# squid/cfg - "Build" settings for package #--------------------------------------------------------------------- [technotes] # 1. "polipo" and "squid" are two similar packages (and programs); # they both provide a caching web proxy. For LiveDistros and/or casual # browsing, "polipo" (configured to use a memory-resident cache only) # is recommended over "squid". For large-scale site mirroring and/or # multi-user setups, "squid" (configured to use a disk-resident cache) # is recommended over "polipo". For other situations, the best choice # will vary. #--------------------------------------------------------------------- # 2. To operate correctly, "squid" needs a configuration file. A de- # fault file is provided at the following location, but it should be # checked before initial use and modified appropriately for the cur- # rent system: # # $PRODTREE/squid/etc/squid.conf #--------------------------------------------------------------------- # 3. If "squid" is used, the daemon should be shut down and restarted # on a regular basis. This will help to prevent problems related to a # related database. Note: To restart "squid", use the following state- # ment: # # (squid-stop; squid) # The command "squid -k rotate", which is discussed in the next sec- # tion, may have the same effect. However, this hasn't been verified. #--------------------------------------------------------------------- 4. Here's some common "squid" CLI operations: # squid -z # Start the "squid" daemon and create # # the associated cache-directory tree # squid-start # Start the "squid" daemon (use this # # if the cache-directory tree has al- # # ready been created) # # Stop the "squid" daemon # killall -qw --signal SIGTERM squid # squid-stop # Same as the preceding command (sim- # # pler but distro-specific) # squid -k reconfigure # Ask the running daemon to read its # # configuration file and modify active # # settings appropriately Rotate the "squid" logs (if "squid" is used, this should be done on a regular basis). squid -k rotate Obsolete: For old "squids" only. Display statistics and other infor- mation (for this to work, the daemon must be running. squidclient -h 127.0.0.1 -p 3128 mgr:info | less Request "squid" information from a remote client box. Auth. needs to be set up in "squid.conf". lynx http://somesite.com:3128/squid-internal-mgr/info List cached http[s] objects: find /var/cache/squid -type f | \ xargs -i{} head -1 {} | grep -oa "http.*" #--------------------------------------------------------------------- # 5. If "squid" is aborted due to a system crash or other problems, # you may need to do the following procedure afterward. Note: Discon- # nect any/all "squid" clients first. # # killall -qw --signal SIGTERM squid # # Modify pathname as necessary # rm -f /var/cache/squid/swap.state # squid -z # squid-start # See the following note # The "squid" command at the end will rebuild a database file. "squid" # will be inaccessible while this is in progress. This may take quite # a while. #--------------------------------------------------------------------- 6. More setup issues: 6a. To make "sslbump" possible, the following "squid" "configure" flags should be used: --with-openssl --enable-ssl-crtd 6b. /etc/fstab should include: tmpfs /dev/shm tmpfs defaults 0 0 6c. The following should be done at boot time if possible: NN=`mount | grep '^tmpfs on /dev/shm' | wc -l` if [ "@$NN" == "@0" ]; then mount tmpfs; fi #--------------------------------------------------------------------- [buildtimes] 00.09 hours (or 005.27 minutes) - Dell Inspiron 6400 2.0 GHz Intel Duo 7200 2 GB RAM 00.27 hours (or 016.03 minutes) - HP EliteBook 8560w 32GB RAM 00.39 hours (or 023.40 minutes) - Compaq 1.7 GHz Intel Pentium 4 512MB RAM #--------------------------------------------------------------------- [settings] build = default compiler = clang exepack = yes kill = killall -qw --signal SIGTERM squid license = GNU General Public License, version 2 (June 1991) nowerror = yes permissive = yes tmpsize = 417M setpaths = openssl3 #--------------------------------------------------------------------- [depends] actools cppunit expat gawk gnutls3 grep libbsd libcap libecap libffi libgmp libicu libidn2 libmnl libnfconntrack libnfnetlink libsasl libunistring libxml2 nettle3 openldap openssl openssl3 p11kit perl:forward pkgconf sed xzutils zlib #--------------------------------------------------------------------- [configure] LOGDIR=/var/log/squid MANBASE=$PKGDIR_PROD/man SHABASE=$PKGDIR_PROD/share mkdir -p $MANBASE $SHABASE #--------------------------------------------------------------------- for name in squid do if test -z "`grep $name /etc/group`" ; then groupadd $name fi if test -z "`grep $name /etc/passwd`" ; then useradd $name -g $name -d /dev/null \ -s /bin/false -p notused fi done #--------------------------------------------------------------------- NN=`mount | grep '^tmpfs on /dev/shm' | wc -l` if [ "@$NN" == "@0" ]; then mount tmpfs; fi ulimit -n 4096 #--------------------------------------------------------------------- mkdir -p /var/{cache,log,run,spool}/squid chown -R squid.squid /var/{cache,log,run,spool}/squid #--------------------------------------------------------------------- CFLAGS="-O2 -fomit-frame-pointer -funroll-loops -pipe" \ bash ./configure \ --prefix=$PKGDIR_PROD \ --build=$LACARCHBUILD \ --host=$LACARCHHOST \ --datadir=$SHABASE/squid \ --disable-dependency-tracking \ --disable-ident-lookups \ --disable-ipv6 \ \ --enable-async-io=16 \ --enable-delay-pools \ --enable-ecap \ --enable-http-violations \ --enable-poll \ --enable-shared=yes \ --enable-ssl \ --enable-static=no \ --enable-storeio="aufs,ufs" \ \ --enable-icap-client \ --enable-ssl-crtd \ --with-openssl \ --with-default-user=squid \ \ --localstatedir=/var \ --mandir=$MANBASE \ --with-dl \ --with-large-files \ --with-logdir=$LOGDIR \ --with-pidfile=/var/run/squid.pid #--------------------------------------------------------------------- [postbuild] BINDIR=$PKGDIR_PROD/bin ETCDIR=$PKGDIR_PROD/etc SPCDIR=$PKGDIR_SPECIAL mkdir -p $BINDIR $ETCDIR cp -p $SPCDIR/squid-start $BINDIR/ chmod 755 $BINDIR/squid-start cp -p $SPCDIR/squid-stop $BINDIR/ chmod 755 $BINDIR/squid-stop sed -e "s|__META_PREFIX__|$PKGDIR_PROD|" \ < $SPCDIR/squid.conf.in \ > $ETCDIR/squid.conf cptime $SPCDIR/squid.conf.in \ $ETCDIR/squid.conf #--------------------------------------------------------------------- mkdir -p $ETCDIR/ssl cd $ETCDIR cp -p squid.conf squid.conf.default cp -p $SPCDIR/squid-block.acl . # cp -p $SPCDIR/squid-rewrite-localtree . # chmod 755 squid-rewrite-localtree #--------------------------------------------------------------------- DIR=/var/cache/squid/ssl_db if [ \! -d $DIR ]; then $PKGDIR_PROD/libexec/security_file_certgen \ -c -s /var/cache/squid/ssl_db -M 64MB fi squid -z chown -R squid.squid /var/{cache,log,run,spool}/squid #--------------------------------------------------------------------- [setup.boot] killall -qw --signal SIGTERM squid mkdir -p /var/{cache,log,run,spool}/squid chown -R squid.squid /var/{cache,log,run,spool}/squid NN=`mount | grep '^tmpfs on /dev/shm' | wc -l` if [ "@$NN" == "@0" ]; then mount tmpfs; fi ulimit -n 4096 #--------------------------------------------------------------------- # Original URLs. These URLs were valid at one point, but may have died # since then. If you download newer versions of tarballs [etc.], don't # delete the original versions, as you may not be able to replace # them. [urls] url_debian_page = Not checked yet url_debian_pool = Ditto url_freecode = http://freecode.com/projects/squid/ url_home = http://www.squid-cache.org/ url_lfs = Not checked yet url_tarball = https://github.com/squid-cache/squid/releases/\ download/SQUID_7_5/squid-7.5.tar.xz #--------------------------------------------------------------------- [history] 190901 Updated from 3.4.8 to 3.8 230404 Updated to 5.8 260304 Updated to 7.4 260315 Updated to 7.5