Install SQUID with Dellay Pool
As I mentioned before, Squid has a feature called delay pools, which allows us to control download bandwidth. Unfortunately, in most distributions, Squid is shipped without that feature.
So if you have Squid already installed, I must disappoint you — you need to uninstall it and do it once again with delay pools enabled in the way I explain below.
- To get maximum performance from our Squid proxy, it’s best to create a separate partition for its cache, called /cache/. Its size should be about 300 megabytes, depending on our needs.If you don’t know how to make a separate partition, you can create the /cache/ directory on a main partition, but Squid performance can suffer a bit.
- We add a safe ‘squid’ user:# useradd -d /cache/ -r -s /dev/null squid >/dev/null 2>&1
No one can log in as squid, including root.
- We download Squid sources from http://www.squid-cache.orgWhen I was writing this HOWTO, the latest version was Squid 2.4 stable 1:
- We unpack everything to /var/tmp:
- # tar xzpf squid-2.4.STABLE1-src.tar.gz
- We compile and install Squid (everthing is in one line):# ./configure --prefix=/opt/squid --exec-prefix=/opt/squid --enable-delay-pools --enable-cache-digests --enable-poll --disable-ident-lookups --enable-truncate --enable-removal-policies
# make all
# make install
- Configure our squid.conf file (located under /opt/squid/etc/squid.conf):
#squid.conf #Every option in this file is very well documented in the original squid.conf file #and on http://www.visolve.com/squidman/Configuration%20Guide.html # #The ports our Squid will listen on http_port 8080 icp_port 3130 #cgi-bins will not be cached acl QUERY urlpath_regex cgi-bin ? no_cache deny QUERY #Memory the Squid will use. Well, Squid will use far more than that. cache_mem 16 MB #250 means that Squid will use 250 megabytes of disk space cache_dir ufs /proxy 250 16 256 redirect_rewrites_host_header off cache_replacement_policy GDSF acl localnet src 192.168.1.0/255.255.255.0 acl localhost src 127.0.0.1/255.255.255.255 acl Safe_ports port 80 443 210 119 70 21 1025-65535 acl CONNECT method CONNECT acl all src 0.0.0.0/0.0.0.0 http_access allow localnet http_access allow localhost http_access deny !Safe_ports http_access deny CONNECT http_access deny all maximum_object_size 3000 KB store_avg_object_size 50 KB #all our LAN users will be seen by external servers #as if they all use Mozilla on Linux :) anonymize_headers deny User-Agent fake_user_agent Mozilla/5.0 (X11; U; Linux 2.4.4 i686) #To make our connection even faster, we put a line similar #to the one below. Don't forget to change the server to your closest! #Measure pings, traceroutes and so on. #Make sure that http and icp ports are correct #cache_peer w3cache.icm.edu.pl parent 8080 3130 no-digest default #This is useful when we want to use the Cache Manager #copy cachemgr.cgi to cgi-bin of your www server cache_mgr your@email cachemgr_passwd secret_password all #This is a name of a user our Squid will work as cache_effective_user squid cache_effective_group squid log_icp_queries off buffered_logs on #####DELAY POOLS #This is the most important part for shaping incoming traffic with Squid #For detailed description see squid.conf file or docs at #http://www.squid-cache.org #We don't want to limit downloads on our local network acl magic_words1 url_regex -i 192.168 #We want to limit downloads of these type of files #Put this all in one line acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav #We don't block .html, .gif, .jpg and similar files, because they #generally don't consume much bandwidth #We have two different delay_pools delay_pools 2 #First delay pool #W don't want to delay our local traffic #There are three pool classes; here we will deal only with the second delay_class 1 2 #-1/-1 mean that there are no limits delay_parameters 1 -1/-1 -1/-1 #magic_words1: 192.168 delay_access 1 allow magic_words1 #Second delay pool #we want to delay downloading files mentioned in magic_words2 delay_class 2 2 #The numbers here are values in bytes; #we must remember that Squid doesn't consider start/stop bits #6000/150000 are values for the whole network #5000/150000 are values for the single IP #after downloaded files exceed about 150000 bytes, #they will continue to download at about 5000 bytes/s delay_parameters 2 6000/150000 5000/150000 delay_access 2 allow magic_words2 #EOF
OK, when we have configured everything, we must make sure everything under /opt/squid and /cache directories belongs to user ‘squid’.
# chown -R squid:squid /opt/squid/
# chown -R squid:squid /cache/
# chown -R squid.squid /opt/squid/
# chown -R squid.squid /cache/
Now everything is ready to run Squid. When we do it for the first time, we have to create its cache directories:
# /opt/squid/usr/bin/squid -z
We run Squid and check if everything is working. A good tool to do that is IPTraf; you can find it on http://freshmeat.net. Make sure you have set the appropriate proxy in your web browsers (192.168.1.1, port 8080 in our example):
If everything is working, we add /opt/squid/usr/bin/squid line to the end of our initializing scripts. Usually, it can be /etc/rc.d/rc.local.
Other helpful options in Squid may be:
# /opt/squid/usr/bin/squid -k reconfigure (it reconfigures Squid if we made any changes in its squid.conf file)
# /opt/squid/usr/bin/squid -help 🙂 self-explanatory
You can also copy cachemgr.cgi to the cgi-bin directory of your WWW server.