Squid

From Gentoo Wiki
Jump to: navigation, search
This article is a stub. You can help by expanding it.
Resources

Squid is a web cache and a proxy server application used speed up web browsing.

Installation

USE flags

USE flags for net-proxy/squid A full-featured web proxy cache

ecap Adds support for loadable content adaptation modules (http://www.e-cap.org) local
esi Enable ESI for accelerators, will cause squid reverse proxies to be capable of the Edge Acceleration Specification (www.esi.org) local
htcp Enable HTCP protocol local
ipf-transparent Adds transparent proxy support for systems using IP-Filter (only for *bsd) local
kqueue Enables *BSD kqueue() support local
logrotate Use app-admin/logrotate for rotating logs local
nis Support for NIS/YP services global
pam Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip global
pf-transparent Adds transparent proxy support for systems using PF (only for *bsd) local
postgres Add support for the postgresql database global
qos Adds support for Quality of Service using netfilter conntrack - see qos_flow directive for more info local
samba Add support for SAMBA (Windows File and Printer sharing) global
sasl Add support for the Simple Authentication and Security Layer global
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur global
snmp Add support for the Simple Network Management Protocol if available global
ssl-crtd Adds support for dynamic SSL certificate generation in SslBump environments local
tproxy Enables real Transparent Proxy support for Linux Netfilter TPROXY local
wccp Enable Web Cache Coordination Protocol local
wccpv2 Enable Web Cache Coordination V2 Protocol local

Emerge

Install net-proxy/squid:

root #emerge --ask net-proxy/squid

Boot services

OpenRC

To start squid on boot:

root #rc-update add squid default

To start squid immediately:

root #rc-service squid start

SSL configuration

Make sure the ssl USE flag has been enabled. At the time of writing, Google Chrome, Chromium, and Firefox 30+ have support for SSL proxies. Unfortunately configuring them is not as straight forward as going into the options dialog of each respective browser.

Certificate generation

Generate a self-signed SSL certificate, or use a CA to sign the certificate so it is trusted by all clients.

user $openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes

Configure Squid

Edit Squid's config file located at /etc/squid/squid.conf, replacing the http_port 3128 line with:

FILE /etc/squid/squid.confModifying Squid configuration to use a SSL proxy
https_port 3128 cert=/etc/squid/cert.pem key=/etc/squid/key.pem

Browser configuration

Firefox

Set Firefox to manual proxy, and point it at localhost port 3128 or 127.0.0.1 port 3128.

Custom error page icons

CSS controls the Squid icon on error pages. To insert a custom icon simply replace the link URL in /etc/squid/errorpage.css section #titles (as long as a 91x50 pixel image is used nothing else needs to be changed). To use a different size image make sure padding is .5 x height and padding left is exactly width of future image replacement.

Once modifications have been finished, restart the Squid service:

root #rc-service squid restart

See also