## Setting up Squid to run as a proxy for HTTP, FTP & Gopher ## Christopher Raven DISCLAIMER: YOU SHOULD READ THIS DOCUMENT THROUGH COMPLETELY AT LEAST ONCE BEFORE TRYING TO INSTALL SQUID. ALSO SO, IF USING THIS GUIDE CAUSES YOUR COMPUTER, FILES, HEALTH, WIFE OR ANYTHING ANY PROBLEMS OR YOUR CAT TO DIE - I'M NOT TO BE HELD RESPONSIBLE FOR IT :-) My setup: AMD k6 233 with 128MB SDRAM FreeBSD 3.1 Release 4.3GB SCSI drive with Adaptec AH-2940UW controller Squid 2.1 from Walnut Creek CDROM Netscape Navigator 4.08 browser What is SQUID? The following is taken from the Squid Users Guide (http://squid.nlanr.net/Squid/Users-Guide/): Squid (http://squid.nlanr.net/) is software that caches Internet data. It does this by accepting requests for objects that people want to download and handling their requests in their place. In other words, if a person wants to download a web page, they ask squid to get the page for them. Squid then connects to the remote server (for example http://squid.nlanr.net/) and requests the page. It then transparently streams the data through itself to the client machine, but at the same time keeps a copy. The next time someone wants that page, squid simply reads it off disk, transferring the data to the client machine almost immediately. Squid currently handles the HTTP, FTP, GOPHER, SSL and WAIS protocols. It doesn't handle things like POP, NNTP, RealAudio and others. Step 1 First-off I installed Squid 2.1 from the ports collection (http://www.freebsd.org/ports/www.html). You should be able to find it in the /usr/ports/www directory if you installed the ports on your machine. It is also on the first CDROM if you bought the Walnut Creek distribution. I won't go into the port install here, as it is covered well enough in the handbook (http://www.freebsd.org/handbook/ports.html). The port installs a Squid directory into /usr/local/squid, a script called squid.sh into the /usr/local/etc/rc.d directory (this script calls squid whenever the machine is run) and a Squid directory into /usr/local/etc/squid. It may have installed others, but without resorting to reading the Makefile, I didn't didn't see them :-) Step 2 I edited the squid.conf file (/usr/local/etc/squid/squid.conf) to reflect my own requirements (and in any event if you don't it won't work right!). Of particular note is the line (near the bottom) in the squid.conf file that reads: # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # http_access deny all This should be changed to allow / deny etc. as you require (full instructions are in the file). In my case I have a secure network and I changed deny all to allow all so that anyone can browse the web! At this time I made a note that the squid.conf file made reference to a number of currently non-existent log files: #cache_access_log /usr/local/squid/logs/access.log #cache_log /usr/local/squid/logs/cache.log #cache_store_log /usr/local/squid/logs/store.log #cache_swap_log As stated, none of these logs appeared to be on my machine anywhere. The final one #cache_swap_log seemed to be additional to (my) requirements though, so that one is ok. I *hoped* then that these logs would be created by the Squid program the first time it ran -fingers crossed here- Step 3 I attempted to initialize the Squid using its installed shell script as follows: # cd /usr/local/etc/rc.d # ./squid.sh Hurrah! The word squid fleetingly appears on the console. But no further messages :-( I needed to see now if the squid process had started, so I used ps -a to show all active processes: # ps -a PID TT STAT TIME COMMAND 781 p0 Is 0:00.01 sh 783 p0 S 0:00.06 -su (csh) 965 p0 R+ 0:00.00 ps -a 298 v0 Is 0:00.08 -sh (sh) 787 v1 Is+ 0:00.01 /usr/libexec/getty Pc ttyv1 791 v2 Is+ 0:00.01 /usr/libexec/getty Pc ttyv2 301 v4 Is+ 0:00.01 /usr/libexec/getty Pc ttyv4 302 v5 Is+ 0:00.01 /usr/libexec/getty Pc ttyv5 303 v6 Is+ 0:00.01 /usr/libexec/getty Pc ttyv6 Bummer, nothing there ...... so time to check those error-logs. # cd /usr/local/squid/ # cat squid.out Startup: Tue Apr 20 14:50:14 BST 1999 WARNING: Cannot write log file: /usr/local/squid/logs/cache.log /usr/local/squid/logs/cache.log: Permission denied messages will be sent to 'stderr'. 1999/04/20 14:50:14| WARNING: Closing open FD 2 1999/04/20 14:50:14| Starting Squid Cache version 2.1.PATCH2 for i386-unknown-freebsd3.1... 1999/04/20 14:50:14| Process ID 806 1999/04/20 14:50:14| With 1064 file descriptors available 1999/04/20 14:50:14| Performing DNS Tests... 1999/04/20 14:50:14| Successful DNS name lookup tests... 1999/04/20 14:50:14| helperOpenServers: Starting 5 'dnsserver' processes 1999/04/20 14:50:14| /usr/local/squid/logs/access.log: (13) Permission denied FATAL: Cannot open logfile. Squid Cache (Version 2.1.PATCH2): Terminated abnormally. CPU Usage: 0.059 seconds Maximum Resident Size: 1336 KB Page faults with physical i/o: 0 A quick look at this file shows it can't access any log files, best check: # cd /usr/local/squid/logs/ # ls -la total 2 drwxr-xr-x 2 root wheel 512 Apr 20 14:31 . drwxr-xr-x 4 root wheel 512 Apr 20 14:50 .. # OK, so the logs weren't made - time to make my own blank files using ee (built-in text editor) ...... Step 4 # cd /usr/local/squid/logs/ # ee access.log Now just press the 'Space Bar' once, then press the 'Escape' key and choose a) leave editor (press Enter) then choose a) save changes (press enter again). You should now have an empty file called access.log. # ls -la total 3 drwxr-xr-x 2 root wheel 512 Apr 20 15:43 . drwxr-xr-x 4 root wheel 512 Apr 20 14:50 .. -rw-r--r-- 1 root wheel 2 Apr 20 15:43 access.log # Now to make the other missing log files ..... # cp access.log cache.log # cp access.log store.log And now we need to make them writeable: # cd /usr/local/squid/logs/ # chown nobody * # ls -la drwxr-xr-x 2 root wheel 512 Apr 20 16:34 . drwxr-xr-x 4 root wheel 512 Apr 20 14:50 .. -rw-r--r-- 1 nobody wheel 2 Apr 20 16:33 access.log -rw-r--r-- 1 nobody wheel 2 Apr 20 16:34 cache.log -rw-r--r-- 1 nobody wheel 2 Apr 20 16:34 store.log As can be seen they now exist so we can retry Step 3. # cd /usr/local/etc/rc.d # ./squid.sh This time, we can see an error log output to /usr/local/squid/logs/cache.log 1999/04/16 21:45:56| Starting Squid Cache version 2.1.PATCH2 for i386-unknown-freebsd3.1... 1999/04/16 21:45:56| Process ID 306 1999/04/16 21:45:56| With 1064 file descriptors available 1999/04/16 21:45:56| Performing DNS Tests... 1999/04/16 21:45:56| Successful DNS name lookup tests... 1999/04/16 21:45:56| helperOpenServers: Starting 5 'dnsserver' processes 1999/04/16 21:45:56| Unlinkd pipe opened on FD 14 1999/04/16 21:45:56| Swap maxSize 102400 KB, estimated 7876 objects 1999/04/16 21:45:56| Target number of buckets: 157 1999/04/16 21:45:56| Using 8192 Store buckets, replacement runs every 10 seconds 1999/04/16 21:45:56| Max Mem size: 8192 KB 1999/04/16 21:45:56| Max Swap size: 102400 KB 1999/04/16 21:45:56| /usr/local/squid/cache/00: (2) No such file or directory FATAL: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time. OK, so theres the answer I think ..... FATAL: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time. Step 5 As per the instructions I executed the command 'squid -z' (creates the caches in the directory /usr/local/squid ). ----- NOTE: The online manual says that Squid is to be found as /usr/local/squid/bin/squid but it is in fact located on a FreeBSD machine as /usr/local/sbin/squid. ----- # cd /usr/local/sbin # ./squid -z Only I get ...... 1999/04/20 17:01:25| Creating Swap Directories FATAL: Failed to make swap directory /usr/local/squid/cache/00: (13) Permission denied Squid Cache (Version 2.1.PATCH2): Terminated abnormally. CPU Usage: 0.020 seconds Maximum Resident Size: 1008 KB Page faults with physical i/o: 0 Hmm, guess I'll need to make the cache directory writeable too! # cd /usr/local/squid # chown nobody cache And now to return to the beginning of Step 5 and repeat: # cd /usr/local/sbin # ./squid -z 1999/04/20 17:05:31| Creating Swap Directories # Lots of encouraging hard drive noises are to be heard here this time! Now to see if the folders have in fact been made ..... # cd /usr/local/squid # ls 00 02 04 06 08 0A 0C 0E 01 03 05 07 09 0B 0D 0F # As can be seen, Squid has now created all the cache swap folders so things are looking better. Step 6 Next I went back to the rc.d directory to call Squid up (fingers crossed).. # cd /usr/local/etc/rc.d # ./squid.sh Hurrah! The word squid again fleetingly appears on the console. But then no further messages. However, the hard disk starts a buzzing so, now to check if it really is running ..... The manual says I can use Squid itself for this, the answer being 'given by the exit shell'. The syntax is as follows: squid -k check. So, I gave it a go ..... # cd /usr/local/sbin # ./squid -k check and, nothing?!? Yep a big fat zero. So we tried the manual's method no.2, the 'client program'. # cd /usr/local/sbin # ./client http://www.netscape.com/ > test OK, now were talking! My modem clicks into life and a quick check of the cache.log file reveals: 1999/04/16 23:41:52| Starting Squid Cache version 2.1.PATCH2 for i386-unknown-freebsd3.1... 1999/04/16 23:41:52| Process ID 822 1999/04/16 23:41:52| With 1064 file descriptors available 1999/04/16 23:41:52| Performing DNS Tests... 1999/04/16 23:41:52| Successful DNS name lookup tests... 1999/04/16 23:41:52| helperOpenServers: Starting 5 'dnsserver' processes 1999/04/16 23:41:53| Unlinkd pipe opened on FD 14 1999/04/16 23:41:53| Swap maxSize 102400 KB, estimated 7876 objects 1999/04/16 23:41:53| Target number of buckets: 157 1999/04/16 23:41:53| Using 8192 Store buckets, replacement runs every 10 seconds 1999/04/16 23:41:53| Max Mem size: 8192 KB 1999/04/16 23:41:53| Max Swap size: 102400 KB 1999/04/16 23:41:53| Rebuilding storage in Cache Dir #0 (DIRTY) 1999/04/16 23:41:53| Loaded Icons. 1999/04/16 23:41:53| Accepting HTTP connections on port 3128, FD 36. 1999/04/16 23:41:53| Accepting ICP messages on port 3130, FD 37. 1999/04/16 23:41:53| Ready to serve requests. 1999/04/16 23:41:53| storeRebuildFromDirectory: DIR #0 done! 1999/04/16 23:42:39| Finished rebuilding storage disk. 1999/04/16 23:42:39| 0 Entries read from previous logfile. 1999/04/16 23:42:39| 0 Entries scanned from swap files. 1999/04/16 23:42:39| 0 Invalid entries. 1999/04/16 23:42:39| 0 With invalid flags. 1999/04/16 23:42:39| 0 Objects loaded. 1999/04/16 23:42:39| 0 Objects expired. 1999/04/16 23:42:39| 0 Objects cancelled. 1999/04/16 23:42:39| 0 Duplicate URLs purged. 1999/04/16 23:42:39| 0 Swapfile clashes avoided. 1999/04/16 23:42:39| Took 46 seconds ( 0.0 objects/sec). 1999/04/16 23:42:39| Beginning Validation Procedure 1999/04/16 23:42:39| storeLateRelease: released 0 objects 1999/04/16 23:42:39| Completed Validation Procedure 1999/04/16 23:42:39| Validated 0 Entries 1999/04/16 23:42:39| store_swap_size = 21k ..... something positive going on here and, /usr/local/squid/logs/access.log shows: 924312430.045 43630 127.0.0.1 TCP_MISS/200 21143 GET http://www.netscape.com/ - DIRECT/www.netscape.com text/html I guess that must be my client program after all :-) A look at the other log files reveals similar good news. Step 7 Finally I needed to configure my browser to use the cache. Instructions for doing this vary depending on your browser, but a rough guide can be found at both http://squid.nlanr.net/Squid/Users-Guide/initial/client.html and http://squid.nlanr.net/Squid/Users-Guide/detail/client.html. So there you should have it, a working Squid. What can I say, it worked for me! As I play with and *tweak* my setup I'll maybe look to refining this document. Cheers, Chris R. $Id: squid.txt,v 1.1 2000/02/16 08:07:52 jim Exp $