[squid-users] Building squid | Best Practices?

Amos Jeffries squid3 at treenet.co.nz
Tue Sep 8 01:44:54 UTC 2015 

On 8/09/2015 6:32 a.m., Howard Waterfall wrote:
> Rafael / Amos -
> I got my system up and running yesterday. Thanks so much for the help. I
> couldn't get some of the suggestions that Amos made to work, but they did
> after running some of the commands on Rafael's wiki, so a real team effort!
> 
> After getting it up and running, I found that mac address filtering was not
> working. On closer inspection I found that I was running v3.3.8. I guess
> that’s the version my new Ubuntu install (14.04.03 LTS) uses with:
> 
> sudo apt-get install squid
> 
> 
> I decided to try and build the latest version of squid from source and I
> ran into some more problems I cannot solve, so some follow up questions
> 
> 1) Earlier in the thread, Amos suggested I run:
> 
> apt-get build-dep squid
> 
> 
> to install the packages needed to build squid. That’s just the dependencies
> though right; I still need the squid source code? Sorry if that seems
> obvious, just want to make sure I’m not missing something.
> 
> 2) I downloaded squid-3.5.8.tar.xz. I captured the configure options from
> my current v3.3.8 squid install using:
> 
> squid3 -v
> 
> 
> but it led to errors when building v3.5.8, for example:
> 
> '--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'.
> 
> 
> 
> I suppose it’s not surprising given it’s such an old version, so I went
> through them all and used the ones I thought made most sense for me. I got
> it to build. Here’s the squid3 -v output from my v3.5.8 build:
> 
> Squid Cache: Version 3.5.8
> Service Name: squid
> configure options:  '--prefix=/mysquid' '--enable-arp-acl'
> '--localstatedir=/var' '--libexecdir=/lib/squid3' '--datadir=/share/squid3'
> '--sysconfdir=/etc/squid3' '--with-default-user=proxy'
> '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid'
> '--build=arm-linux-gnueabihf' '--includedir=/include' '--mandir=/share/man'
> '--infodir=/share/info' '--srcdir=.' '--enable-basic-auth-helpers=DB'
> 'build_alias=arm-linux-gnueabihf'
> 
> 
> Here are the problems:
> 
> a) I had to change the owner of /var/log/squid3 from root to proxy:
> 
> sudo chown proxy /var/log/squid3
> 
> 
> Not a big deal I guess, but why can’t make install take care of the
> permissions?
> 

It should be. Thanks, I will look into it.

> b) It doesn’t start as a service and there’s no squid file in:
> 
> /etc/init.d/
> 
> 
> so I cannot make the DAEMON= and CONFIG= variables point at my custom
> /mysquid/sbin/squid and /etc/squid3/squid.conf (I’ll change the
> --sysconfdir config parameter to /mysquid/etc/squid3 in a future build)
> 

That script is part of the OS packaging. You will have to pull a copy of
it out of the official package.
<https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=pkg-squid/pkg-squid3.git;a=blob_plain;f=debian/squid.rc>


> c) There’s no error when I run:
> 
> /mysquid/sbin/squid -k parse
> 
> 
> but when I run:
> 
> /mysquid/sbin/squid -NCd1
> 
> 
> I get:
> 
> FATAL: Ipc::Mem::Segment::create failed to
> shm_open(/squid-cf__metadata.shm): (13) Permission denied
> 

For this you need to "mount /dev/shm" on Debian/Ubuntu systems.

Before you start Squid make sure that there is no other Squid running,
and that the directory is empty of squid things.


> d) The configuration file:
> 
> /etc/squid3/squid.conf
> 
> 
> is a lot different! For example I cannot find:
> 
> cache_effective_user
> 
> 
> Can you point me to the updated documentation for configuring squid?

You dont need it now :-). Build option --with-default-user=proxy causes
"cache_effective_user proxy" to be the built-in default. The only use
that directive has is when sharing your build with someone else who
doesn't want 'proxy' as their low-privilege user account.

All directives not listed in squid.conf are optional and most of the
documentation has been removed to squid.conf.documented and online at
<http://www.squid-cache.org/Doc/config/>. What remains is the bare
essentials and recommended security settings for a simple LAN proxy.

Squid should work fine with just the default config file. If it doesn't
that problem needs fixing before anything more complicated get added.
The usualy first issues are making sure the LAN ranges are in the
localnet ACL definition, the /dev/shm mounted, and nothing else running
on Squid listening port.

Amos

More information about the squid-users mailing list