Setting Up Squid on FreeBSD
Squid is web caching and conserving badwidth application. With Squid, we will reduce the traffic 30% or more from normal usage (without squid) and enhance respone time. In here, i will use squid 2.7.STABLE3.
Installing Squid.
You can download Squid from here. After you download the source of squid, then :
# tar zxvf squid-2.7.STABLE3.tar.gz
# cd squid-2.7.STABLE3
# ./configure '--sysconfdir=/etc/squid' '--enable-storeio=diskd,ufs,aufs' '--enable-delay-pools' \
'--enable-pf-transparent' '--enable-ipf-transparent' '--disable-ident-lookups' \
'--enable-removal-policies'
# make
# make install
--enable-delay-pools - Enable delay pools to limit bandwidth usage.
You need to enable the option in order to use Squid to limit bandwith usage. It will give fair bandwith usage for everybody. In my case, I don't want one person sucking all of the available bandwidth by downloading a big movie, causing others to suffer.
--enable-ipf-transparent - Enable Transparent Proxy support for systems using IP Filter network address redirection.
With this option, you don't have to configure the client's browser proxy setting. Also it is a good way to force the client to use the proxy everytime.
--enable-storeio=diskd,ufs - Enable diskd
Improve disk I/O performance. According to the Squid FAQ, if you enable diskd you can gain a 400% increase of perfomance. However, you would need to recompile the kernel because your operating system must support message queues and shared memory.
--enable-removal-policies - Build support for the list of removal policies.
By default, Squid uses LRU, but there are two better policies: GDSF and LFUDA. See the Squid config for a more detailed explanation.
--disable-ident-lookups - This allows you to remove code that performs Ident (RFC 931) lookups.
Not really important. By the way, if you do transparent proxy, ident lookups won't work.
--enable-snmp
Optional: enable this and you can monitor Squid with mrtg or rrdtool. How to do this is outside of this article's scope. Perhaps in my next one.
Edit Squid Configuration file in /etc/squid/squid.conf
Here the example of squid.conf :
#Transparent Proxy
http_port 127.0.0.1:8080 transparent
http_port 192.168.100.2:8080
dead_peer_timeout 30 seconds
peer_connect_timeout 30 seconds
icp_query_timeout 5000
#Regex for download-file
acl download-file urlpath_regex -i "/etc/squid/download-file"
acl download-spesial urlpath_regex -i "/etc/squid/download-spesial"
acl QUERY urlpath_regex cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$
acl nocache-domain dstdomain .mail.yahoo.com .login.yahoo.com .gmail.com .rapidshare.de .rapidshare.com
no_cache deny QUERY
no_cache deny nocache-domain
acl myself dst 127.0.0.1 192.168.100.2
always_direct allow myself
always_direct allow nocache-domain
always_direct allow QUERY
cache_mem 96 MB
#How many squid will use space of harrdisk.
#You can use my formula, use 80% from free space of harddisk use for cache
#64 Number of directory
#128 Number of sub-directory for each directory
cache_dir aufs /cache 20000 64 128
maximum_object_size 4096 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 16 KB
ipcache_size 4096
fqdncache_size 4096
logformat custom %{%Y-%m-%d %H:%M:%S}tl %03tu %>a %tr %ul %ui %Hs %mt %rm %ru %rv %st %Sh %Ss
#cache_access_log /var/squid/logs/access.log custom
cache_access_log none
cache_log /var/squid/logs/cache.log custom
cache_store_log none
pid_filename /var/squid/logs/squid.pid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.gif$ 10080 100% 43200
refresh_pattern -i \.jpg$ 10080 100% 43200
refresh_pattern -i \.jpeg$ 10080 100% 43200
refresh_pattern -i \.bmp$ 10080 100% 43200
refresh_pattern -i \.mid$ 10080 100% 43200
refresh_pattern -i \.wav$ 10080 100% 43200
refresh_pattern -i \.ico$ 10080 100% 43200
refresh_pattern -i \.yim$ 10080 100% 43200
refresh_pattern -i \.jar$ 10080 100% 43200
refresh_pattern -i \.ldict$ 10080 100% 43200
refresh_pattern -i \.swf$ 10080 100% 43200
refresh_pattern -i \.class$ 10080 100% 43200
refresh_pattern -i \.cab$ 10080 100% 43200
refresh_pattern . 10 100% 10080
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 1 minute
connect_timeout 60 seconds
request_timeout 3 minutes
persistent_request_timeout 1 minute
read_timeout 15 minutes
client_lifetime 1 day
half_closed_clients off
pconn_timeout 2 minutes
shutdown_lifetime 1 seconds
#Access List
#I have two subnets, one for 'user' and another one for 'spesial'
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl user src 192.168.200.0/255.255.255.0
acl spesial src 192.168.200.102 192.168.200.103
http_access allow user
http_access deny all
http_reply_access allow user
http_reply_access deny all
icp_access allow user
icp_access deny all
miss_access allow user
miss_access deny all
cache_mgr nofee26@mustnofee.com
cache_effective_user squid
cache_effective_group squid
visible_hostname Proxy
coredump_dir /cache
forwarded_for off
log_icp_queries off
delay_pools 2
#Bandwidth for 'spesial'
#When file more than 512KB, then 'spesial' will get 20KB = 160kbps
delay_class 1 2
delay_parameters 1 -1/-1 20000/512000
delay_access 1 allow spesial download-spesial
delay_access 1 deny all
#Bandwidth for 'user'
#When file more than 256KB, then 'user' will get 8KB = 64kbps
delay_class 2 2
delay_parameters 2 -1/-1 8000/256000
delay_access 2 allow user download-file
delay_access 2 deny all
via off
server_persistent_connections off
client_persistent_connections off
Create and configure cache directory, swap, and log file
# mkdir -p /var/squid/logs
# chmod 777 /var/squid/logs/
# chmod 777 /cache
# chmod 777 /etc/squid/
# chmod 777 /dev/pf/
# /usr/local/squid/sbin/squid -z
Configuring pf.conf for Transparent Proxy
#add this line after nat :
rdr on $user_if proto tcp from 192.168.200.0/24 to any port 80 -> 127.0.0.1 port 8080
Create script for squid start-up:
#!/bin/sh
# By No Fee (c) 2007
case "$1" in
start)
echo "Starting Squid..."
/usr/local/squid/sbin/squid -D
;;
stop)
echo "Stoping Squid..."
/usr/local/squid/sbin/squid -k shutdown
;;
restart)
echo "Restarting Squid..."
/usr/local/squid/sbin/squid -k reconfigure
;;
rotate)
echo "Rotating Squid Log..."
/usr/local/squid/sbin/squid -k rotate
;;
ver)
echo "You're using : "
/usr/local/squid/sbin/squid -v
;;
*)
echo "Usage: `basename $0` {start|stop|restart|rotate|ver}" >&2
exit 64
;;
esac
Save with : /usr/sbin/squid
then give permission : chmod 755 /usr/sbin/squid
All Done.
About You :
38.107.179.242
United StatesBrowser :
UnknownOperating System :
UnknownKeep This Site Alive
Your Comment On Tutorial:
- Blocking Internet Explorer 6 w...
What is your favorite sitcom most? buy zithromax More... - Setting up a basic MikroTik ho...
Hello, I already tried 300x times to configure a M... More... - Load Balancing on MikroTik
aq coba load balancing . jk tak cabut dr provider ... More... - Setting up a basic MikroTik ho...
From the terminal: /ip hotspot reset-html From Win... More... - Setting Up no-password SSH
KOVAL ! why do you only respond to people who thre... More...
Comments
If its not a bother to you, can you provide an explanation for all the directives that you used..
RSS feed for comments to this post.