Install and Configure Squid 2.7 Stable 9 on Ubuntu Server 10.10 Part 2

SHARE :google Install and Configure Squid 2.7 Stable 9 on Ubuntu Server 10.10 Part 20facebook Install and Configure Squid 2.7 Stable 9 on Ubuntu Server 10.10 Part 20twitter Install and Configure Squid 2.7 Stable 9 on Ubuntu Server 10.10 Part 20stumbleupon Install and Configure Squid 2.7 Stable 9 on Ubuntu Server 10.10 Part 20pinterest Install and Configure Squid 2.7 Stable 9 on Ubuntu Server 10.10 Part 20reddit Install and Configure Squid 2.7 Stable 9 on Ubuntu Server 10.10 Part 20linkedin Install and Configure Squid 2.7 Stable 9 on Ubuntu Server 10.10 Part 20

In the first part is about installation procedures squid2.7stable9, then we will do the configuration stage squid2.7stable9

let’s start

make directory for cache

mkdir -p cache1 cache2 cache3

set owner folder cache1, cache2 and cache3 as user: proxy group:proxy and then set permision 644

sudo chown proxy:proxy -R cache1
sudo chown proxy:proxy -R cache2
sudo chown proxy:proxy -R cache3
sudo chmod 777 cache1
sudo chmod 777 cache2
sudo chmod 777 cache1

backup default squid configuration

sudo mv /etc/squid/squid.conf /etc/squid/squid.conf.backup

create new file squid.conf, and then copy this script to squid.conf

sudo touch /etc/squid/squid.conf

 

sudo nano /etc/squid/squid.conf

 

acl QUERY urlpath_regex -i cgi-bin ? localhost
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl mikrotik src 192.168.2.0/24 #change this IP/Netmask if not same on your network
acl to_localhost dst 127.0.0.0/8
acl OLCNETWORK src 192.168.1.0/24 #change this IP/Netmask if not same on your network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl snmppublic snmp_community public
acl CONNECT method CONNECT
acl PURGE method PURGE
snmp_access allow snmppublic localhost
http_access allow PURGE localhost
http_access deny PURGE
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow OLCNETWORK
http_access allow mikrotik
snmp_access deny all
http_access deny all

# NETWORK OPTIONS
# -----------------------------------------------------------------------------

http_port 3128 transparent
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

# PARENT/SIBLING CACHE OPTIONS
# -----------------------------------------------------------------------------

hierarchy_stoplist cgi-bin localhost

# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------

cache_mem 8 MB
maximum_object_size_in_memory 64 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache1 7500 16 256
cache_dir aufs /cache2 7500 16 256
cache_dir aufs /cache3 7500 16 256
store_dir_select_algorithm least-load
maximum_object_size 20480 KB
cache_swap_low 90
cache_swap_high 95
update_headers off

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

access_log none
cache_log /dev/null
cache_store_log none
logfile_rotate 5
log_ip_on_direct off
log_icp_queries off
buffered_logs off
netdb_filename none
pid_filename /var/run/squid.pid

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i .(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i .(rpm|cab|deb|exe|msi|psd|msu|zip|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i .(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 1440 90% 10080

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
store_avg_object_size 32 KB

# HTTP OPTIONS
# -----------------------------------------------------------------------------

server_http11 on
collapsed_forwarding on
vary_ignore_expire on
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all

# TIMEOUTS
# -----------------------------------------------------------------------------

forward_timeout 240 seconds
connect_timeout 60 seconds
peer_connect_timeout 5 seconds
read_timeout 600 seconds
request_timeout 60 seconds
persistent_request_timeout 60 seconds
client_lifetime 86400 seconds
half_closed_clients off
pconn_timeout 60 seconds
shutdown_lifetime 15 seconds

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

cache_mgr OLCNETWORK
cache_effective_user squid
cache_effective_group squid
httpd_suppress_version_string on
visible_hostname OLCNETWORK

# ADVANCED NETWORKING OPTIONS
# -----------------------------------------------------------------------------

max_filedescriptors 65535

# DNS OPTIONS
# -----------------------------------------------------------------------------

check_hostnames off
dns_timeout 30 seconds
dns_nameservers 192.168.2.1
hosts_file /etc/hosts
ipcache_size 8192
ipcache_low 95
ipcache_high 98
fqdncache_size 4096

# MISCELLANEOUS
# -----------------------------------------------------------------------------

memory_pools off
forwarded_for off
reload_into_ims on
coredump_dir /home/squid
pipeline_prefetch on

 

sudo squid -f /etc/squid/squid.conf -z
sudo squid -k reconfigure

Finnish icon smile Install and Configure Squid 2.7 Stable 9 on Ubuntu Server 10.10 Part 2

You may also like...