Setup Squid-Cache

Step I - Downloading and compiling Squid

You can download squid source file as a gzipped tar ball (squid-x.y-STABLE.tar.gz) available at http://www.squid-cache.org/ or from ftp://www.squid-cache.org/pub.

Next you have to extract the compressed archive file and change the working directory to squid

tar -xvzf squid-*-src.tar.gz
cd squid -*

Now enter the following commands in order to configure, compile and install squid

make install

This by default, will install in "/usr/local/squid".

Type ./configure --help to view all available options.

Step II - Basic Configuration

Some basic configurations are to be done. Uncomment and edit the following lines in the configuration file found default at "/usr/local/squid/etc/squid.conf".

cache_dir this direcitve specifies the cache directory storage format and its size as given below.
cache_dir ufs /usr/local/squid/cache 100 16 256
The value 100 denotes 100MB cache size. This can be adjusted to the required size.

Check http_port, 3128 is a default.

By default http_access is denied. The ACL rules should be modified to allow access only to the trusted clients. This is important because it prevents people from stealing your network resources.

cache_effective_user & cache_effective_ group
Set these directive to the user and group by which squid will run. This user should have the permission to read and write in the cache directory and to the log files. .

Step III - Custom configuration based on your network needs

For Configuring squid for proxy

By default, squid is configured as a direct proxy . In order to cache web traffic with squid, the browser must be configured to use the squid proxy. This needs the following information

i. the proxy server's host name
ii. the port by which the proxy server accepts connections.

For Configuring squid for transparency

Using squid transparently is a two part process, requiring first that squid be configured properly to accept non-proxy requests (performed in the squid module) and second that web traffic gets redirected to the squid port (achieved in three ways namely policy based routing, Using smart switching or by setting squid Box as a gateway).

Getting transparent caching to work requires the following steps

i. For some operating systems, you have to configure and build a version of Squid which can recognize the hijacked connections and discern the destination addresses. For Linux this seems to work automatically. For BSD-based systems, configure squid with the --enable-ipf-transparent option and you have to configure squid as

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

ii. Next you have to configure your cache host to accept the redirected packets - any IP address, on port 80 - and deliver them to your cache application. This is typically done with IP filtering/forwarding features built into the kernel. In Linux they call this ipfilter (kernel 2.4.x), ipchains (2.2.x) or ipfwadm (2.0.x).

For Configuring squid for Reverse Proxy

To run Squid as an accelerator, you probably want to listen on port 80. And you have to define the machine you are accelerating for. This is done in squid module,

http_port 80
httpd_accel_host visolve.com
httpd_accel_port 81
httpd_accel_single_host on
httpd_accel_with_proxy on

If you are using Squid as an accelerator for a virtual host system, then instead of a 'hostname' here you have to use the word virtual as:

http_port 80
httpd_accel_host virtual
httpd_accel_port 81
httpd_accel_with_proxy on
httpd_accel_single_host off

Step IV - Starting Squid

After you've finished editing the configuration file, you can start Squid for the first time. First, you must create the swap directories. Do this by running Squid with the -z option:

/usr/local/squid/sbin/squid -z

Once that completes, you can start Squid and try it out. Probably the best thing to do is run it from your terminal and watch the debugging output. Use this command:

/usr/local/squid/sbin/squid -NCd1

If everything is working fine, then your console displays: "Ready to serve requests".

If you want to run squid in the background, as a daemon process


You should be a privileged user to start/stop squid..

Step V - To check if Squid is working

Check the cache.log file in your logs directory to find out if squid works correctly. This file contains the informational and error messages that Squid generates at runtime.

No comments:

Post a Comment