<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<span style="white-space: pre-wrap">
</span>
<blockquote type="cite"
cite="mid:mailman.1282.1712829828.1200.squid-users@lists.squid-cache.org">
<pre class="moz-quote-pre" wrap="">Date: Thu, 11 Apr 2024 09:55:14 +0000
From: PinPin Poola <a class="moz-txt-link-rfc2396E" href="mailto:pinpinpoola@hotmail.com"><pinpinpoola@hotmail.com></a>
To: <a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org">"squid-users@lists.squid-cache.org"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><squid-users@lists.squid-cache.org></a>
Subject: [squid-users] Squid as a http/https transparent web proxy in
2024.... do I still have to build from source?
Message-ID:
<a class="moz-txt-link-rfc2396E" href="mailto:CWLP123MB6315CFE4C893F5D1AD2A885DB2052@CWLP123MB6315.GBRP123.PROD.OUTLOOK.COM"><CWLP123MB6315CFE4C893F5D1AD2A885DB2052@CWLP123MB6315.GBRP123.PROD.OUTLOOK.COM></a>
Content-Type: text/plain; charset="iso-8859-1"
I have put this off for a while, as I find everything about squid very intimidating. The fact you still use an email mailing list and not a web forum site amazes & scares me in equal part.
I am probably using the wrong terminology here, but I now desperately need to build a http/https transparent web proxy with two interfaces, so that clients on a isolated/non-Internet routable subnet can download some large (25GB+) packages.
I don't care which Linux distro tbh; but would prefer Ubuntu as I have most familiarity with it.
I have watched a few old YouTube videos of people explaining that at the time to do this you had to build from source and add switches like "--enable-ssl --enable-ssl-crtd --with-openssl \" before compiling the code.</pre>
</blockquote>
<p>At least for FreeBSD binary-packaged squid these three switches
should be on, but I don't know if they are sufficient.<br>
</p>
# uname -vm<br>
FreeBSD 13.3-RELEASE-p1 GENERIC amd64<br>
<p># squid -v<br>
Squid Cache: Version 6.6<br>
Service Name: squid<br>
<br>
This binary uses OpenSSL 1.1.1w-freebsd 11 Sep 2023. For legal
restrictions on distribution see
<a class="moz-txt-link-freetext" href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a><br>
<br>
configure options: '--with-default-user=squid'
'--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin'
'--datadir=/usr/local/etc/squid'
'--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var'
'--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid'
'--with-pidfile=/var/run/squid/squid.pid'
'--with-swapdir=/var/squid/cache' '--without-gnutls'
'--with-included-ltdl' '--enable-build-info'
'--enable-removal-policies=lru heap' '--disable-epoll'
'--disable-arch-native' '--disable-strict-error-checking'
'--without-systemd' '--without-netfilter-conntrack'
'--without-cap' '--enable-eui' '--without-ldap'
'--enable-cache-digests' '--enable-delay-pools' '--disable-ecap'
'--disable-esi' '--without-expat' '--without-xml2'
'--enable-follow-x-forwarded-for' '--with-pthreads'
'--with-heimdal-krb5=/usr' 'CFLAGS=-I/usr/include -O2 -pipe
-fstack-protector-strong -isystem /usr/local/include
-fno-strict-aliasing ' 'LDFLAGS= -pthread
-fstack-protector-strong -L/usr/local/lib ' 'LIBS=-lkrb5 -lgssapi
-lgssapi_krb5 ' 'KRB5CONFIG=/usr/bin/krb5-config'
'krb5_config=/usr/bin/krb5-config' '--enable-htcp'
'--enable-icap-client' '--enable-icmp' '--enable-ident-lookups'
'--enable-ipv6' '--enable-kqueue' '--with-large-files'
'--enable-http-violations' '--without-nettle' '--enable-snmp' '--<b>enable-ssl</b>'
'--<b>with-openssl</b>' '--enable-security-cert-generators=file'
'LIBOPENSSL_CFLAGS=-I/usr/include' 'LIBOPENSSL_LIBS=-lcrypto
-lssl' '--<b>enable-ssl-crtd</b>' '--disable-stacktraces'
'--without-tdb' '--disable-ipf-transparent'
'--enable-ipfw-transparent' '--disable-pf-transparent'
'--without-nat-devpf' '--enable-forw-via-db' '--enable-wccp'
'--enable-wccpv2' '--enable-auth-basic=DB NCSA PAM POP3 RADIUS
SMB_LM fake getpwnam NIS' '--enable-auth-digest=file'
'--enable-auth-negotiate=kerberos wrapper'
'--enable-auth-ntlm=fake SMB_LM' '--enable-log-daemon-helpers=file
DB' '--enable-external-acl-helpers=file_userip unix_group delayer'
'--enable-url-rewrite-helpers=fake LFS'
'--enable-security-cert-validators=fake'
'--enable-storeid-rewrite-helpers=file' '--enable-storeio=aufs
diskd rock ufs' '--enable-disk-io=DiskThreads DiskDaemon AIO
Blocking IpcIo Mmapped' '--prefix=/usr/local'
'--mandir=/usr/local/man' '--disable-silent-rules'
'--infodir=/usr/local/share/info/'
'--build=amd64-portbld-freebsd13.2'
'build_alias=amd64-portbld-freebsd13.2' 'CC=cc' 'CPPFLAGS=-isystem
/usr/local/include' 'CXX=c++' 'CXXFLAGS=-O2 -pipe
-fstack-protector-strong -isystem /usr/local/include
-fno-strict-aliasing -isystem /usr/local/include ' 'CPP=cpp'
'PKG_CONFIG_LIBDIR=/wrkdirs/usr/ports/www/squid/work/.pkgconfig:/usr/local/libdata/pkgconfig:/usr/local/share/pkgconfig:/usr/libdata/pkgconfig'
--enable-ltdl-convenience<br>
</p>
<p># pkg info squid<br>
squid-6.6<br>
Name : squid<br>
Version : 6.6<br>
Installed on : Thu Feb 22 10:57:12 2024 CET<br>
Origin : www/squid<br>
Architecture : FreeBSD:13:amd64<br>
Prefix : /usr/local<br>
Categories : www<br>
Licenses : GPLv2<br>
Maintainer : <a class="moz-txt-link-abbreviated" href="mailto:timp87@gmail.com">timp87@gmail.com</a><br>
WWW : <a class="moz-txt-link-freetext" href="http://www.squid-cache.org/">http://www.squid-cache.org/</a><br>
Comment : HTTP Caching Proxy<br>
Options :<br>
ARP_ACL : on<br>
AUTH_LDAP : off<br>
AUTH_NIS : on<br>
AUTH_SASL : off<br>
AUTH_SMB : off<br>
AUTH_SQL : off<br>
CACHE_DIGESTS : on<br>
DEBUG : off<br>
DELAY_POOLS : on<br>
DOCS : on<br>
ECAP : off<br>
ESI : off<br>
EXAMPLES : on<br>
FOLLOW_XFF : on<br>
FS_AUFS : on<br>
FS_DISKD : on<br>
FS_ROCK : on<br>
GSSAPI_BASE : on<br>
GSSAPI_HEIMDAL : off<br>
GSSAPI_MIT : off<br>
GSSAPI_NONE : off<br>
HTCP : on<br>
ICAP : on<br>
ICMP : on<br>
IDENT : on<br>
IPV6 : on<br>
KQUEUE : on<br>
LARGEFILE : on<br>
LAX_HTTP : on<br>
NETTLE : off<br>
SNMP : on<br>
SSL : on<br>
SSL_CRTD : on<br>
STACKTRACES : off<br>
TDB : off<br>
TP_IPF : off<br>
TP_IPFW : on<br>
TP_PF : off<br>
VIA_DB : on<br>
WCCP : on<br>
WCCPV2 : on<br>
Annotations :<br>
FreeBSD_version: 1302001<br>
build_timestamp: 2024-02-16T15:01:11+0000<br>
built_by : poudriere-git-3.4.1<br>
cpe :
cpe:2.3:a:squid-cache:squid:6.6:::::freebsd13:x64<br>
port_checkout_unclean: no<br>
port_git_hash : 756e18783<br>
ports_top_checkout_unclean: no<br>
ports_top_git_hash: b3e528239<br>
repo_type : binary<br>
repository : FreeBSD<br>
Flat size : 7.99MiB<br>
Description :<br>
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not
quite)<br>
HTTP/1.1 compliant. Squid offers a rich access control,
authorization and<br>
logging environment to develop web proxy and content serving
applications.<br>
</p>
<p><br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:mailman.1282.1712829828.1200.squid-users@lists.squid-cache.org">
<pre class="moz-quote-pre" wrap="">
Is this still that case that I cannot download and use a pre-compiled binary from your site?
Many Thanks
Pin
</pre>
</blockquote>
</body>
</html>