Squid
From OpenFSG
|
Intro
Squid: Optimising Web Delivery
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on Unix and Windows and is licensed under the GNU GPL.
Making the most of your Internet Connection
Squid is used by hundreds of Internet Providers world-wide to provide their users with the best possible web access. Squid optimises the data flow between client and server to improve performance and caches frequently-used content to save bandwidth. Squid can also route content requests to servers in a wide variety of ways to build cache server hierarchies which optimise network throughput.
Website Content Acceleration and Distribution
Thousands of web-sites around the Internet use Squid to drastically increase their content delivery. Squid can reduce your server load and improve delivery speeds to clients. Squid can also be used to deliver content from around the world - copying only the content being used, rather than inefficiently copying everything. Finally, Squid's advanced content routing configuration allows you to build content clusters to route and load balance requests via a variety of web servers.
Want to learn more?
The Squid project provides a number of resources to assist users design, implement and support Squid installations. Please browse here for more information.
Installation
ipkg install squid
Configuration
Use the following /opt/etc/squid/squid.conf and change the first 3 lines of squid.conf,
XXX.XXX.XXX.XXX on the http_port line is the internal address of the FSG. (e.g. 192.168.0.1)
hostname in visible_hostname line is the hostname of the FSG. (e.g. fsg.example.com)
nnn.nnn.nnn.nnn in acl our_networks src line to the network address range you want use the proxy. (e.g. 192.168.0.0)
http_port XXX.XXX.XXX.XXX:3128 visible_hostname hostname acl our_networks src nnn.nnn.nnn.nnn/24 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /opt/var/squid/logs/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow all http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow our_networks http_access deny all http_reply_access allow all icp_access allow all coredump_dir /opt/var/squid/cache
Transparent Proxy
To use the FSG as a Transparent proxy.
Change one line in the squid.conf so that
http_port XXX.XXX.XXX.XXX:3128
becomes
http_port XXX.XXX.XXX.XXX:3128 transparent
Change the lines in the /opt/etc/init.d/S80squid
So the iptables lines are put in.
#! /bin/sh
case "$1" in
start)
echo -n "Starting proxy server: "
/opt/sbin/squid -f /opt/etc/squid/squid.conf
#inside
iptables -t nat -A PREROUTING -i eth0 -p tcp --destination-port 80 -j DNAT --to-destination xxx.xxx.xxx.xxx:3128
#Outside
iptables -t nat -A PREROUTING -i eth1 -p tcp --destination-port 80 -j REDIRECT --to-port 3128
echo "done."
;;
stop)
echo -n "Stopping proxy server: "
/opt/sbin/squid -f /opt/etc/squid/squid.conf -k shutdown
echo "done."
;;
reload|force-reload)
echo -n "Reloading proxy server configuration files: "
/opt/sbin/squid -f /opt/etc/squid/squid.conf -k reconfigure
echo "done."
;;
restart)
echo -n "Restarting proxy server: "
/opt/sbin/squid -f /opt/etc/squid/squid.conf -k shutdown
sleep 2
/opt/sbin/squid -f /opt/etc/squid/squid.conf
echo "done."
;;
*)
echo "Usage: /opt/etc/init.d/S80squid {start|stop|reload|force-reload|restart}"
exit 1
;;
esac
exit 0
Comments
Please submit comments in the Forum.
