Squid 2.7 Compile Debian Lenny
From MS Computech
Squid 2.7STABLE7 Compile on ClarkConnect 4.3,5.0 & Debian Lenny
ดาวโหลด Package ที่จำเป็น Debian
apt-get install build-essential libkrb5-dev wget -c http://www.squid-cache.org/Versions/v2/2.7/squid-2.7.STABLE7.tar.gz
Clarkconnect 4.3
apt-get install cc-devel
Clarkconnect 5
yum -y install gcc-c++ krb5-devel
แตกไฟล์ออกมาซะ
tar zxvf squid-2.7.STABLE7.tar.gz cd squid-2.7.STABLE7
คอมไพล์ด้วยคำสั่ง
./configure '--build=phat-mscompute' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads' '--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--enable-referer-log' '--enable-useragent-log' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp' '--enable-follow-x-forwarded-for' '--with-large-files' '--with-maxfd=65536' 'i386-debian-linux' 'build_alias=i386-debian-linux' 'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux' make && make install
สร้าง User Squid
useradd squid
สร้าง Cache Dir
chown -R squid:squid /var/spool/squid/ mkdir /var/log/squid mkdir /var/spool/squid/cache chown -R squid:squid /var/log/squid/
ดาวโหลด Squid Config แตกและนำไปไว้ที่ /etc/squid/
tar jxvf Squid_config-2011-05-16.tar.gz cd Squid* cp * /etc/squid/ chmod 755 /etc/squid/store_url_rewrite
Copy Startup script ไปที่ /etc/init.d/ ( CC 4.3 ไม่ต้อง Copy )
cp /etc/squid/squid-init.d /etc/init.d/squid update-rc.d squid defaults chmod 755 /etc/init.d/squid cd /etc/squid ln -s /usr/share/system/modules/squid/redirect errors ln -s /usr/share/squid/icons icons
- For squid stable9
ln -s /usr/share/squid/errors errors ln -s /usr/share/squid/icons icons
init.d script for debian
#! /bin/sh # # squid Startup script for the SQUID HTTP proxy-cache. # # Version: @(#)squid.rc 2.20 01-Oct-2001 [email protected] # ### BEGIN INIT INFO # Provides: squid # Required-Start: $local_fs $network # Required-Stop: $local_fs $network # Should-Start: $named # Should-Stop: $named # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Squid HTTP Proxy ### END INIT INFO NAME=squid DAEMON=/usr/sbin/squid LIB=/usr/lib/squid PIDFILE=/var/run/$NAME.pid SQUID_ARGS="-D -YC" [ ! -f /etc/default/squid ] || . /etc/default/squid . /lib/lsb/init-functions PATH=/bin:/usr/bin:/sbin:/usr/sbin [ -x $DAEMON ] || exit 0 grepconf () { w=" " # space tab sq=/etc/squid/squid.conf # sed is cool. res=`sed -ne ' s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p; t end; d; :end q' < $sq` [ -n "$res" ] || res=$2 echo "$res" } grepconf2 () { w=" " # space tab sq=/etc/squid/$NAME.conf # sed is cool. res=`sed -ne ' s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p; t end; d; :end q' < $sq` [ -n "$res" ] || res=$2 echo "$res" } # # Try to increase the # of filedescriptors we can open. # maxfds () { [ -n "$SQUID_MAXFD" ] || return [ -f /proc/sys/fs/file-max ] || return 0 global_file_max=`cat /proc/sys/fs/file-max` minimal_file_max=$(($SQUID_MAXFD + 4096)) if [ "$global_file_max" -lt $minimal_file_max ] then echo $minimal_file_max > /proc/sys/fs/file-max fi ulimit -n $SQUID_MAXFD } start () { cdr=`grepconf2 cache_dir /var/spool/$NAME` ctp=`grepconf cache_dir ufs` case "$cdr" in [0-9]*) log_failure_msg "squid: squid.conf contains 2.2.5 syntax - not starting!" log_end_msg 1 exit 1 ;; esac # # Create spool dirs if they don't exist. # if [ -d "$cdr" -a ! -d "$cdr/00" ] || [ "$ctp" = "coss" -a ! -f "$cdr" ] then log_warning_msg "Creating squid cache structure" $DAEMON $SQUID_ARGS -z fi if [ "$CHUID" = "" ]; then CHUID=root fi maxfds umask 027 start-stop-daemon --quiet --start \ --pidfile $PIDFILE \ --chuid $CHUID \ --exec $DAEMON -- $SQUID_ARGS < /dev/null return $? } stop () { PID=`cat $PIDFILE 2>/dev/null` start-stop-daemon --stop --quiet --pidfile $PIDFILE --name squid # # Now we have to wait until squid has _really_ stopped. # sleep 2 if test -n "$PID" && kill -0 $PID 2>/dev/null then log_action_begin_msg " Waiting" cnt=0 while kill -0 $PID 2>/dev/null do cnt=`expr $cnt + 1` if [ $cnt -gt 24 ] then log_action_end_msg 1 return 1 fi sleep 5 log_action_cont_msg "" done log_action_end_msg 0 return 0 else return 0 fi } case "$1" in start) log_daemon_msg "Starting Squid HTTP proxy" "squid" if start ; then log_end_msg $? else log_end_msg $? fi ;; stop) log_daemon_msg "Stopping Squid HTTP proxy" "squid" if stop ; then log_end_msg $? else log_end_msg $? fi ;; reload|force-reload) log_action_msg "Reloading Squid configuration files" $DAEMON -k reconfigure log_action_end_msg 0 ;; restart) log_daemon_msg "Restarting Squid HTTP proxy" "squid" stop if start ; then log_end_msg $? else log_end_msg $? fi ;; status) status_of_proc -p "$PIDFILE" "$DAEMON" squid && exit 0 || exit $? ;; *) echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart|status}" exit 3 ;; esac exit 0
Clearcache script
nano /usr/sbin/clearcachesquid
echo " ##################################### " echo " ######## Stop Squid Service ######### " echo " ##################################### " /etc/init.d/squid stop echo " ##################################### " echo " ###### Delete spool directory ####### " echo " ##################################### " rm -rfv /var/spool/squid/ echo " ##################################### " echo " ########## Finish ########## " echo " ###### Create cache directory ####### " echo " ##################################### " mkdir -p /var/spool/squid chown squid:squid /var/spool/squid/ chmod 777 /var/spool/squid/ squid -z echo " ##################################### " echo " ########## Startting squid ########## " echo " ##################################### " /etc/init.d/squid start
chmod 755 /usr/sbin/clearcachesquid clearcachesquid
ตรวจสอบโดยใช้คำสั่ง ps ax | grep squid
[root@system squid]# ps ax | grep squid 29451 ? Ss 0:00 squid -D 29453 ? Sl 0:00 (squid) -D 29455 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29456 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29457 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29458 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29459 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29460 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29461 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29462 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29463 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29464 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29465 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29466 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29467 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29468 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29469 ? S 0:00 /usr/bin/perl /etc/squid/store_url_rewrite.pl 29500 pts/1 S+ 0:00 grep squid
--- Squid3.1.10 config
# # Recommended minimum configuration: # http_port 3128 transparent no-connection-auth icp_port 0 icp_query_timeout 0 mcast_icp_query_timeout 2000 dead_peer_timeout 10 seconds #============================================================$ # Block Domain + Time Frame #============================================================$ #acl allow_client src 1.0.5.37 1.0.5.47 1.0.5.58 1.0.5.59 1.0.5.61 1.0.8.8 #acl local-servers dstdomain 111.223.32.36 27.254.32.35 job3.ocsc.go.th #always_direct allow local-servers #acl block1 dstdomain "/etc/squid/domain_block" #http_access deny block1 !allow_client acl b1 time MTWHFA 06:00-08:30 acl b2 time MTWHFA 10:00-10:30 acl b3 time MTWHFA 12:00-13:00 acl b4 time MTWHFA 15:00-15:30 acl b5 time MTWHFA 16:30-21:00 acl bd dstdomain "/etc/squid/denied_domains.acl" http_access deny bd !b1 !b2 !b3 !b4 !b5 deny_info http://www.psch-club.blogspot.com b1 b2 b3 b4 b5 bd acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 1.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost cache_access_log /var/log/squid/access.log http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 cache_dir ufs /var/spool/squid 512 16 256 minimum_object_size 0 KB maximum_object_size 4096 KB logfile_rotate 30 cache_store_log none # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320
