squid_install_overview.html

Squid Overview

Installation

We're going to download and build squid from the traditional place that you would build locally custom packages.

go to:

/usr/local/src/

Let's get the squid package from the e1 ftp server:

ftp.e1.ws.afnog.org

The File is:

squid-2.5.STABLE9.tar.gz

It's in the directory:

/pub/sources

Under normal circumstances you would grab squid from http://www.squid-cache.org, if we look at http://www.squid-cache.org/Versions/v2/2.5/MD5s.html we'll find the md5sums for the packages... We can use this to verfiy that the package we have downloaded is in fact the one available from squid-cache.org.

Compute the md5sum of:

squid-2.5.STABLE9.tar.gz

Does it match?

Ok, so we're certain we have the right source packages, lets unpack it.

Take a look at the README and INSTALL files.

We're going to want to set a couple options, we want three storage methodsenabled, ufs aufs and diskd we also want support for posix threads.

Run ./configure with the --help option.

Now run ./configure with the flags needed to configure the squid build with your needed options.

Now, we can just do:

make

then

make install

squid should now be installed.

Configuration

squid is now installed in /usr/local/squid/, go there and take a look around.

squid's configuration lives in /usr/local/etc/squid.conf

You'll want to take a look at that file. In particular there are a few things we have to change before it will be able to run.

Find the cache_dir line.

In the squid.conf file, the defaults are present, but commented out, so if you want, you uncomment the line and change it. In our case we want to use the diskd storage method rather than the ufs method. Note the current location of the cache dir and it's current size.

Find the acl sections. Acl's in squid are how you control who accesses your squid cache (open proxies are bad) . Acl's are first defined, then policy is applied to them. Look at the section titled Recommended minimum configuration, can you see how to create an acl that would match the subnet that we're on?

Read the section titled TAG: http_access, then below that in the section titled INSERT YOUR OWN RULES TO ALLOW ACCESS FROM YOUR CLIENTS add the acl line for our subnet and add an http_access allow statement to it.

Having saved our changes we're ready to move on. When squid is run for the first time it actually needs to create the directory structure where the cache files will live. back up to /usr/local/squid/ note that the var dir is owned by root, now cd into it. you'll note that the logs dir is also owned by root and that there is no cache dir. create the directory cache, and chown the cache dir and the var dir to user nobody.

Run /usr/local/squid/sbin/squid -z

You should be able to run /usr/local/sbin/squid by itself now and configure your browser to access the proxy server.