Web Caching, Proxying with squid
[Ref: OpenBSD 5.6, squid-3.5pre20140626p1.tgz ]
There are at least three values in using a caching proxy, the immediately obvious two are bandwidth optimisation (in the form of minimising unnecessary traffic also known as caching) and control of what resources can be requested from outside (also known as access control through a proxy.)
The third, oft unexplored, value of a caching proxy server such as squid is the records, or logs that it maintains to allow the administrator to further ‘fine-tune’ the performance of the system and to isolate communications from within the environment to the external world.
Optimising Web Access
To install Squid, use the binary packages built by the OpenBSD team as in the example below
# pkg_add /[path-to-package]/squid-3.5pre20140626p1
squid-3.5pre20140626p1: ok The following new rcscripts were installed: /etc/rc.d/squid See rc.d(8) for details. Look in /usr/local/share/doc/pkg-readmes for extra documentation.
Once the package is installed you will be prompted to two items:
- rc.d(8) for details on the rcscript /etc/rc.d/squid
- Further instructions at pkg-readmes
Post Install Instructions
Following the above
The sample configuration in /etc/squid/squid.conf is a simple version with only the most essential options. By default, only RAM-based cache is used, un-comment the cache_dir line to enable a persistent disk cache ("swap"); this is normally kept in /var/squid/cache and must be initialized with "squid -z" before starting the daemon. If you need to place it elsewhere, create the directory and make sure it is owned and writable by user _squid, group _squid.
Configure path for cache_dir.
The sample configuration is the below:
# Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/squid/cache 100 16 256
We can use the basic configuration, by removing the “#” comment
cache_dir ufs /var/squid/cache 100 16 256
We verify that the required permissions are configured on the path:
ls -al /var/squid
total 16 drwxrwx--x 4 _squid _squid 512 Apr 6 15:46 . drwxr-xr-x 25 root wheel 512 Apr 6 15:46 .. drwxrwx--x 2 _squid _squid 512 Apr 6 15:46 cache drwxrwxr-x 2 _squid _squid 512 Apr 6 15:46 logs# ls -al /var/squid/cache
total 8 drwxrwx--x 2 _squid _squid 512 Apr 6 15:46 . drwxrwx--x 4 _squid _squid 512 Apr 6 15:46 ..
Now, configure the cache_dir by executing “squid -z”
2015/04/06 15:58:37 kid1| Set Current Directory to /var/squid/cache 2015/04/06 15:58:37 kid1| Creating missing swap directories 2015/04/06 15:58:37 kid1| /var/squid/cache exists 2015/04/06 15:58:37 kid1| Making directories in /var/squid/cache/00 2015/04/06 15:58:38 kid1| Making directories in /var/squid/cache/01 2015/04/06 15:58:38 kid1| Making directories in /var/squid/cache/02 2015/04/06 15:58:39 kid1| Making directories in /var/squid/cache/03 2015/04/06 15:58:39 kid1| Making directories in /var/squid/cache/04 2015/04/06 15:58:40 kid1| Making directories in /var/squid/cache/05 2015/04/06 15:58:40 kid1| Making directories in /var/squid/cache/06 2015/04/06 15:58:41 kid1| Making directories in /var/squid/cache/07 2015/04/06 15:58:41 kid1| Making directories in /var/squid/cache/08 2015/04/06 15:58:42 kid1| Making directories in /var/squid/cache/09 2015/04/06 15:58:42 kid1| Making directories in /var/squid/cache/0A 2015/04/06 15:58:43 kid1| Making directories in /var/squid/cache/0B 2015/04/06 15:58:43 kid1| Making directories in /var/squid/cache/0C 2015/04/06 15:58:44 kid1| Making directories in /var/squid/cache/0D 2015/04/06 15:58:44 kid1| Making directories in /var/squid/cache/0E 2015/04/06 15:58:45 kid1| Making directories in /var/squid/cache/0F
System Resource Limits
File extract: /etc/login.conf
squid:\ :datasize=1500M:\ :openfiles=4096:\ :tc=daemon:
Sites with very large /etc/login.conf files may wish to create a database version of the file, /etc/login.conf.db, for improved performance. Using a database version for small files does not result in a performance improvement. To build /etc/login.conf.db from /etc/login.conf the following command may be used:
[ -f /etc/login.conf.db ] && /usr/bin/cap_mkdb /etc/login.conf
rc.d startup scripts
Edit the file: /etc/rc.conf.local
Add the rc.d “squid” script to the list of pkg_scripts in /etc/rc.conf.local.
Each restart of the host will automatically start your squid server.
Start squid by using the installed squid rc.d(8) script:
Localised settings in OpenBSD package
It’s useful to know where the standard configuration files, locations are specified for the OpenBSD packages.
# cat /usr/local/share/doc/pkg-readmes/squid-2.7.STABLE9p8-ldap-snmp
$OpenBSD: README,v 1.3 2011/04/14 08:11:50 sthen Exp $ Running Squid on OpenBSD ======================== The local (OpenBSD) differences are: - configuration files are in /etc/squid - sample configuration files are in /usr/local/share/examples/squid - error message files are in /usr/local/share/squid/errors - sample error message files are in /usr/local/share/examples/squid/errors - icons are in /usr/local/share/squid/icons - sample icons are in /usr/local/share/examples/squid/icons - the cache is in /var/squid/cache - logs are stored in /var/squid/logs - the ugid squid runs as is _squid:_squid ... [stuff left out] ...