oreilly.comSafari Books Online.Conferences.


Deploying Squid, Part 2 of 2

by Jeff Dean

This is the second article in a two-part technical tutorial on the deployment of the Squid web proxy cache.

In last month's article, we discussed the basics of web caching, compiled Squid from source code, and tested a basic configuration. This month, we'll add some automation and a sibling cache server to our configuration.

Starting Squid Automatically

To test our configuration last month, we started Squid manually using the /usr/local/squid/bin/squid command. Of course, on a production server Squid must start by itself. To do this, we could simply add the squid command to rc.local. Squid would put itself in the background (its daemon mode) and run at boot time. However, what we really want is for Squid to be running only when we're in appropriate run levels, so we need a System-V init script. That script will call /usr/local/squid/bin/RunCache, a handy startup script provided with Squid that will restart the daemon if it happens to die. The startup script is provided in Listing 1. We name this file /etc/rc.d/init.d/squid and make links to it for each run level:

# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc0.d/K16squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc1.d/K16squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc2.d/K16squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc3.d/S86squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc4.d/S86squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc5.d/S86squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc6.d/K16squid

Your init directory structure may differ depending on your distribution. With the script and links in place, Squid will start automatically when entering run levels three, four, or five, and shut down for all other run levels. You can also use the script to manually start and stop squid, using these commands:

# /etc/rc.d/init.d/squid start
# /etc/rc.d/init.d/squid stop

Squid's Cache Manager

Squid comes with a rudimentary "manager" application. It is a CGI program that produces interesting up-to-the-minute statistics on the current Squid process. To use CacheManager, you'll need to have a web server installed somewhere on your network. Apache running locally on the Squid server will be used as the example here. First, we'll add a new cgi-bin directory in the Squid hierarchy, place a copy of the CacheManager application in it, and change the ownership of the directory and file:

# mkdir /usr/local/squid/cgi-bin
# cp -p /usr/local/squid/bin/cachemgr.cgi /usr/local/squid/cgi-bin
# chown -R squid.squid /usr/local/squid/cgi-bin

Next, we configure Apache to see the new script directory. In srm.conf:

ScriptAlias /squid/cgi-bin/ "/usr/local/squid/cgi-bin/"

Finally, we set a CacheManager password in squid.conf:

cachemgr_passwd mypwd all

After restarting both Squid and Apache, start a browser and enter this URL:


If everything is working correctly, you should see the CacheManager login screen. Enter the user name "manager" and the password "mypwd" (or whatever password you selected in squid.conf). You should then get the CacheManager main menu. Some of the available options will be more useful to you than others. Spend some time exploring the output from CacheManager with a live Squid server to fully understand the options.

Important note: Deploying the CacheManager as depicted here has security implications. Before adding this configuration to a production Squid server, review the procedures in section 9 of the Squid FAQ.

Browser Autoconfiguration

For a small company, manual configuration of browsers for use with a proxy server may be tolerable. However, in larger enterprises, using automatic configuration is essential. Beginning with Netscape Navigator 2.0, automatic proxy configuration has been available through the use of a JavaScript function contained in a file, usually called proxy.pac (pac stands for "Proxy Auto Configuration"). Netscape defined the autoconfiguration function through the use of a special MIME type of "pac" offered by a web server. We'll rely again on Apache to provide the autoconfiguration file. On your Apache server, add the following line to srm.conf:

AddType application/x-ns-proxy-autoconfig .pac

This instructs Apache to send the new document type with any file ending in .pac. You must restart Apache to include the new AddType directive. Next, modify the domain name in Listing 2 for your site and store the entire file as proxy.pac in /home/httpd/html (or your Apache server's root html directory). Finally, modify the proxy configuration in your browser. For Netscape Communicator, use the "Edit -> Preferences -> Advanced -> Proxies" dialog. This time, select "Automatic Proxy Configuration" and provide the URL to proxy.pac. If you are using a local Apache server on Linux, the URL is:


Browsing should work as before. Using the autoconfigure capability allows you to manage all browsers' proxy configurations simply by modifying the proxy.pac file on your web server, freeing you from manually configuring browsers. For the official word on browser autoconfiguration, see the Navigator Proxy Auto-Config File Format page. There you'll find detailed information on how to configure browsers to selectively use the proxy as appropriate, or to select among multiple proxies.

Pages: 1, 2

Next Pagearrow

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: