Squid QUICKSTART (Was: protecting local resources )

On Thursday 2 January 97, at 2 h 37, the keyboard of Duane Wessels
<wessels@nlanr.net> wrote:

> At the various conferences and
> workshops I have heard numerous people say that its too difficult to
> properly configure a web cache, that it needs to be an order of
> magnitude more simple. But at the same time I see users constantly
> asking for additional configuration options.

Squid is, IMHO, quite simple to configure. But, at the present time,
people do not know it and freeze reading the sample squid.conf. Most of
the values do not *need* to be changed but it takes time to discover by
yourself which to change.

So, here is a QUICKSTART which could be included in the distribution,
once the english mistakes are fixed:

--------

Warning: this is intended only for people who want to start their Squid
cache quickly. It is not a substitute for the real documentation. Squid
has many features, but only a few of them are useful at the beginning.
Use this text only if you have a quite simple setup.

After you retrieved, compiled and installed the Squid software (see
INSTALL in the same directory), you have to configure the squid.conf
file. This is the list of the values you *need* to change, because no
sensible defaults could be defined. Do not touch the other variables for
now.

If you have a parent cache, put it here. The administrators of the parent
cache typically provided you with instructions. Here is a example:

cache_host cache.parent-domain.org parent 3128 3130

If you do not have a parent cache, add nothing.

Add here the amount of memory (RAM memory) to devote to caching. Warning:
Squid uses much more than this value. Rule of thumb: if you have N
megabytes free for Squid, put N/3 here:

cache_mem 16

Add here the amount of hard disk space (in megabytes) to devote to
caching:

cache_swap 200

List of ACL (access control list). This is important because it prevents
people to steal your network resources. To fill in the "allowedSons" ACL,
use your network address (for instance 192.168.10.0 and your network mask
(for instance 255.255.255.0):

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl allowedSons src 192.168.10.0/255.255.255.0
http_access deny manager all
http_access allow allowedSons
http_access deny all
icp_access allow allowedSons
icp_access deny all

Put here the e-mail address of the manager:

cache_mgr cachemaster@your-domain.org

Find a name (typically "nobody") and a group to run the cache. Do not use
root, for security reasons.

cache_effective_user nobody nogroup

The name you advertise for the cache:

visible_hostname cache.your-domain.org

Now, give the log directory to the user you have choosen before (here,
"nobody"). Do this as "root":

chown nobody /usr/local/squid/logs

Create and give to it the cache directory:

mkdir /usr/local/squid/cache
chown nobody /usr/local/squid/cache

Now, you can start Squid (do this as "root"):

/usr/local/squid/bin/squid

Check in the cache.log (by default "/usr/local/squid/logs/cache.log")
that everything is all right ("WARNING: Cannot write to swap directory"
is normal the first time you run Squid).

Once Squid created all its files (it can take several minutes on some
systems), test it with echoping or a regular Web client. By default, your
Squid will run on port 3128. See the Squid FAQ for more details.

Tell your Unix to start Squid at startup (it depends heavily on the Unix
you use, you'll typically have to modify something in a
/etc/rc_something).
Received on Fri Jan 03 1997 - 02:43:38 MST