Squid is a caching proxy that can reduce the bandwidth consumption by caching frequently requested static resources and delivers them to clients offline, saving precious bandwidth and enhances browsing experience.
It is preferably to configure Squid in transperent mode, in which you do configure your firewall "router" as well to intercept all outbound traffic to port 80, for example, and redirect it to Squid on port 3128, the default. At that point, Squid does some magic, pours and mixes chemicals to determine if the requested resource is already in the cache or not, and if it has a valid expiry date. Based on this decission, Squid retreives the requested resource and cache it, or, directly push the rewource from the cache.
The default squid.conf file will suffice for most cases. It is very very well documented and commented. However, there are two directives need to be revised:
http_port 127.0.0.1:3128 transparent
and
acl localnet src 10.10.10.0/24
The first one, http_port, defines the IP address that squid daemon will bind to and the port that is should listen on. The most important of all in the directive is the "transperent" part. If you skipped it, you will have "Invalid Request" errors orinted on the clients' browsers.
The second directive, acl, defines the local network ID. This directive is later interpreted by another directive, acl allow localnet.
Then you have the firewall part. In this document, we will be using PF on an OpenBSD 4.9 machine. The relevant config segements from pf.conf are:
match in on $int_if inet proto tcp from any to any port www rdr-to 127.0.0.1 port 3128
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state
Reload your PF rules:
pfctl -f /etc/pf.conf
Initialize Squid cache:
squid -z
Confogure Squid to run at system boot:
vi /etc/rc.local and add:
if [ -x /usr/local/sbin/squid ]; then
echo -n ' squid'
/usr/local/sbin/squid
fi
Now, you can start Squid manually (instead of doing a system reboot) with:
squid
Squid will run in the background. Each subsequent system reboot, Squid will also run with no further interaction.
It is preferably to configure Squid in transperent mode, in which you do configure your firewall "router" as well to intercept all outbound traffic to port 80, for example, and redirect it to Squid on port 3128, the default. At that point, Squid does some magic, pours and mixes chemicals to determine if the requested resource is already in the cache or not, and if it has a valid expiry date. Based on this decission, Squid retreives the requested resource and cache it, or, directly push the rewource from the cache.
The default squid.conf file will suffice for most cases. It is very very well documented and commented. However, there are two directives need to be revised:
http_port 127.0.0.1:3128 transparent
and
acl localnet src 10.10.10.0/24
The first one, http_port, defines the IP address that squid daemon will bind to and the port that is should listen on. The most important of all in the directive is the "transperent" part. If you skipped it, you will have "Invalid Request" errors orinted on the clients' browsers.
The second directive, acl, defines the local network ID. This directive is later interpreted by another directive, acl allow localnet.
Then you have the firewall part. In this document, we will be using PF on an OpenBSD 4.9 machine. The relevant config segements from pf.conf are:
match in on $int_if inet proto tcp from any to any port www rdr-to 127.0.0.1 port 3128
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state
Reload your PF rules:
pfctl -f /etc/pf.conf
Initialize Squid cache:
squid -z
Confogure Squid to run at system boot:
vi /etc/rc.local and add:
if [ -x /usr/local/sbin/squid ]; then
echo -n ' squid'
/usr/local/sbin/squid
fi
Now, you can start Squid manually (instead of doing a system reboot) with:
squid
Squid will run in the background. Each subsequent system reboot, Squid will also run with no further interaction.
 
It is truly a well-researched content and excellent wording. I got so engaged in this material that I couldn’t wait to read. Read more info about Cpanel Hosting Reseller. I am impressed with your work and skill. Thanks.
ReplyDeleteThanks for your post. It's very helpful post for us. You can also visit Social Media Management for more Victor Steel related information. I would like to thanks for sharing this article here.
ReplyDeleteI admire this article for the well-researched content and excellent wording. Cloud vps. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much.
ReplyDeleteYou have done good work by publishing this article here.Perfect Money Hosting I found this article too much informative, and also it is beneficial to enhance our knowledge. Grateful to you for sharing an article like this.
ReplyDeletecheck this kind of article and I found your article which is related to my interest.Buy Hosting with Perfect Money Genuinely it is good and instructive information. Thankful to you for sharing an article like this.
ReplyDeleteI generally check this kind of article and I found your article which is related to my interest. Genuinely it is good and instructive information. Thankful to you for sharing an article like this.Buy Dedicated Server In Oslo
ReplyDelete