Slackware 13.0 - Installing Squid 3.1.12 ======================================== Public domain ******************************************************************************** ### squid-3.1.12 cd /usr/src wget -c "http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.12.tar.gz" tar xf squid-3.1.12.tar.gz cd squid-3.1.12 ulimit -HSn 16384 ulimit -HSd unlimited ./configure \ --prefix=/usr/local/squid \ --enable-forward-log \ --enable-follow-x-forwarded-for \ --enable-snmp \ --enable-linux-netfilter \ --enable-http-violations \ --enable-delay-pools \ --enable-storeio=diskd,aufs,ufs \ --with-large-files \ --enable-large-cache-files \ --with-filedescriptors=16384 \ --enable-async-io=128 \ --enable-removal-policies=lru,heap \ --enable-useragent-log \ --enable-referer-log \ --enable-err-languages=English \ --enable-default-err-language=English \ --enable-zph-qos \ && make && make install cp /usr/local/squid/etc/squid.conf{,.bak} ******************************************************************************** ### /usr/local/squid/etc/squid.conf # Minimum ACL configuration acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Protect innocent web applications running on the # proxy server who think the only one who can access # services on "localhost" is a local user http_access deny to_localhost # Clients access rules acl localnet src 192.168.93.0/24 192.168.168.0/24 http_access allow localnet http_access allow localhost # Finally deny all other access to this proxy http_access deny all # Deny all ICP requests to this proxy icp_access deny all # Deny all HTCP requests to this proxy htcp_access deny all # Squid normal transparent listener http_port 3128 intercept # Override /etc/resolv.conf dns_nameservers 85.185.14.9 # Protect dynamic content hierarchy_stoplist cgi-bin ? dll aspx # Cache memory should be at most half of RAM size in MB cache_mem 2048 MB # These objects should be kept in memory maximum_object_size_in_memory 20 KB # Which objects are replaced when memory space is needed cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA # Disk swap directories cache_dir aufs /cache/1 51200 256 1024 cache_dir aufs /cache/2 51200 256 1024 cache_dir aufs /cache/3 51200 256 1024 cache_dir aufs /cache/4 51200 256 1024 # These objects should be kept on hard disk maximum_object_size 65536 KB # Water marks for cache object replacement cache_swap_high 95 cache_swap_low 93 # Logfile format logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs % /proc/sys/vm/swappiness # tcp keep alive tuning #echo 60 > /proc/sys/net/ipv4/tcp_keepalive_time #echo 10 > /proc/sys/net/ipv4/tcp_keepalive_intvl #echo 6 > /proc/sys/net/ipv4/tcp_keepalive_probes echo 65000 > /proc/sys/net/ipv4/tcp_max_syn_backlog echo 1024 65000 > /proc/sys/net/ipv4/ip_local_port_range echo 1 > /proc/sys/net/ipv4/tcp_window_scaling echo 1 > /proc/sys/net/ipv4/tcp_timestamps echo 33554432 > /proc/sys/net/core/rmem_max echo 33554432 > /proc/sys/net/core/wmem_max echo 4096 87380 33554432 > /proc/sys/net/ipv4/tcp_rmem echo 4096 87380 33554432 > /proc/sys/net/ipv4/tcp_wmem echo 1 > /proc/sys/net/ipv4/tcp_no_metrics_save echo 3000 > /proc/sys/net/core/netdev_max_backlog echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time echo 0 > /proc/sys/net/ipv4/tcp_timestamps echo 256960 > /proc/sys/net/core/rmem_default echo 256960 > /proc/sys/net/core/wmem_default echo 524288 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle # Start Squid Cache Server: if [ -x /etc/rc.d/rc.squid ]; then /etc/rc.d/rc.squid start fi # Cache Redirect - module must be load iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to 3128 ******************************************************************************** ### /etc/rc.d/rc.local_shutdown #!/bin/bash # Stop Squid Cache server: if [ -x /etc/rc.d/rc.squid ]; then /etc/rc.d/rc.squid stop fi ******************************************************************************** ### /etc/logrotate.d/squid /usr/local/squid/var/logs/access.log { daily rotate 186 start 1 copytruncate compress compresscmd /usr/bin/bzip2 compressext .bz2 compressoptions -sq9 dateext notifempty missingok } /usr/local/squid/var/logs/cache.log /usr/local/squid/var/logs/store.log { daily rotate 31 start 1 copytruncate compress compresscmd /usr/bin/bzip2 compressext .bz2 compressoptions -sq9 dateext notifempty missingok sharedscripts postrotate /usr/local/squid/sbin/squid -k rotate endscript } ******************************************************************************** ### Partitions & memory # cat /etc/fstab /dev/sda1 swap swap defaults 0 0 /dev/sda2 / reiserfs defaults 1 1 /dev/cdrom /mnt/cdrom auto noauto,owner,ro 0 0 /dev/fd0 /mnt/floppy auto noauto,owner 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 proc /proc proc defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 /dev/sda3 /usr/local/squid/var/logs/ reiserfs noatime,notail 1 2 /dev/sda4 /cache/1 reiserfs noatime,notail 1 2 /dev/sdb1 /cache/2 reiserfs noatime,notail 1 2 /dev/sdc1 /cache/3 reiserfs noatime,notail 1 2 /dev/sdd1 /cache/4 reiserfs noatime,notail 1 2 # df -h Filesystem Type Size Used Avail Use% Mounted on /dev/root reiserfs 21G 4.5G 16G 23% / tmpfs tmpfs 2.0G 0 2.0G 0% /dev/shm /dev/sda3 reiserfs 101G 33M 100G 1% /usr/local/squid/var/logs /dev/sda4 reiserfs 178G 33M 178G 1% /cache/1 /dev/sdb1 reiserfs 299G 33M 299G 1% /cache/2 /dev/sdc1 reiserfs 233G 33M 233G 1% /cache/3 /dev/sdd1 reiserfs 233G 33M 233G 1% /cache/4 # free -m total used free shared buffers cached Mem: 3910 186 3723 0 20 105 -/+ buffers/cache: 60 3849 Swap: 1035 0 1035 ******************************************************************************** ### First time lunch mkdir -p /cache/{1,2,3,4} chown -R nobody:nobody /cache chown -R nobody:nobody /usr/local/squid/var/logs chmod +x /etc/rc.d/rc.local_shutdown chmod +x /etc/rc.d/rc.squid /usr/local/squid/sbin/squid -z /etc/rc.d/rc.squid start ******************************************************************************** _BY: Pejman Moghadam_ _TAG: squid, fstab_ _DATE: 2011-05-23 11:28:40_