Squid Proxy Server 3.1: Beginner’s Guide
Improve the performance of your network using the caching and access control capabilities of Squid
- Get the most out of your network connection by customizing Squid’s access control lists and helpers
- Set up and configure Squid to get your website working quicker and more efficiently
- No previous knowledge of Squid or proxy servers is required
- Part of Packt’s Beginner’s Guide series: lots of practical, easy-to-follow examples accompanied by screenshots
Command line options
Normally, all of the Squid configuration options reside with in the squid.conf file (the main Squid configuration file). To tweak the Squid functionality, the preferred method is to change the options in the squid.conf file. However there are some options which can also be controlled using additional command line options while running Squid.
These options are not very popular and are rarely used, but these are very useful for debugging problems without the Squid proxy server. Before exploring the command line options, let’s see how Squid is run from the command line.
The location of the Squid binary file depends on the –prefix option passed to the configure command before compiling. So, depending upon the value of the –prefix option, the location of the Squid executable may be one of /usr/local/sbin/squid or ${prefix}/sbin/squid, where ${prefix} is the value of the option –prefix passed to the configure command. Therefore, to run Squid, we need to run one of the following commands on the terminal:
- When the –prefix option was not used with the configure command, the default location of the Squid executable will be /usr/local/sbin/squid.
- When the –prefix option was used and was set to a directory, then the location of the Squid executable will be ${prefix}/sbin/squid.
It’s painful to type the absolute path for Squid to run. So, to avoid typing the absolute path, we can include the path to the Squid executable in our PATH shell variable, using the export command as shown in the following example:
$ export PATH=$PATH:/usr/local/sbin/
Alternatively, we can use the following command:
$ export PATH=$PATH:/opt/squid/sbin/
We can also add the preceding command to our ~/.bashrc or ~/.bash_profile file to avoid running the export command every time we enter a new shell.
After setting the PATH shell variable appropriately, we can run Squid by simply typing the following command on shell:
$ squid
This command will run Squid after loading the configuration options from the squid.conf file.
We’ll be using the squid command without an absolute path for running the Squid process. Please use the appropriate path according to the installation prefix which you have chosen.
Now that we know how to run Squid from the command line, let’s have a look at the various command line options.
Getting a list of available options
Before actually moving forward, we should firstly check the available set of options for our Squid installation.
Time for action – listing the options
Like a lot of other Linux programs, Squid also provides the option -h which can be used to retrieve a list of options:
squid -h
The previous command will result in the following output:
Usage: squid [-cdhvzCFNRVYX] [-s | -l facility] [-f config-file] [-[au] port] [-k signal]
-a port Specify HTTP port number (default: 3128).
-d level Write debugging to stderr also.
-f file Use given config-file instead of
/opt/squid/etc/squid.conf.
-h Print help message.
-k reconfigure|rotate|shutdown|interrupt|kill|debug|check|parse
Parse configuration file, then send signal to
running copy (except -k parse) and exit.
-s | -l facility
Enable logging to syslog.
-u port Specify ICP port number (default: 3130), disable with 0.
-v Print version.
-z Create swap directories.
-C Do not catch fatal signals.
-F Don’t serve any requests until store is rebuilt.
-N No daemon mode.
-R Do not set REUSEADDR on port.
-S Double-check swap during rebuild.
…
We will now have a look at a few important options from the preceding list. We will also, have a look at the squid(8) man page or http://linux.die.net/man/8/squid for more details.
What just happened?
We have just used the squid command to list the available options which we can use on the command line.
Getting information about our Squid installation
Various features may vary across different versions of Squid. Before proceeding any further, it’s a good idea to know the version of Squid installed on our machine.
Time for action – finding out the Squid version
Just in case we want to check which version of Squid we are using or the options we used with the configure command before compiling, we can use the option -v on the command line. Let’s run Squid with this option:
squid -v
If we try to run the preceding command in the terminal, it will produce an output similar to the following:
configure options: '--config-cache' '--prefix=/opt/squid/' '--enable-storeio=ufs,aufs' '--enable-removal-policies=lru,heap' '--enable-icmp' '--enable-useragent-log' '--enable-referer-log' '--enable-cache-digests' '--with-large-files' --enable-ltdl-convenience
What just happened?
We used the squid command with the -v option to find out the version of Squid installed on our machine, and the options used with the configure command before compiling Squid.
Creating cache or swap directories
The cache directories specified using the cache_dir directive in the squid.conf file, must already exist before Squid can actually use them.
Time for action – creating cache directories
Squid provides the -z command line option to create the swap directories. Let’s see an example:
squid -z
If this option is used and the cache directories don’t exist already, the output will look similar to the following:
2010/07/20 21:48:35| Creating Swap Directories
2010/07/20 21:48:35| Making directories in /squid_cache/00
2010/07/20 21:48:35| Making directories in /squid_cache/01
2010/07/20 21:48:35| Making directories in /squid_cache/02
2010/07/20 21:48:35| Making directories in /squid_cache/03
…
We should use this option whenever we add new cache directories in the Squid configuration file.
What just happened?
When the squid command is run with the option -z, Squid reads all the cache directories from the configuration file and checks if they already exist. It will then create the directory structure for all the cache directories that don’t exist.
Have a go hero – adding cache directories
Add two or three test cache directories with different values of level 1 (8, 16, and 32) and level 2 (64, 256, and 512) to the configuration file. Then try creating them using the squid command. Now study the difference in the directory structure.
Using a different configuration file
The default location for Squid’s main configuration file is ${prefix}/etc/squid/squid.conf. Whenever we run Squid, the main configuration is read from the default location. While testing or deploying a new configuration, we may want to use a different configuration file just to check whether it will work or not. We can achieve this by using the option -f, which allows us to specify a custom location for the configuration file. Let’s see an example:
squid -f /etc/squid.minimal.conf # OR squid -f /etc/squid.alternate.conf
If Squid is run this way, Squid will try to load the configuration from /etc/squid.minimal.conf or /etc/squid.alternate.conf, and it will completely ignore the squid.conf from the default location.
Getting verbose output
When we run Squid from the terminal without any additional command line options, only warnings and errors are displayed on the terminal (or stderr). However, while testing, we would like to get a verbose output on the terminal, to see what is happening when Squid starts up.
Time for action – debugging output in the console
To get more information on the terminal, we can use the option -d. The following is an example:
squid -d 2
We must specify an integer with the option -d to indicate the verbosity level. Let’s have a look at the meaning of the different levels:
- Only critical and fatal errors are logged when level 0 (zero) is used.
- Level 1 includes the logging of important problems.
- Level 2 and higher includes the logging of informative details and other actions.
Higher levels result in more output on the terminal. A sample output on the terminal with level 2 would look similar to the following:
2010/07/20 21:40:53| Starting Squid Cache version 3.1.10 for i686-pc-linux-gnu…
2010/07/20 21:40:53| Process ID 15861
2010/07/20 21:40:53| With 1024 file descriptors available
2010/07/20 21:40:53| Initializing IP Cache…
2010/07/20 21:40:53| DNS Socket created at [::], FD 7
2010/07/20 21:40:53| Adding nameserver 192.168.36.222 from /etc/resolv.conf
2010/07/20 21:40:53| User-Agent logging is disabled.
2010/07/20 21:40:53| Referer logging is disabled.
2010/07/20 21:40:53| Unlinkd pipe opened on FD 13
2010/07/20 21:40:53| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2010/07/20 21:40:53| Store logging disabled
2010/07/20 21:40:53| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2010/07/20 21:40:53| Target number of buckets: 1008
2010/07/20 21:40:53| Using 8192 Store buckets
2010/07/20 21:40:53| Max Mem size: 262144 KB
2010/07/20 21:40:53| Max Swap size: 0 KB
2010/07/20 21:40:53| Using Least Load store dir selection
2010/07/20 21:40:53| Current Directory is /opt/squid/sbin
2010/07/20 21:40:53| Loaded Icons.
As we can see, Squid is trying to dump a log of actions that it is performing. The messages shown are mostly startup messages and there will be fewer messages when Squid starts accepting connections.
Starting Squid in debug mode is quite helpful when Squid is up and running and users complain about poor speeds or being unable to connect. We can have a look at the debugging output and the appropriate actions to take.
What just happened?
We started Squid in debugging mode and can now see Squid writing an output on the command line, which is basically a log of the actions which Squid is performing. If Squid is not working, we’ll be able to see the reasons on the command line and we’ll be able to take actions accordingly.
Full debugging output on the terminal
The option -d specifies the verbosity level of the output dumped by Squid on the terminal. If we require all of the debugging information on the terminal, we can use the option -X, which will force Squid to write debugging information at every single step. If the option -X is used, we’ll see information about parsing the squid.conf file and the actions taken by Squid, based on the configuration directives encountered. Let’s see a sample output produced when option -X is used:
... 2010/07/21 21:50:51.515| Processing: 'acl my_machines src 172.17.8.175 10.2.44.46 127.0.0.1 172.17.11.68 192.168.1.3' 2010/07/21 21:50:51.515| ACL::Prototype::Registered: invoked for type src 2010/07/21 21:50:51.515| ACL::Prototype::Registered: yes 2010/07/21 21:50:51.515| ACL::FindByName 'my_machines' 2010/07/21 21:50:51.515| ACL::FindByName found no match 2010/07/21 21:50:51.515| aclParseAclLine: Creating ACL 'my_machines' 2010/07/21 21:50:51.515| ACL::Prototype::Factory: cloning an object for type 'src' 2010/07/21 21:50:51.515| aclParseIpData: 172.17.8.175 2010/07/21 21:50:51.515| aclParseIpData: 10.2.44.46 2010/07/21 21:50:51.515| aclParseIpData: 127.0.0.1 2010/07/21 21:50:51.515| aclParseIpData: 172.17.11.68 2010/07/21 21:50:51.515| aclParseIpData: 192.168.1.3 ...
Let’s see what this output means. In the first line, Squid encountered a line defining an ACL my_machines. The next few lines in the output describe Squid invoking different methods to parse, creating a new ACL, and then assigning values to it. This option can be very helpful while debugging ambiguous ACLs.
Running as a normal process
Sometime during testing, we may not want Squid to run as a daemon. Instead, we may want it to run as a normal process which we can interrupt easily by pressing CTRL-C. To achieve this, we can use the option -N. When this option is used, Squid will not run in the background it will run in the current shell instead.
Parsing the Squid configuration file for errors or warnings
It’s a good idea to parse or check the configuration file (squid.conf) for any errors or warnings before we actually try to run Squid, or reload a Squid process which is already running in a production deployment. Squid provides an option -k with an argument parse, which, if supplied, will force Squid to parse the current Squid configuration file and report any errors and warnings. Squid -k is also used to check and report directive and option changes when we upgrade our Squid version.