## Setting up Squid to run as a proxy for HTTP, FTP & Gopher
## Christopher Raven <>
DISCLAIMER: YOU SHOULD READ THIS DOCUMENT THROUGH COMPLETELY AT
LEAST ONCE BEFORE TRYING TO INSTALL SQUID. ALSO SO, IF USING THIS
GUIDE CAUSES YOUR COMPUTER, FILES, HEALTH, WIFE OR ANYTHING ANY
PROBLEMS OR YOUR CAT TO DIE - I'M NOT TO BE HELD RESPONSIBLE FOR IT :-)
My setup:
- AMD k6 233 with 128MB SDRAM
- FreeBSD 3.1 Release
- 4.3GB SCSI drive with Adaptec AH-2940UW controller
- Squid 2.1 from Walnut Creek CDROM
- Netscape Navigator 4.08 browser
What is SQUID?
The following is taken from the
:
is software that caches
Internet data. It does this by accepting requests for objects that people
want to download and handling their requests in their place. In other
words, if a person wants to download a web page, they ask squid to get
the page for them. Squid then connects to the remote server (for
example http://squid.nlanr.net/) and requests the page. It then
transparently streams the data through itself to the client machine,
but at the same time keeps a copy. The next time someone wants that
page, squid simply reads it off disk, transferring the data to the
client machine almost immediately. Squid currently handles the HTTP,
FTP, GOPHER, SSL and WAIS protocols. It doesn't handle things like
POP, NNTP, RealAudio and others.
Step 1
First-off I installed Squid 2.1 from the ports collection.
You should be able to find it in the /usr/ports/www directory if you
installed the ports on your machine. It is also on the first CDROM if
you bought the Walnut Creek distribution. I won't go into the port
install here, as it is covered well enough in the
.
The port installs a Squid directory into /usr/local/squid, a script
called squid.sh into the /usr/local/etc/rc.d directory (this script
calls squid whenever the machine is run) and a Squid directory into
/usr/local/etc/squid. It may have installed others, but without
resorting to reading the Makefile, I didn't didn't see them :-)
Step 2
I edited the squid.conf file (/usr/local/etc/squid/squid.conf) to
reflect my own requirements (and in any event if you don't, it won't
work right!).
Of particular note is the line (near the bottom) in the squid.conf
file that reads:
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access deny all
This should be changed to allow / deny etc. as you require (full
instructions are in the file). In my case I have a secure network and
I changed deny all to allow all so that anyone can browse the web!
At this time I made a note that the squid.conf file made reference to
a number of currently non-existent log files:
#cache_access_log /usr/local/squid/logs/access.log
#cache_log /usr/local/squid/logs/cache.log
#cache_store_log /usr/local/squid/logs/store.log
#cache_swap_log
As stated, none of these logs appeared to be on my machine anywhere.
The final one #cache_swap_log seemed to be additional to (my)
requirements though, so that one is ok.
I *hoped* then that these logs would be created by the Squid program
the first time it ran -fingers crossed here-.
Step 3
I attempted to initialize the Squid using its installed shell script
as follows:
# cd /usr/local/etc/rc.d
# ./squid.sh
Hurrah! The word squid fleetingly appears on the console. But no
further messages :-(
I needed to see now if the squid process had started, so I used ps -a
to show all active processes:
# ps -a
PID TT STAT TIME COMMAND
781 p0 Is 0:00.01 sh
783 p0 S 0:00.06 -su (csh)
965 p0 R+ 0:00.00 ps -a
298 v0 Is 0:00.08 -sh (sh)
787 v1 Is+ 0:00.01 /usr/libexec/getty Pc ttyv1
791 v2 Is+ 0:00.01 /usr/libexec/getty Pc ttyv2
301 v4 Is+ 0:00.01 /usr/libexec/getty Pc ttyv4
302 v5 Is+ 0:00.01 /usr/libexec/getty Pc ttyv5
303 v6 Is+ 0:00.01 /usr/libexec/getty Pc ttyv6
Bummer, nothing there ...... so time to check those error-logs.
# cd /usr/local/squid/
# cat squid.out
Startup: Tue Apr 20 14:50:14 BST 1999
WARNING: Cannot write log file: /usr/local/squid/logs/cache.log
/usr/local/squid/logs/cache.log: Permission denied messages will be sent to 'stderr'.
1999/04/20 14:50:14| WARNING: Closing open FD 2
1999/04/20 14:50:14| Starting Squid Cache version 2.1.PATCH2 for i386-unknown-freebsd3.1...
1999/04/20 14:50:14| Process ID 806
1999/04/20 14:50:14| With 1064 file descriptors available
1999/04/20 14:50:14| Performing DNS Tests...
1999/04/20 14:50:14| Successful DNS name lookup tests...
1999/04/20 14:50:14| helperOpenServers: Starting 5 'dnsserver' processes
1999/04/20 14:50:14| /usr/local/squid/logs/access.log: (13) Permission denied
FATAL: Cannot open logfile.
Squid Cache (Version 2.1.PATCH2): Terminated abnormally.
CPU Usage: 0.059 seconds
Maximum Resident Size: 1336 KB
Page faults with physical i/o: 0
A quick look at this file shows it can't access any log files, best
check:
# cd /usr/local/squid/logs/
# ls -la
total 2
drwxr-xr-x 2 root wheel 512 Apr 20 14:31 .
drwxr-xr-x 4 root wheel 512 Apr 20 14:50 ..
#
OK, so the logs weren't made - time to make my own blank files using ee
(built-in text editor) ......
Step 4
# cd /usr/local/squid/logs/
# ee access.log
Now just press the 'Space Bar' once, then press the 'Escape' key and
choose a) leave editor (press Enter) then choose a) save changes
(press enter again). You should now have an empty file called
access.log.
# ls -la
total 3
drwxr-xr-x 2 root wheel 512 Apr 20 15:43 .
drwxr-xr-x 4 root wheel 512 Apr 20 14:50 ..
-rw-r--r-- 1 root wheel 2 Apr 20 15:43 access.log
#
Now to make the other missing log files .....
# cp access.log cache.log
# cp access.log store.log
And now we need to make them writeable:
# cd /usr/local/squid/logs/
# chown nobody *
# ls -la
drwxr-xr-x 2 root wheel 512 Apr 20 16:34 .
drwxr-xr-x 4 root wheel 512 Apr 20 14:50 ..
-rw-r--r-- 1 nobody wheel 2 Apr 20 16:33 access.log
-rw-r--r-- 1 nobody wheel 2 Apr 20 16:34 cache.log
-rw-r--r-- 1 nobody wheel 2 Apr 20 16:34 store.log
As can be seen they now exist so we can retry Step 3.
# cd /usr/local/etc/rc.d
# ./squid.sh
This time, we can see an error log output to
/usr/local/squid/logs/cache.log
1999/04/16 21:45:56| Starting Squid Cache version 2.1.PATCH2 for i386-unknown-freebsd3.1...
1999/04/16 21:45:56| Process ID 306
1999/04/16 21:45:56| With 1064 file descriptors available
1999/04/16 21:45:56| Performing DNS Tests...
1999/04/16 21:45:56| Successful DNS name lookup tests...
1999/04/16 21:45:56| helperOpenServers: Starting 5 'dnsserver' processes
1999/04/16 21:45:56| Unlinkd pipe opened on FD 14
1999/04/16 21:45:56| Swap maxSize 102400 KB, estimated 7876 objects
1999/04/16 21:45:56| Target number of buckets: 157
1999/04/16 21:45:56| Using 8192 Store buckets, replacement runs every 10 seconds
1999/04/16 21:45:56| Max Mem size: 8192 KB
1999/04/16 21:45:56| Max Swap size: 102400 KB
1999/04/16 21:45:56| /usr/local/squid/cache/00: (2) No such file or directory
FATAL: Failed to verify one of the swap directories, Check
cache.log for details. Run 'squid -z' to create swap
directories if needed, or if running Squid for the first time.
OK, so theres the answer I think .....
FATAL: Failed to verify one of the swap directories, Check cache.log
for details. Run 'squid -z' to create swap directories
if needed, or if running Squid for the first time.
Step 5
As per the instructions I executed the command 'squid -z' (creates the
caches in the directory /usr/local/squid ).
-----
NOTE: The online manual says that Squid is to be found as
/usr/local/squid/bin/squid but it is in fact located on a
FreeBSD machine as /usr/local/sbin/squid.
-----
# cd /usr/local/sbin
# ./squid -z
Only I get ......
1999/04/20 17:01:25| Creating Swap Directories
FATAL: Failed to make swap directory /usr/local/squid/cache/00: (13) Permission denied
Squid Cache (Version 2.1.PATCH2): Terminated abnormally.
CPU Usage: 0.020 seconds
Maximum Resident Size: 1008 KB
Page faults with physical i/o: 0
Hmm, guess I'll need to make the cache directory writeable too!
# cd /usr/local/squid
# chown nobody cache
And now to return to the beginning of Step 5 and repeat:
# cd /usr/local/sbin
# ./squid -z
1999/04/20 17:05:31| Creating Swap Directories
#
Lots of encouraging hard drive noises are to be heard here this time!
Now to see if the folders have in fact been made .....
# cd /usr/local/squid
# ls
00 02 04 06 08 0A 0C 0E
01 03 05 07 09 0B 0D 0F
#
As can be seen, Squid has now created all the cache swap folders so
things are looking better.
Step 6
Next I went back to the rc.d directory to call Squid up (fingers
crossed)..
# cd /usr/local/etc/rc.d
# ./squid.sh
Hurrah! The word squid again fleetingly appears on the console. But
then no further messages. However, the hard disk starts a buzzing so,
now to check if it really is running .....
The manual says I can use Squid itself for this, the answer being
'given by the exit shell'. The syntax is as follows: squid -k check.
So, I gave it a go .....
# cd /usr/local/sbin
# ./squid -k check
and, nothing?!? Yep a big fat zero. So we tried the manual's method
no.2, the 'client program'.
# cd /usr/local/sbin
# ./client http://www.netscape.com/ > test
OK, now were talking! My modem clicks into life and a quick check of
the cache.log file reveals:
1999/04/16 23:41:52| Starting Squid Cache version 2.1.PATCH2 for i386-unknown-freebsd3.1...
1999/04/16 23:41:52| Process ID 822
1999/04/16 23:41:52| With 1064 file descriptors available
1999/04/16 23:41:52| Performing DNS Tests...
1999/04/16 23:41:52| Successful DNS name lookup tests...
1999/04/16 23:41:52| helperOpenServers: Starting 5 'dnsserver' processes
1999/04/16 23:41:53| Unlinkd pipe opened on FD 14
1999/04/16 23:41:53| Swap maxSize 102400 KB, estimated 7876 objects
1999/04/16 23:41:53| Target number of buckets: 157
1999/04/16 23:41:53| Using 8192 Store buckets, replacement runs every 10 seconds
1999/04/16 23:41:53| Max Mem size: 8192 KB
1999/04/16 23:41:53| Max Swap size: 102400 KB
1999/04/16 23:41:53| Rebuilding storage in Cache Dir #0 (DIRTY)
1999/04/16 23:41:53| Loaded Icons.
1999/04/16 23:41:53| Accepting HTTP connections on port 3128, FD 36.
1999/04/16 23:41:53| Accepting ICP messages on port 3130, FD 37.
1999/04/16 23:41:53| Ready to serve requests.
1999/04/16 23:41:53| storeRebuildFromDirectory: DIR #0 done!
1999/04/16 23:42:39| Finished rebuilding storage disk.
1999/04/16 23:42:39| 0 Entries read from previous logfile.
1999/04/16 23:42:39| 0 Entries scanned from swap files.
1999/04/16 23:42:39| 0 Invalid entries.
1999/04/16 23:42:39| 0 With invalid flags.
1999/04/16 23:42:39| 0 Objects loaded.
1999/04/16 23:42:39| 0 Objects expired.
1999/04/16 23:42:39| 0 Objects cancelled.
1999/04/16 23:42:39| 0 Duplicate URLs purged.
1999/04/16 23:42:39| 0 Swapfile clashes avoided.
1999/04/16 23:42:39| Took 46 seconds ( 0.0 objects/sec).
1999/04/16 23:42:39| Beginning Validation Procedure
1999/04/16 23:42:39| storeLateRelease: released 0 objects
1999/04/16 23:42:39| Completed Validation Procedure
1999/04/16 23:42:39| Validated 0 Entries
1999/04/16 23:42:39| store_swap_size = 21k
..... something positive going on here and, /usr/local/squid/logs/access.log
shows:
924312430.045 43630 127.0.0.1 TCP_MISS/200 21143 GET
http://www.netscape.com/ - DIRECT/www.netscape.com text/html
I guess that must be my client program after all :-) A look at the
other log files reveals similar good news.
Step 7
Finally I needed to configure my browser to use the cache.
Instructions for doing this vary depending on your browser, but a
rough guide can be found at both
and
.
So there you should have it, a working Squid. What can I say, it
worked for me! As I play with and *tweak* my setup I'll maybe look to
refining this document.
Cheers,
Chris R.
Return to Issue #5
|
