Squid

From Gentoo Wiki
Jump to: navigation, search
This article is a stub. You can help by expanding it.


Resources

Squid is a web cache and a proxy server application used speed up web browsing.

Installation

USE flags

USE flags for net-proxy/squid A full-featured web proxy cache

caps Use Linux capabilities library to control privilege global
ecap Adds support for loadable content adaptation modules (http://www.e-cap.org) local
esi Enable ESI for accelerators, will cause squid reverse proxies to be capable of the Edge Acceleration Specification (www.esi.org) local
htcp Enable HTCP protocol local
ipf-transparent Adds transparent proxy support for systems using IP-Filter (only for *bsd) local
ipv6 Add support for IP version 6 global
kerberos Add kerberos support global
kqueue Enables *BSD kqueue() support local
ldap Add LDAP support (Lightweight Directory Access Protocol) global
libressl Use dev-libs/libressl as SSL provider (might need ssl USE flag), packages should not depend on this USE flag global
logrotate Use app-admin/logrotate for rotating logs local
mysql Add mySQL Database support global
nis Support for NIS/YP services global
pam Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip global
pf-transparent Adds transparent proxy support for systems using PF (only for *bsd) local
postgres Add support for the postgresql database global
qos Adds support for Quality of Service using netfilter conntrack - see qos_flow directive for more info local
radius Add support for RADIUS authentication global
samba Add support for SAMBA (Windows File and Printer sharing) global
sasl Add support for the Simple Authentication and Security Layer global
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur global
snmp Add support for the Simple Network Management Protocol if available global
sqlite Add support for sqlite - embedded sql database global
ssl Add support for Secure Socket Layer connections global
ssl-crtd Adds support for dynamic SSL certificate generation in SslBump environments local
test Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in make.conf/package.use anymore global
tproxy Enables real Transparent Proxy support for Linux Netfilter TPROXY local
wccp Enable Web Cache Coordination Protocol local
wccpv2 Enable Web Cache Coordination V2 Protocol local

Emerge

Install net-proxy/squid:

root #emerge --ask net-proxy/squid

Boot services

OpenRC

To start squid on boot:

root #rc-update add squid default

To start squid immediately:

root #rc-service squid start

SSL configuration

Make sure the ssl USE flag has been enabled. At the time of writing, Google Chrome, Chromium, and Firefox 30+ have support for SSL proxies. Unfortunately configuring them is not as straight forward as going into the options dialog of each respective browser.

Certificate generation

Generate a self-signed SSL certificate, or use a CA to sign the certificate so it is trusted by all clients.

user $openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes

Configure Squid

Edit Squid's config file located at /etc/squid/squid.conf, replacing the http_port 3128 line with:

FILE /etc/squid/squid.confModifying Squid configuration to use a SSL proxy
https_port 3128 cert=/etc/squid/cert.pem key=/etc/squid/key.pem

Browser configuration

Firefox

Set Firefox to manual proxy, and point it at localhost port 3128 or 127.0.0.1 port 3128.

Custom error page icons

CSS controls the Squid icon on error pages. To insert a custom icon simply replace the link URL in /etc/squid/errorpage.css section #titles (as long as a 91x50 pixel image is used nothing else needs to be changed). To use a different size image make sure padding is .5 x height and padding left is exactly width of future image replacement.

Once modifications have been finished, restart the Squid service:

root #rc-service squid restart

See also