[squid-users] Squid as a http/https transparent web proxy in 2024.... do I still have to build from source?

David Komanek david.komanek at natur.cuni.cz
Thu Apr 11 12:34:25 UTC 2024 

> Date: Thu, 11 Apr 2024 09:55:14 +0000
> From: PinPin Poola<pinpinpoola at hotmail.com>
> To:"squid-users at lists.squid-cache.org"
> 	<squid-users at lists.squid-cache.org>
> Subject: [squid-users] Squid as a http/https transparent web proxy in
> 	2024.... do I still have to build from source?
> Message-ID:
> 	<CWLP123MB6315CFE4C893F5D1AD2A885DB2052 at CWLP123MB6315.GBRP123.PROD.OUTLOOK.COM>
> 	
> Content-Type: text/plain; charset="iso-8859-1"
>
> I have put this off for a while, as I find everything about squid very intimidating. The fact you still use an email mailing list and not a web forum site amazes & scares me in equal part.
>
> I am probably using the wrong terminology here, but I now desperately need to build a http/https transparent web proxy with two interfaces, so that clients on a isolated/non-Internet routable subnet can download some large (25GB+) packages.
>
> I don't care which Linux distro tbh; but would prefer Ubuntu as I have most familiarity with it.
>
> I have watched a few old YouTube videos of people explaining that at the time to do this you had to build from source and add switches like "--enable-ssl --enable-ssl-crtd --with-openssl \" before compiling the code.

At least for FreeBSD binary-packaged squid these three switches should 
be on, but I don't know if they are sufficient.

# uname -vm
FreeBSD 13.3-RELEASE-p1 GENERIC amd64

# squid -v
Squid Cache: Version 6.6
Service Name: squid

This binary uses OpenSSL 1.1.1w-freebsd  11 Sep 2023. For legal 
restrictions on distribution see https://www.openssl.org/source/license.html

configure options:  '--with-default-user=squid' 
'--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' 
'--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' 
'--localstatedir=/var' '--sysconfdir=/usr/local/etc/squid' 
'--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' 
'--with-swapdir=/var/squid/cache' '--without-gnutls' 
'--with-included-ltdl' '--enable-build-info' 
'--enable-removal-policies=lru heap' '--disable-epoll' 
'--disable-arch-native' '--disable-strict-error-checking' 
'--without-systemd' '--without-netfilter-conntrack' '--without-cap' 
'--enable-eui' '--without-ldap' '--enable-cache-digests' 
'--enable-delay-pools' '--disable-ecap' '--disable-esi' 
'--without-expat' '--without-xml2' '--enable-follow-x-forwarded-for' 
'--with-pthreads' '--with-heimdal-krb5=/usr' 'CFLAGS=-I/usr/include -O2 
-pipe -fstack-protector-strong -isystem /usr/local/include 
-fno-strict-aliasing ' 'LDFLAGS=  -pthread -fstack-protector-strong 
-L/usr/local/lib ' 'LIBS=-lkrb5 -lgssapi -lgssapi_krb5 ' 
'KRB5CONFIG=/usr/bin/krb5-config' 'krb5_config=/usr/bin/krb5-config' 
'--enable-htcp' '--enable-icap-client' '--enable-icmp' 
'--enable-ident-lookups' '--enable-ipv6' '--enable-kqueue' 
'--with-large-files' '--enable-http-violations' '--without-nettle' 
'--enable-snmp' '--*enable-ssl*' '--*with-openssl*' 
'--enable-security-cert-generators=file' 
'LIBOPENSSL_CFLAGS=-I/usr/include' 'LIBOPENSSL_LIBS=-lcrypto -lssl' 
'--*enable-ssl-crtd*' '--disable-stacktraces' '--without-tdb' 
'--disable-ipf-transparent' '--enable-ipfw-transparent' 
'--disable-pf-transparent' '--without-nat-devpf' '--enable-forw-via-db' 
'--enable-wccp' '--enable-wccpv2' '--enable-auth-basic=DB NCSA PAM POP3 
RADIUS SMB_LM fake getpwnam NIS' '--enable-auth-digest=file' 
'--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake 
SMB_LM' '--enable-log-daemon-helpers=file DB' 
'--enable-external-acl-helpers=file_userip unix_group delayer' 
'--enable-url-rewrite-helpers=fake LFS' 
'--enable-security-cert-validators=fake' 
'--enable-storeid-rewrite-helpers=file' '--enable-storeio=aufs diskd 
rock ufs' '--enable-disk-io=DiskThreads DiskDaemon AIO Blocking IpcIo 
Mmapped' '--prefix=/usr/local' '--mandir=/usr/local/man' 
'--disable-silent-rules' '--infodir=/usr/local/share/info/' 
'--build=amd64-portbld-freebsd13.2' 
'build_alias=amd64-portbld-freebsd13.2' 'CC=cc' 'CPPFLAGS=-isystem 
/usr/local/include' 'CXX=c++' 'CXXFLAGS=-O2 -pipe 
-fstack-protector-strong -isystem /usr/local/include 
-fno-strict-aliasing  -isystem /usr/local/include ' 'CPP=cpp' 
'PKG_CONFIG_LIBDIR=/wrkdirs/usr/ports/www/squid/work/.pkgconfig:/usr/local/libdata/pkgconfig:/usr/local/share/pkgconfig:/usr/libdata/pkgconfig' 
--enable-ltdl-convenience

# pkg info squid
squid-6.6
Name           : squid
Version        : 6.6
Installed on   : Thu Feb 22 10:57:12 2024 CET
Origin         : www/squid
Architecture   : FreeBSD:13:amd64
Prefix         : /usr/local
Categories     : www
Licenses       : GPLv2
Maintainer     : timp87 at gmail.com
WWW            : http://www.squid-cache.org/
Comment        : HTTP Caching Proxy
Options        :
     ARP_ACL        : on
     AUTH_LDAP      : off
     AUTH_NIS       : on
     AUTH_SASL      : off
     AUTH_SMB       : off
     AUTH_SQL       : off
     CACHE_DIGESTS  : on
     DEBUG          : off
     DELAY_POOLS    : on
     DOCS           : on
     ECAP           : off
     ESI            : off
     EXAMPLES       : on
     FOLLOW_XFF     : on
     FS_AUFS        : on
     FS_DISKD       : on
     FS_ROCK        : on
     GSSAPI_BASE    : on
     GSSAPI_HEIMDAL : off
     GSSAPI_MIT     : off
     GSSAPI_NONE    : off
     HTCP           : on
     ICAP           : on
     ICMP           : on
     IDENT          : on
     IPV6           : on
     KQUEUE         : on
     LARGEFILE      : on
     LAX_HTTP       : on
     NETTLE         : off
     SNMP           : on
     SSL            : on
     SSL_CRTD       : on
     STACKTRACES    : off
     TDB            : off
     TP_IPF         : off
     TP_IPFW        : on
     TP_PF          : off
     VIA_DB         : on
     WCCP           : on
     WCCPV2         : on
Annotations    :
     FreeBSD_version: 1302001
     build_timestamp: 2024-02-16T15:01:11+0000
     built_by       : poudriere-git-3.4.1
     cpe            : cpe:2.3:a:squid-cache:squid:6.6:::::freebsd13:x64
     port_checkout_unclean: no
     port_git_hash  : 756e18783
     ports_top_checkout_unclean: no
     ports_top_git_hash: b3e528239
     repo_type      : binary
     repository     : FreeBSD
Flat size      : 7.99MiB
Description    :
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite)
HTTP/1.1 compliant. Squid offers a rich access control, authorization and
logging environment to develop web proxy and content serving applications.



>
> Is this still that case that I cannot download and use a pre-compiled binary from your site?
>
> Many Thanks
> Pin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240411/6679f5a8/attachment.htm>

More information about the squid-users mailing list