Squid Stable 9 Under CentOS 5.4 Minimal

CentOS 5.4 minimal? WTM? (What the Minimal – lol). Well, normally CentOS installation needs 5 CD, but here we just need 1 CD, only base package for the installation, that’s why i called CentOS minimal, even it’s suite for the need of proxy machine, we only install the necessary package so it will be lighter.

What is squid?
http://www.squid-cache.org/

PC Rig

  • Intel Atom D945GCLF2D
  • HDD Seagate Barracuda 80GB SATAII
  • RAM VGEN 2GB PC6400
  • NIC DLINK 100Mbps
  • PSU Acbel 420 Watt


CHAPTER 1: Preparation
a. Requirement
CentOS 5.4 CD 1 only
http://mirror.optus.net/centos/5.4/isos/i386/CentOS-5.4-i386-bin-1of6.iso
or
http://isoredirect.centos.org/centos/5/isos/i386

b. Check the file MD5 and burn to CD

c. BIOS Setting

  • Turn off Hyper Threading feature for Intel Processor User because in the installation process we’ll choose “acpi=off“, so it will be no use to activate this feature in BIOS.
  • Turn off ALL onboard device except VGA. If you’re ask about “what about NIC? Why don’t we use on board NIC?”. You have to use the better NIC for squid, to stabilize your inbound and outbound connection, on board NIC doesn’t good for it.
  • Set SATA as AHCI (if your motherboard has this feature), otherwise set to NATIVE, not LEGACY
  • And of course don’t forget to set booting from CD -lol-
  • For another tweak setting, you can search in google

CHAPTER 2: CentOS Installation
a. Boot from CentOS CD
b. Installation progress
Throw away acpi from CentOS kernel:

#boot: linux acpi=off

Installation starting. CentOS installation is easy, you just have to click next repeatedly, but there are 3 steps you have to note.

1. Partitioning

This is my partition setting for example.
/boot ext3 110MB
/swap 2GB
/cache1 ext2 10GB
/cache2 ext2 10GB
/cache3 ext2 10GB
/ext3 leftover space

note: CentOS is sometimes act weird if swap < ram, so set swap = ram

2. Network Interface Setting
Topology:
Mikrotik IP interface connected to CentOS machine: 192.168.2.1/24
CentOS IP machine: 192.168.2.2/24
Gateway & DNS CentOS server machine: 192.168.2.1

don’t forget to turn off IPV6

3. Package Selection
Do not choose any package or you’ll be asked for CD 2

You make a coffee or tea while installation is on progress

CHAPTER 3: fstab, iptables & selinux
Login to your squid engine

1. Edit fstab

#vi /etc/fstab

This is the config sample i used in fstab

2. Disable Selinux

#vi /etc/selinux/config

>

change selinux=enforcing to selinux=disabled

3. Iptables

#yum erase -y iptables

and then reboot

#reboot

CHAPTER 4: Deploy Squid 2.7 STABLE 9 on CentOS
1. Install dependencies & needed packages
Make sure CentOS is connected to the internet

#yum install -y perl gcc autoconf automake make sudo wget

2. Installing Squid

#cd /usr/src
#wget http://www.squid-cache.org/Versions/v2/2.7/squid-2.7.STABLE9.tar.gz
#tar -zxvf squid* && cd squid*
#./configure
–program-prefix= –prefix=/usr 
–sysconfdir=/etc/squid 
–enable-async-io 
–enable-poll 
–enable-gnuregex 
–enable-carp 
–enable-storeio=aufs,diskd,ufs,null 
–enable-forw-via-db 
–enable-icmp 
–enable-cache-digests 
–enable-removal-policies=lru,heap 
–enable-truncate 
–enable-default-err-language=English 
–enable-err-languages=English 
–enable-linux-netfilter 
–disable-ident-lookups 
–disable-wccp 
–disable-wccpv2 
–with-pthreads 
–with-aio 
–with-dl 
–with-maxfd=65535
#make && umask 022 && make install && make clean
#groupadd squid
#useradd -g squid squid

Edit /etc/squid/squid.conf before initialized cache & running squid

# START HERE
# —————————————————————————–
acl QUERY urlpath_regex -i cgi-bin ? localhost
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl mikrotik src 192.168.2.0/24
acl to_localhost dst 127.0.0.0/8
acl OLCNETWORK src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl snmppublic snmp_community public
acl CONNECT method CONNECT
acl PURGE method PURGE
snmp_access allow snmppublic localhost
http_access allow PURGE localhost
http_access deny PURGE
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow OLCNETWORK
http_access allow mikrotik
snmp_access deny all
http_access deny all

# NETWORK OPTIONS
# —————————————————————————–

http_port 3128 transparent
zph_mode tos
zph_local 0×30
zph_parent 0
zph_option 136

# PARENT/SIBLING CACHE OPTIONS
# —————————————————————————–

hierarchy_stoplist cgi-bin localhost

# OPTIONS WHICH AFFECT THE CACHE SIZE
# —————————————————————————–

cache_mem 8 MB
maximum_object_size_in_memory 64 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache1 7500 16 256
cache_dir aufs /cache2 7500 16 256
cache_dir aufs /cache3 7500 16 256
store_dir_select_algorithm least-load
maximum_object_size 20480 KB
cache_swap_low 90
cache_swap_high 95
update_headers off

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# —————————————————————————–

access_log none
cache_log /dev/null
cache_store_log none
logfile_rotate 5
log_ip_on_direct off
log_icp_queries off
buffered_logs off
netdb_filename none
pid_filename /var/run/squid.pid

# OPTIONS FOR TUNING THE CACHE
# —————————————————————————–

cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i .(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i .(rpm|cab|deb|exe|msi|psd|msu|zip|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i .(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 1440 90% 10080

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
store_avg_object_size 32 KB

# HTTP OPTIONS
# —————————————————————————–

server_http11 on
collapsed_forwarding on
vary_ignore_expire on
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all

# TIMEOUTS
# —————————————————————————–

forward_timeout 240 seconds
connect_timeout 60 seconds
peer_connect_timeout 5 seconds
read_timeout 600 seconds
request_timeout 60 seconds
persistent_request_timeout 60 seconds
client_lifetime 86400 seconds
half_closed_clients off
pconn_timeout 60 seconds
shutdown_lifetime 15 seconds

# ADMINISTRATIVE PARAMETERS
# —————————————————————————–

cache_mgr OLCNETWORK
cache_effective_user squid
cache_effective_group squid
httpd_suppress_version_string on
visible_hostname OLCNETWORK

# ADVANCED NETWORKING OPTIONS
# —————————————————————————–

max_filedescriptors 65535

# DNS OPTIONS
# —————————————————————————–

check_hostnames off
dns_timeout 30 seconds
dns_nameservers 192.168.2.1
hosts_file /etc/hosts
ipcache_size 8192
ipcache_low 95
ipcache_high 98
fqdncache_size 4096

# MISCELLANEOUS
# —————————————————————————–

memory_pools off
forwarded_for off
reload_into_ims on
coredump_dir /home/squid
pipeline_prefetch on

chown cache dir

#chown -R squid:squid /cache1
#chown -R squid:squid /cache2
#chown -R squid:squid /cache3

initialized cache:

#sudo -u squid squid -z

Running Squid:

#squid -sYD

3. Startup

edit /etc/rc.local and add these lines:

echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
ulimit -HSn 65535
squid -YD

Reboot, just to test startup working or not.
Done, enjoy your Squid on Centos 5.4

3 Responses to “Squid Stable 9 Under CentOS 5.4 Minimal”


  1. leoui

    Dut, may i go to your warnet and ask you for installing this CentOS on my laptop?

  2. buzzknow

    so this is squid for warnet om?

  3. #root

    @leoui
    sorry you’re out of topic

    @buzzknow
    this is squid installed under CentOS minimum