Aug

Setting Up Squid on FreeBSD

Written by nofee

Squid is web caching and conserving badwidth application. With Squid, we will reduce the traffic 30% or more from normal usage (without squid) and enhance respone time. In here, i will use squid 2.7.STABLE3.

Installing Squid.
You can download Squid from here. After you download the source of squid, then :

# tar zxvf squid-2.7.STABLE3.tar.gz
# cd squid-2.7.STABLE3
# ./configure '--sysconfdir=/etc/squid' '--enable-storeio=diskd,ufs,aufs' '--enable-delay-pools' \
'--enable-pf-transparent' '--enable-ipf-transparent' '--disable-ident-lookups' \
'--enable-removal-policies'
# make
# make install

Explanation :
--enable-delay-pools - Enable delay pools to limit bandwidth usage.
You need to enable the option in order to use Squid to limit bandwith usage. It will give fair bandwith usage for everybody. In my case, I don't want one person sucking all of the available bandwidth by downloading a big movie, causing others to suffer.

--enable-ipf-transparent - Enable Transparent Proxy support for systems using IP Filter network address redirection.
With this option, you don't have to configure the client's browser proxy setting. Also it is a good way to force the client to use the proxy everytime.

--enable-storeio=diskd,ufs - Enable diskd
Improve disk I/O performance. According to the Squid FAQ, if you enable diskd you can gain a 400% increase of perfomance. However, you would need to recompile the kernel because your operating system must support message queues and shared memory.

--enable-removal-policies - Build support for the list of removal policies.
By default, Squid uses LRU, but there are two better policies: GDSF and LFUDA. See the Squid config for a more detailed explanation.

--disable-ident-lookups - This allows you to remove code that performs Ident (RFC 931) lookups.
Not really important. By the way, if you do transparent proxy, ident lookups won't work.

--enable-snmp
Optional: enable this and you can monitor Squid with mrtg or rrdtool. How to do this is outside of this article's scope. Perhaps in my next one.

Edit Squid Configuration file in /etc/squid/squid.conf
Here the example of squid.conf :

#Transparent Proxy
http_port 127.0.0.1:8080 transparent
http_port 192.168.100.2:8080

dead_peer_timeout 30 seconds
peer_connect_timeout 30 seconds
icp_query_timeout 5000

#Regex for download-file
acl download-file urlpath_regex -i "/etc/squid/download-file"
acl download-spesial urlpath_regex -i "/etc/squid/download-spesial"

acl QUERY urlpath_regex cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$
acl nocache-domain dstdomain .mail.yahoo.com .login.yahoo.com .gmail.com .rapidshare.de .rapidshare.com
no_cache deny QUERY
no_cache deny nocache-domain

acl myself dst 127.0.0.1 192.168.100.2
always_direct allow myself

always_direct allow nocache-domain
always_direct allow QUERY

cache_mem 96 MB
#How many squid will use space of harrdisk.
#You can use my formula, use 80% from free space of harddisk use for cache
#64 Number of directory
#128 Number of sub-directory for each directory
cache_dir aufs /cache 20000 64 128

maximum_object_size 4096 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 16 KB
ipcache_size 4096
fqdncache_size 4096

logformat custom %{%Y-%m-%d %H:%M:%S}tl %03tu %>a %tr %ul %ui %Hs %mt %rm %ru %rv %st %Sh %Ss
#cache_access_log /var/squid/logs/access.log custom
cache_access_log none
cache_log /var/squid/logs/cache.log custom
cache_store_log none
pid_filename /var/squid/logs/squid.pid

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.gif$ 10080 100% 43200
refresh_pattern -i \.jpg$ 10080 100% 43200
refresh_pattern -i \.jpeg$ 10080 100% 43200
refresh_pattern -i \.bmp$ 10080 100% 43200
refresh_pattern -i \.mid$ 10080 100% 43200
refresh_pattern -i \.wav$ 10080 100% 43200
refresh_pattern -i \.ico$ 10080 100% 43200
refresh_pattern -i \.yim$ 10080 100% 43200
refresh_pattern -i \.jar$ 10080 100% 43200
refresh_pattern -i \.ldict$ 10080 100% 43200
refresh_pattern -i \.swf$ 10080 100% 43200
refresh_pattern -i \.class$ 10080 100% 43200
refresh_pattern -i \.cab$ 10080 100% 43200
refresh_pattern . 10 100% 10080

negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 1 minute

connect_timeout 60 seconds
request_timeout 3 minutes
persistent_request_timeout 1 minute
read_timeout 15 minutes
client_lifetime 1 day
half_closed_clients off
pconn_timeout 2 minutes
shutdown_lifetime 1 seconds

#Access List
#I have two subnets, one for 'user' and another one for 'spesial'
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl user src 192.168.200.0/255.255.255.0
acl spesial src 192.168.200.102 192.168.200.103

http_access allow user
http_access deny all

http_reply_access allow user
http_reply_access deny all

icp_access allow user
icp_access deny all

miss_access allow user
miss_access deny all

cache_mgr This e-mail address is being protected from spambots, you need JavaScript enabled to view it
cache_effective_user squid
cache_effective_group squid
visible_hostname Proxy
coredump_dir /cache

forwarded_for off
log_icp_queries off

delay_pools 2

#Bandwidth for 'spesial'
#When file more than 512KB, then 'spesial' will get 20KB = 160kbps
delay_class 1 2
delay_parameters 1 -1/-1 20000/512000
delay_access 1 allow spesial download-spesial
delay_access 1 deny all

#Bandwidth for 'user'
#When file more than 256KB, then 'user' will get 8KB = 64kbps
delay_class 2 2
delay_parameters 2 -1/-1 8000/256000
delay_access 2 allow user download-file
delay_access 2 deny all

via off

server_persistent_connections off
client_persistent_connections off

Create and configure cache directory, swap, and log file

# mkdir -p /var/squid/logs
# chmod 777 /var/squid/logs/
# chmod 777 /cache
# chmod 777 /etc/squid/
# chmod 777 /dev/pf/
# /usr/local/squid/sbin/squid -z

Configuring pf.conf for Transparent Proxy

#add this line after nat :
rdr on $user_if proto tcp from 192.168.200.0/24 to any port 80 -> 127.0.0.1 port 8080

Create script for squid start-up:

#!/bin/sh
# By No Fee (c) 2007

case "$1" in
start)
echo "Starting Squid..."
/usr/local/squid/sbin/squid -D
;;
stop)
echo "Stoping Squid..."
/usr/local/squid/sbin/squid -k shutdown
;;
restart)
echo "Restarting Squid..."
/usr/local/squid/sbin/squid -k reconfigure
;;
rotate)
echo "Rotating Squid Log..."
/usr/local/squid/sbin/squid -k rotate
;;
ver)
echo "You're using : "
/usr/local/squid/sbin/squid -v
;;
*)
echo "Usage: `basename $0` {start|stop|restart|rotate|ver}" >&2
exit 64
;;
esac

Save with : /usr/sbin/squid
then give permission : chmod 755 /usr/sbin/squid

All Done.

Bookmark

Email This

Trackback(0)

TrackBack URI for this entry

Comments (7) Add Comment

Subscribe to this comment's feed

tanya file download
written by cesz, April 22, 2009

Boleh tanya penulisan format untuk download-file dan download-spesial, syukur2 kalau bisa di share sekalian file2 tersebut. terima kasih sebelumnya

report abuse

vote down

vote up

Votes: +0

thanks
written by tiar27, April 15, 2009

makasih infonya ge liat2 aja dulu masih bingung

report abuse

vote down

vote up

Votes: +0

...
written by Facepalm, March 27, 2009

Very useful files search engine. myrapida.com is a search engine designed to search files in various file sharing and uploading sites.

report abuse

vote down

vote up

Votes: +0

Reply: Why not use the www/squid30 port!?
written by No Fee, August 23, 2008

@Vlad GURDIGA
There is no problem how to install squid on freebsd we can use ports or we can compile squid manually.
But as i know, you can customize your configuration with manual compile.
With compile manually, you can more easy to upgrade when you need upgrading squid.
Thanks

report abuse

vote down

vote up

Votes: +0

Why not use the www/squid30 port!?
written by Vlad GURDIGA, August 23, 2008

A note about compiling: porters' effort seem wasted. Isn't is simpler to:

# cd /usr/ports/www/squid30
# make install clean

instead of downloading it from the web-site and compile manually?

report abuse

vote down

vote up

Votes: +6

Sorry
written by No Fee, August 22, 2008

Sorry for my mistake.
The link is updated now.
Thank you

report abuse

vote down

vote up

Votes: +2