside of it. Other netmasks are explained [[http://unixwiz.net/techtips/netmask-ref.html|here]]. if you get a startup error :- 'FATAL: Could not determine fully qualified hostname. Please set visible_hostname' you will also need to modify the visible_hostname tag (around line 2909 in 7.10) to:- NOTE: this needs to be added as a new line in 7.10 (not sure about other releases) as there is no commented out line re-introduce. {{{ visible_hostname localhost }}} Save the file and close gedit == Service Administration == Fire up Squid If it is not running you can use (change "squid" to "squid3" if using a Squid 3.x version):- {{{ sudo /etc/init.d/squid3 start|restart|stop }}} then this will work {{{ squid3 -k reconfigure }}} Squid caches the web pages it serves. If the cache expiration time of the web page is specified, Squid seems to obey it. If you are serving some of the pages, update your page in the Apache directory, Squid won't fetch the new version, instead relying on its cached version until its default expiration time. To flush the Squid cache {{{ sudo /etc/init.d/squid3 stop sudo rm -fr /var/spool/squid3/* sudo squid3 -z sudo /etc/init.d/squid3 start }}} == Defining the Cache Space == At this point, Squid is running, but it is not actually caching. A google search of "squid not caching" will show that this is not an uncommon problem. The first reason for this is that the cache directory is not defined or built. In /etc/squid3/squid.conf uncomment; (Note that this is for a 100 meg cache.) {{{ cache_dir ufs /var/spool/squid3 100 16 256 }}} A 1 gig cache would be; {{{ cache_dir ufs /var/spool/squid3 1024 16 256 }}} Another problem is that not everything on the web has cache friendly expire tags, and the refresh patterns by default are somewhat conservative. Adding this line to /etc/squid3/squid.conf can help. {{{ refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200 }}} This will force squid to cache all the images listed above for at least and hour, and up to half a day. After it has been running for a while you can see if it is cacheing with this command; {{{ lsharp@dansguardian:~$ sudo du -sh /var/spool/squid3 19M /var/spool/squid3 }}} == Customize Squid Error Pages == Squid can be customized. Learn how to do this [[Squid/Customize|here]]. = See Also = * SquidGuard - Squid Guard * [[Manpage:squid|squid]] man page = External Links = * [[http://www.squid-cache.org|Official Squid site]] * [[http://www.squidguard.org/|Official SquidGuard site]] * [[http://www.squidguard.org/blacklist/|Downloadable blacklists]] ---- CategoryNetworking CategorySecurity CategoryDocumentation