1 / 14

Running SQUID in freeBSD

Running SQUID in freeBSD. Sufi Faruq Ibne Abubakar AKTEL, TMIB Bangladesh. What is Squid ? A full-featured Web proxy cache Designed to run on Unix systems Free, open-source software The result of many contributions by unpaid (and paid) volunteers Why will I use Squid?

adamdaniel
Télécharger la présentation

Running SQUID in freeBSD

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RunningSQUIDinfreeBSD Sufi Faruq Ibne Abubakar AKTEL, TMIB Bangladesh

  2. What is Squid ? • A full-featured Web proxy cache • Designed to run on Unix systems • Free, open-source software • The result of many contributions by unpaid (and paid) volunteers Why will I use Squid? • Save 30% Internet Bandwidth • Access Control • Low cost proxy

  3. Proxy keeps database of each request comes from client • Proxy itself goes to get resource from internet to satisfy first time request • Proxy caches resources immediately after obtaining it from internet. • Proxy serves the resource from cache in second request for same resources

  4. Consideration for squid deployment • User calculation • System Memory (Min 256 MB RAM) • Speedy Storage (SCSI Preferred) • Faster CPU • Functionality expectations

  5. Squid Features • Proxying and caching of HTTP, FTP, and other URLs • Proxying for SSL • Cache hierarchies • ICP, HTCP, CARP, Cache Digests • Transparent caching • WCCP (Squid v2.3 and above) • Extensive access controls • HTTP server acceleration • SNMP • caching of DNS lookups • And many more..

  6. Obtaining Squid • Obtain package source from: • http://www.squid-cache.org • Squid Mirror Sites (http://www.squid-cache.org/Mirrors/http-mirrors.html) • Binary download for FreeBSD also available (http://www.squid-cache.org/binaries.html) • “STABLE” releases, suitable for production use • “PRE” releases, suitable for testing

  7. Installing Squid • tar zxvf squid-2.5.STABLE10.tar.gz • cd squid-2.5.STABLE10 • ./configure --enable-removal-policies --enable-delay-pools --enable-ipf-transparent --enable-snmp --enable-storeio=diskd,ufs --enable-storeio=diskd,ufs --disable-ident-lookups • make all • make install

  8. Configuring Squid • Edit the squid.conf file and populate it # vi /usr/local/squid/etc/squid.conf http_port 3128 cache_mem 16 MB cache_dir ufs /usr/local/squid/cache 15360 16 256 cache_replacement_policy lru acl all src 0.0.0.0/0.0.0.0 acl outgoing src 202.144.151.0/255.255.255.224 http_access allow outgoing http_access deny all

  9. Necessary File Permissions • Give the logfile directory ownership to squid user # chown -R nobody:nobody /usr/local/squid/var/logs • Give the cache directory ownership to squid user # mkdir /usr/local/squid/cache # chown -R nobody:nobody /usr/local/squid/cache # /usr/local/squid/sbin/squid –z • We consider “nobody” is the squid user here.

  10. Squid Startup Script# touch /usr/local/etc/rc.d/squid.sh # chmod 755 /usr/local/etc/rc.d/squid.sh #!/bin/sh echo -n ' Squid ' case "$1" in start) /usr/local/squid/sbin/squid -D ;; stop) /usr/local/squid/sbin/squid -k shutdown ;; restart) /usr/local/squid/sbin/squid -k reconfigure ;; *) echo "Usage: `basename $0` {start|stop|restart}" ;; esac

  11. Running Squid • Create cache dir and create swap # (/usr/local/squid/sbin/squid -z) • Configure Squid to start at boot # vi /etc/rc.conf (squid_enable=“YES”) • Run Squid using script # /usr/local/etc/rc.d/squid.sh start

  12. Advanced Features • --enable-delay-pools • Enable delay pools to limit bandwidth usage. • It will give fair bandwidth usage for everybody. • --enable-ipf-transparent • You need to use IP Filter to redirect traffic. • You don't have to configure the client's browser. • You can force the client to use the proxy every time. • --enable-storeio=diskd,ufs • Improve disk I/O performance up to 400 % (squid FAQ). • You might need to recompile the kernel to support message queues and shared memory (if not supported). • --enable-snmp • Enable SNMP to monitor squid performace. • SNMP enables you to monitor squid with mrtg or rrdtool.

  13. Configuring Transparent Proxy • Compile with --enable-ipf-transparent • Edit “squid.conf” to fiill with following options. http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on • Edit “/etc/rc.conf” to enable ipfilter ipfilter_enable="YES" ipnat_enable="YES“ ipmon_enable="YES" ipfs_enable="YES“ • Edit /etc/ipnat.rules to add http traffic redirection rules. rl0 0/0 port 80 -> 127.0.0.1 port 3128 tcp

  14. Monitoring Squid Activities • cache_access_log • cache_store_log • cache_log Troubleshooting Squid • /var/log/messages

More Related