Setting up the SQUID-Proxy on Unslung 6.8x
If for any reason, you might need a proxy in your network, you can use the squid-package.
1. Step: Install squid
Login to your slug as root via telnet or ssh.
ipkg update ipkg install squid
2. Step: Edit squid.conf
After the installation of squid, you will get an errormessage like "visible_hostame not set". So you have to edit the file /opt/etc/squid/squid.conf according to your requirements. I have installed the midnightcommander (mc) on my slug because I hate editing with vi! ;-) If you open squid.conf and you are a nnewbie to it like I was, you maybe close it again and think about watching some TV instead. There are a lot (really a LOT!!) of options to set.
To give you a starting point, I attach a working sample of a small "quick and dirty" squid.conf . You can tailor it again according to your needs.
cache_mgr bigbrother@unslung_squid visible_hostname hostname_of_your_slug cache_mem 8 MB cache_dir ufs /opt/var/squid/cache 100 16 256 negative_dns_ttl 10 second connect_timeout 60 second read_timeout 80 second request_timeout 80 second cache_access_log /opt/var/squid/logs/access.log cache_log /opt/var/squid/logs/debug cache_store_log /opt/var/squid/logs/storage hierarchy_stoplist on http_port 192.168.1.77:3128 # Global ACL-Definitions (Access control lists) acl idents ident REQUIRED acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl all src 0.0.0.0/0.0.0.0 acl intern dst 192.168.1.0/255.255.255.0 acl FTP proto FTP always_direct allow FTP acl Allowed_Ports port 80 99 443 21 563 488 777 210 1025-65535 acl yourLAN src 192.168.1.0/255.255.255.0 #http_access definition http_access allow idents http_access allow all http_access allow intern http_access deny manager all http_access allow yourLAN http_access deny all icp_access deny all miss_access allow all always_direct allow intern
3. Step: Initialising Squid-Cache-Directories
Now, we have to create the cache-directories according to the squid.conf.
This creates the directory-structure of the cache.
4. Step: Starting Squid
5. Step: Test, if it is working
First of all, using a "ps aux" you can check, if there is a pid squid residing in your slug. If yes - perfect. If no - what the hell did you do wrong!? Restart at Step 2! ;-) Now, open a Browser on any pc of your lan and change the network-settings from direct-Internet to use proxie.
Proxy: 192.168.1.77 (or whatever is the IP of your slug) Port: 3128
Use same proxy for all protocols.
Save settings and try to load a webpage. It should appear after a couple of seconds. If not - Step 2!
Comment and recommendations
I got my squid "swimming" as described.
The performance was quite poor. The reaction-time to open a webpage is too long in my opinion.
But if you need a platform for e.g. setting up a child-protection-system, you have at least a starting point.
I really recommend to read the squid-documentation! The small squid.conf presented is far away from beeing perfect! It's up to your own responsabilty to configure your squid properly!
I followed the above instructions and works perfect for me. Rapid opening of pages and great caching!!!! Thanks a lot!
Use the following option to disable the cache directory entirely (useful if you are running from a USB stick)
cache_dir null /dev/null
For this to work, you need a version of squid compiled with --enable-storeio=null
2007-02-08 Using OpenSlug 3.10, and the Unslung package. I can't get Squid to work. I see multiple people have, but I get the error:
FATAL: Bungled Default Configuration line 9: cache_mem 8 MB Squid Cache (Version 2.6.STABLE9?): Terminated abnormally.
I have tried freeing up memory, I have tried different versions, I have tried different configs, I've tried no config, I have tried many things without success. I always get that exact same error. If anyone has any ideas, please let me know. --Mannkind
Squid on Debian
This will provide a local cache of accessed web pages and page components, hopefully speeding up Internet access all round. There is good documentation, in the Squid wiki. Thatís a good thing because it has a formidable conf file, though thankfully most of it can be left as it comes out of the box. However, Debian makes it very easy for you, if you
apt-get install squid
it will install all the necessary files, create the disk cache, install and start the squid daemon. In order to get a working slug system you just need a few edits to the /etc/squid/squid.conf file:
1. Pick a port for squid to listen on, 8080 seems to be favourite
2. Allow access to machines on your network (obviously use your IP addresses)!
acl our_networks src 192.168.1.1-192.168.1.100
http_access allow our_networks
http_access allow localhost
3. If you have the disk space, increase the size of Squidís cache files (here 500Mb):
cache_dir ufs /var/spool/squid 500 16 256
4. If you want to, identify yourself as the webmaster:
5. and then restart Squid: /etc/init.d/squid restart
You can either set up the proxy name in the preferences for each browser or for all browsers in the system preferences (Mac OSX), something like
if you are using a fixed IP address for your slug.
An easy way to check that the cache is being used is to enter a non-existent URL in the browser, you will get an error message which is obviously from the proxy if its working OK.
By default Squid will log every URL entered by every user on your network in /var/log/squid/* . Once you are happy it is working OK you need to decide whether or not to keep doing this. If you decide to respect their privacy you can stop the logging by replacing the logfile names with none in squid.conf .
After running with Squid for a few days, a couple of problems came to light when the network was quite heavily loaded. Firstly Squid was running at about 40% of available memory, secondly when two or more people were downloading large files or streaming video then the video streams would stutter and rebuffer. Although this wasnít a major problem most of the time (there are only five potential concurrent users of the network!) it was time to start poking around in squid.conf again.
There is a fair amount of tuning information around on the web, but most of it is aimed at large scale operations and scaling up the proxy, rather than squeezing as much as possible out of a little box. Also the most obvious move for most users is to add more RAM, an option not open to me in this case (Iím not ready to wield the soldering iron just yet). Nevertheless there seemed to be a few things worth trying.
Firstly I moved the squid cache to my faster hard disk, and upped the size to 1Gb. I was tempted to go higher, but exercised some caution as allocating more space here also increases the RAM usage slightly. I also DECREASED the number of level 1 sub-directories to 8. Therefore the squid.conf entry becomes:
cache_dir ufs /mnt/sdb1/squidcache 1000 8 256
Obviously the squidcache directory needs to be created beforehand and the squid user given RW access to it. After editing squid.conf it was necessary to stop Squid
and then call it from root with the -z option to initialise the new cache files
which took only a couple of seconds, and then restart Squid
This seems to have been very successful, with the memory usage sticking at a max of 18% under heavy load, which is fine.
Now on to the streaming issue. There are mixed views as to whether large files should be cached or not. Clearly there will be advantages if they are going to be accessed by more than one user, or more than once, but on balance I decided it was just too much work for the poor little slug, and so in Squid terminology Ďcreated an access rule to deny caching to typical large or streamed filetypesí. I couldnít find any info on whether or not filenames are case sensitive so rather than laboriously try it out I just played safe, with the following in squid.conf:
acl streamorlarge urlpath_regex -i \.swf$ \.SWF$ \.asf$ \.asx$ \.wmv$ \.mpg$ \.rm$ \.mov$ \.flv$ \.mpeg$ \.FLV$ \.rar$ \.zip$ \.ZIP$ \.iso$
no_cache deny streamorlarge
Restarted squid, and the streaming problem was solved. Now we have memory usage peaking at 18%, streaming working fine, and noticeably snappier browsing, especially on busy sites such as ebay, the BBC and the Apple store.
So there we have it, Iím sure there is more performance to be found with more effort, and YMMV, but worth giving it a go to get the best out of this amazing little box.
See it in action at my site http://www.zonko.ath.cx