From Gentoo Wiki
Jump to: navigation, search
This article is a stub. You can help by expanding it.

Squid is a web cache and a proxy server application used speed up web browsing.


USE flags

USE flags for net-proxy/squid A full-featured web proxy cache

ecap Adds support for loadable content adaptation modules (http://www.e-cap.org) local
esi Enable ESI for accelerators, will cause squid reverse proxies to be capable of the Edge Acceleration Specification (www.esi.org) local
htcp Enable HTCP protocol local
ipf-transparent Adds transparent proxy support for systems using IP-Filter (only for *bsd) local
kqueue Enables *BSD kqueue() support local
ldap Add LDAP support (Lightweight Directory Access Protocol) global
logrotate Use app-admin/logrotate for rotating logs local
mysql Add mySQL Database support global
nis Support for NIS/YP services global
pf-transparent Adds transparent proxy support for systems using PF (only for *bsd) local
qos Adds support for Quality of Service using netfilter conntrack - see qos_flow directive for more info local
sqlite Add support for sqlite - embedded sql database global
ssl-crtd Adds support for dynamic SSL certificate generation in SslBump environments local
tproxy Enables real Transparent Proxy support for Linux Netfilter TPROXY local
wccp Enable Web Cache Coordination Protocol local
wccpv2 Enable Web Cache Coordination V2 Protocol local


Install net-proxy/squid:

root #emerge --ask net-proxy/squid

Boot services


To start squid on boot:

root #rc-update add squid default

To start squid immediately:

root #rc-service squid start

SSL configuration

Make sure the ssl USE flag has been enabled. At the time of writing, Google Chrome, Chromium, and Firefox 30+ have support for SSL proxies. Unfortunately configuring them is not as straight forward as going into the options dialog of each respective browser.

Certificate generation

Generate a self-signed SSL certificate, or use a CA to sign the certificate so it is trusted by all clients.

user $openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes

Configure Squid

Edit Squid's config file located at /etc/squid/squid.conf, replacing the http_port 3128 line with:

FILE /etc/squid/squid.confModifying Squid configuration to use a SSL proxy
https_port 3128 cert=/etc/squid/cert.pem key=/etc/squid/key.pem

Browser configuration


Set Firefox to manual proxy, and point it at localhost port 3128 or port 3128.

Custom error page icons

CSS controls the Squid icon on error pages. To insert a custom icon simply replace the link URL in /etc/squid/errorpage.css section #titles (as long as a 91x50 pixel image is used nothing else needs to be changed). To use a different size image make sure padding is .5 x height and padding left is exactly width of future image replacement.

Once modifications have been finished, restart the Squid service:

root #rc-service squid restart

See also