This proxy is a Dell Optiplex 740 with 5 gigs of RAM and it has a 1TB drive mounted as /cache. I think that the hardware especially the size of the cache drive was a bit overkill. But I wanted to build something that could keep on caching for an entire school year.


Here is a tutorial for a roll your own installation of squid3 Stable 25 on ubuntu 9.10.

I like to put my cache on a second (larger) drive and mount it through fstab by adding the line “/dev/sdb1 /cache ext3″ to /etc/fstab

mkdir /cache

cd /usr/src
wget http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE25.tar.gz
tar -xzvf squid-3.0.STABLE25.tar.gz
cd squid*
more README
more QUICKSTART
more INSTALL
./configure –prefix=/usr/local/squid
make all
make

Here is my squid.conf.
This is a webcache proxy’s squid.conf file. Of course you can’t just paste this in and expect it to work. But you can examine my settings to help determine what you need in your environment. remember that my cache is on a 1TB (probably overkill) drive. I’m running squid3.0 stable 24 on ubuntu 9.10. This proxy caches for about 300 student computers and has been up for a few months now. (12.21.09)

sudo nano /usr/local/squid/etc/squid.conf

{paste in the following}

http_port 3128
# acl QUERY urlpath_regex cgi-bin \? #Removed by Amos, suggested to speed up web sites using media
cache_mem 512 MB # May need to set lower if I run low on RAM
maximum_object_size_in_memory 4096 KB #Increased by Amos, suggested to speed up web sites using media
maximum_object_size 1 GB
cache_dir aufs /cache 500000 256 256
redirect_rewrites_host_header off
cache_replacement_policy lru
#acl all src all #not needed for squid3
acl localnet src 10.60.0.0/255.255.0.0
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/8
acl Safe_ports port 80 81 443 210 119 70 21 1025-65535
acl SSL_Ports port 443
acl internalSite1 dstdomain eaplus.altonschools.org
acl internalSite2 dstdomain reports.altonschools.org
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_Ports
http_access allow reports_Printing
http_access allow internalSite1
http_access allow internalSite2
http_access allow localnet
http_access allow localhost
http_access deny all
icp_port 0
refresh_pattern \.jpg$ 3600 50% 60
refresh_pattern \.gif$ 3600 50% 60
refresh_pattern \.css$ 3600 50% 60
refresh_pattern \.js$ 3600 50% 60
refresh_pattern \.html$ 300 50% 10
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
access_log /var/log/squid/access.log squid
visible_hostname AHSPX01

{end of paste}

/usr/local/squid/sbin/squid -z
/usr/local/squid/sbin/squid

If all goes well, then you should have a functional proxy. You should test it by configuring your web browser to the proxy and start hitting some sites. After that need to set it up as a service.

Start as service Rolling your own squid does not install it as a service. So I previously did a ‘sudo apt-get squid3′ (not the version I wanted for production) to get the service start up script and then examined its settings and compared it to where squid rolled the same files. I highlighted the modifications in bold. I’m not making any kind of claims on this hack. Use at your own risk.

sudo nano /etc/init.d/squid

and modify the following lines. I would comment out the original lines as they are and retype the lines, with the modifications, on the following line.

DAEMON=/usr/local/squid/sbin/squid
CONFIG=/usr/local/squid/etc/squid.conf
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/squid/sbin

sudo update-rc.d squid defaults

now restart the server and verify that squid came back up

sudo shutdown now -r

when it comes back up login again and do a

ps -A |grep squid

and play with managing the services

sudo /etc/init.d/squid restart
ps -A |grep squid
sudo /etc/init.d/squid stop
{note squid stop is not working for me}
ps -A |grep squid
sudo /etc/init.d/squid start
ps -A |grep squid

If all goes well you are ready to begin production testing. Add a few computers and play with it. Add a few more or a group each day.

I noticed that after rolling my own, the script in /etc/init.d/squid was broken. So I created my own squid management scripts. This is just a working copy so use at your own risk.

sqdrestart.sc

#!/bin/bash
stoppingsquid()
{
echo Killins squid by using sqdstop.sc
./sqdstop.sc
}

startingsquid()
{
echo starting squid by using sqdstart.sc
./sqdstart.sc
}

stoppingsquid
startingsquid

ps -A | grep squid && echo squid has restarted! && exit
ps -A | grep squid || echo squid failed to start! trying again…

sqdstart.sc….

sudo /etc/init.d/squid start && ps -A | grep squid

sqdstop.sc

#!/bin/bash

exiting()
{
#ps -A | grep squid && echo not all squid killed re-run the command
echo squid is dead!
exit
}

killsquid()
{
echo killing squid $i
killall squid
#sleep 1
}

echo begining loop to kill all squid processes
echo press [CNTL + C to exit out]
while :
do
ps -A | grep squid && killsquid || exiting
done

To be continued… How do push proxy settings with active directory GPO for IE, and a Fire Fox configure script too.