Deploying Squid, Part 2 of 2
by Jeff Dean03/10/2000
This is the second article in a two-part technical tutorial on the deployment of the Squid web proxy cache.
In last month's article, we discussed the basics of web caching, compiled Squid from source code, and tested a basic configuration. This month, we'll add some automation and a sibling cache server to our configuration.
Starting Squid Automatically
To test our configuration last month, we started Squid manually
using the /usr/local/squid/bin/squid command. Of course, on a
production server Squid must start by itself. To do this, we could
simply add the squid command to rc.local. Squid would
put itself in the background (its daemon mode) and run at boot time.
However, what we really want is for Squid to be running only when
we're in appropriate run levels, so we need a System-V init script.
That script will call /usr/local/squid/bin/RunCache, a handy
startup script provided with Squid that will restart the daemon
if it happens to die. The startup script is provided in
Listing 1. We name this file
/etc/rc.d/init.d/squid and make links to it for each
run level:
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc0.d/K16squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc1.d/K16squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc2.d/K16squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc3.d/S86squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc4.d/S86squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc5.d/S86squid
# ln -s /etc/rc.d/init.d/squid /etc/rc.d/rc6.d/K16squid
Your init directory structure may differ depending on your distribution. With the script and links in place, Squid will start automatically when entering run levels three, four, or five, and shut down for all other run levels. You can also use the script to manually start and stop squid, using these commands:
# /etc/rc.d/init.d/squid start
# /etc/rc.d/init.d/squid stop
Squid's Cache Manager
Squid comes with a rudimentary "manager" application. It is a CGI program that produces interesting up-to-the-minute statistics on the current Squid process. To use CacheManager, you'll need to have a web server installed somewhere on your network. Apache running locally on the Squid server will be used as the example here. First, we'll add a new cgi-bin directory in the Squid hierarchy, place a copy of the CacheManager application in it, and change the ownership of the directory and file:
# mkdir /usr/local/squid/cgi-bin
# cp -p /usr/local/squid/bin/cachemgr.cgi /usr/local/squid/cgi-bin
# chown -R squid.squid /usr/local/squid/cgi-bin
Next, we configure Apache to see the new script directory. In
srm.conf:
ScriptAlias /squid/cgi-bin/ "/usr/local/squid/cgi-bin/"
Finally, we set a CacheManager password in squid.conf:
cachemgr_passwd mypwd all
After restarting both Squid and Apache, start a browser and enter this URL:
http://localhost/squid/cgi-bin/cachemgr.cgi
If everything is working correctly, you should see the CacheManager
login screen. Enter the user name "manager" and the password "mypwd" (or
whatever password you selected in squid.conf). You should
then get the CacheManager main menu. Some of the available options
will be more useful to you than others. Spend some time exploring the
output from CacheManager with a live Squid server to fully understand
the options.
Important note: Deploying the CacheManager as depicted here has security implications. Before adding this configuration to a production Squid server, review the procedures in section 9 of the Squid FAQ.
Browser Autoconfiguration
For a small company, manual configuration of browsers for use with
a proxy server may be tolerable. However, in larger enterprises,
using automatic configuration is essential. Beginning with Netscape
Navigator 2.0, automatic proxy configuration has been available
through the use of a JavaScript function contained in a file, usually
called proxy.pac (pac stands for "Proxy Auto Configuration"). Netscape
defined the autoconfiguration function through the use of a special MIME type
of "pac" offered by a web server. We'll rely again on Apache to
provide the autoconfiguration file. On your Apache server, add the following
line to srm.conf:
AddType application/x-ns-proxy-autoconfig .pac
This instructs Apache to send the new document type with any file
ending in .pac. You must restart Apache to include the new
AddType directive. Next, modify the domain name in Listing 2 for your site and store the entire file
as proxy.pac in /home/httpd/html (or your
Apache server's root html directory). Finally, modify the proxy
configuration in your browser. For Netscape Communicator, use the
"Edit -> Preferences -> Advanced -> Proxies" dialog.
This time, select "Automatic Proxy Configuration" and provide the URL
to proxy.pac. If you are using a local Apache server on
Linux, the URL is:
http://localhost/squid/proxy.pac
Browsing should work as before. Using the autoconfigure capability
allows you to manage all browsers' proxy configurations simply by
modifying the proxy.pac file on your web server, freeing
you from manually configuring browsers. For the official word on
browser autoconfiguration, see the Navigator
Proxy Auto-Config File Format page. There you'll find detailed
information on how to configure browsers to selectively use the proxy
as appropriate, or to select among multiple proxies.
Pages: 1, 2 |
