From Gentoo Wiki
Jump to: navigation, search
This article is a stub. You can help by expanding it.

Squid is a web cache and a proxy server application used speed up web browsing.


USE flags

USE flags for net-proxy/squid A full-featured web proxy cache

ecap Adds support for loadable content adaptation modules (http://www.e-cap.org)
esi Enable ESI for accelerators, will cause squid reverse proxies to be capable of the Edge Acceleration Specification (www.esi.org)
htcp Enable HTCP protocol
ipf-transparent Adds transparent proxy support for systems using IP-Filter (only for *bsd)
kqueue Enables *BSD kqueue() support
ldap Add LDAP support (Lightweight Directory Access Protocol)
logrotate Use app-admin/logrotate for rotating logs
mysql Add mySQL Database support
nis Support for NIS/YP services
pf-transparent Adds transparent proxy support for systems using PF (only for *bsd)
qos Adds support for Quality of Service using netfilter conntrack - see qos_flow directive for more info
sqlite Add support for sqlite - embedded sql database
ssl-crtd Adds support for dynamic SSL certificate generation in SslBump environments
tproxy Enables real Transparent Proxy support for Linux Netfilter TPROXY
wccp Enable Web Cache Coordination Protocol
wccpv2 Enable Web Cache Coordination V2 Protocol


Install net-proxy/squid:

root #emerge --ask net-proxy/squid

Boot services


To start squid on boot:

root #rc-update add squid default

To start squid immediately:

root #rc-service squid start

SSL configuration

Make sure the ssl USE flag has been enabled. At the time of writing, Google Chrome, Chromium, and Firefox 30+ have support for SSL proxies. Unfortunately configuring them is not as straight forward as going into the options dialog of each respective browser.

Certificate generation

Generate a self-signed SSL certificate, or use a CA to sign the certificate so it is trusted by all clients.

user $openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes

Configure Squid

Edit Squid's config file located at /etc/squid/squid.conf, replacing the http_port 3128 line with:

FILE /etc/squid/squid.confModifying Squid configuration to use a SSL proxy
https_port 3128 cert=/etc/squid/cert.pem key=/etc/squid/key.pem

Browser configuration


Set Firefox to manual proxy, and point it at localhost port 3128 or port 3128.

Custom error page icons

CSS controls the Squid icon on error pages. To insert a custom icon simply replace the link URL in /etc/squid/errorpage.css section #titles (as long as a 91x50 pixel image is used nothing else needs to be changed). To use a different size image make sure padding is .5 x height and padding left is exactly width of future image replacement.

Once modifications have been finished, restart the Squid service:

root #rc-service squid restart

See also