CentOS6にsquid-3.1.16をソースからインストールした時の備忘録です。

■squid公式
http://www.squid-cache.org/

■OS
CentOS 6.0 64bit

■squidバージョン
squid-3.1.16

(1)squidをダウンロード

[root@example ~]# cd /usr/local/src/
[root@example src]# wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.16.tar.gz

(2)必要なパッケージのインストール
[root@example src]# yum -y install openldap-devel krb5-devel db4-devel libcap-devel expat-devel libxml2-devel openssl-devel pam-devel gcc-c++

(3)squidユーザー作成
[root@example src]# groupadd -g 23 squid
[root@example src]# useradd -g 23 -u 23 -d /var/spool/squid -r -s /sbin/nologin squid

(4)squidのインストール
[root@example src]# tar zxvf squid-3.1.16.tar.gz
[root@example src]# cd squid-3.1.16
[root@example squid-3.1.16]# ./configure \
   --exec_prefix=/usr \
   --libexecdir=/usr/lib/squid \
   --localstatedir=/var \
   --datadir=/usr/share/squid \
   --sysconfdir=/etc/squid \
   --with-logdir=/var/log/squid \
   --with-pidfile=/var/run/squid.pid \
   --disable-dependency-tracking \
   --enable-arp-acl \
   --enable-follow-x-forwarded-for \
   --enable-auth="basic,digest,ntlm,negotiate" \
   --enable-basic-auth-helpers="LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth" \
   --enable-ntlm-auth-helpers="smb_lm,no_check,fakeauth" \
   --enable-digest-auth-helpers="password,ldap,eDirectory" \
   --enable-negotiate-auth-helpers="squid_kerb_auth" \
   --enable-external-acl-helpers="ip_user,ldap_group,session,unix_group,wbinfo_group" \
   --enable-cache-digests \
   --enable-cachemgr-hostname=localhost \
   --enable-delay-pools \
   --enable-epoll \
   --enable-icap-client \
   --enable-ident-lookups \
   --with-large-files \
   --enable-linux-netfilter \
   --enable-referer-log \
   --enable-removal-policies="heap,lru" \
   --enable-snmp \
   --enable-ssl \
   --enable-storeio="aufs,diskd,ufs" \
   --enable-useragent-log \
   --enable-wccpv2 \
   --enable-esi \
   --with-aio \
   --with-default-user="squid" \
   --with-filedescriptors=16384 \
   --with-dl \
   --with-openssl \
   --with-pthreads
[root@example squid-3.1.16]# make
[root@example squid-3.1.16]# make install

(5)squidのオプションファイルを作成
[root@example ~]# vi /etc/sysconfig/squid
# default squid options
SQUID_OPTS=""

# Time to wait for Squid to shut down when asked. Should not be necessary
# most of the time.
SQUID_SHUTDOWN_TIMEOUT=100

# default squid conf file
SQUID_CONF="/etc/squid/squid.conf"

(6)squidのlogrotateファイルを作成
[root@example ~]# vi /etc/logrotate.d/squid
/var/log/squid/*.log {
    compress
    delaycompress
    notifempty
    missingok
    sharedscripts
    postrotate
      /usr/sbin/squid -k reconfigure 2>/dev/null
      sleep 1
    endscript
}
※squidのローテート機能ではなく、logrotateの機能を利用してローテートする。

(7)squidのpamファイルを作成
[root@example ~]# vi /etc/pam.d/squid
#%PAM-1.0
auth            include         password-auth
account         include         password-auth

(8)suqidの起動スクリプトを作成
[root@example ~]# vi /etc/rc.d/init.d/squid
#!/bin/bash
# chkconfig: - 90 25
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid.conf
#
### BEGIN INIT INFO
# Provides: squid
# Short-Description: starting and stopping Squid Internet Object Cache
# Description: Squid - Internet Object Cache. Internet object caching is \
#       a way to store requested Internet objects (i.e., data available \
#       via the HTTP, FTP, and gopher protocols) on a system closer to the \
#       requesting site than to the source. Web browsers can then use the \
#       local Squid cache as a proxy HTTP server, reducing access time as \
#       well as bandwidth consumption.
### END INIT INFO


PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

if [ -f /etc/sysconfig/squid ]; then
        . /etc/sysconfig/squid
fi

# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-""}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}

# determine the name of the squid binary
[ -f /usr/sbin/squid ] && SQUID=squid

prog="$SQUID"

# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
        grep cache_dir | awk '{ print $3 }'`

RETVAL=0

probe() {
        # Check that networking is up.
        [ ${NETWORKING} = "no" ] && exit 1

        [ `id -u` -ne 0 ] && exit 4

        # check if the squid conf file is present
        [ -f $SQUID_CONF ] || exit 6
}

start() {
        probe

        parse=`$SQUID -k parse -f $SQUID_CONF 2>&1`
        RETVAL=$?
        if [ $RETVAL -ne 0 ]; then
                echo -n $"Starting $prog: "
                echo_failure
                echo
                echo "$parse"
                return 1
        fi
        for adir in $CACHE_SWAP; do
                if [ ! -d $adir/00 ]; then
                        echo -n "init_cache_dir $adir... "
                        $SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
                fi
        done
        echo -n $"Starting $prog: "
        $SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
        RETVAL=$?
        if [ $RETVAL -eq 0 ]; then
                timeout=0;
                while : ; do
                        [ ! -f /var/run/squid.pid ] || break
                        if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
                                RETVAL=1
                                break
                        fi
                        sleep 1 && echo -n "."
                        timeout=$((timeout+1))
                done
        fi
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
        [ $RETVAL -eq 0 ] && echo_success
        [ $RETVAL -ne 0 ] && echo_failure
        echo
        return $RETVAL
}

stop() {
        echo -n $"Stopping $prog: "
        $SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
        RETVAL=$?
        if [ $RETVAL -eq 0 ] ; then
                $SQUID -k shutdown -f $SQUID_CONF &
                rm -f /var/lock/subsys/$SQUID
                timeout=0
                while : ; do
                        [ -f /var/run/squid.pid ] || break
                        if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
                                echo
                                return 1
                        fi
                        sleep 2 && echo -n "."
                        timeout=$((timeout+2))
                done
                echo_success
                echo
        else
                echo_failure
                if [ ! -e /var/lock/subsys/$SQUID ]; then
                        RETVAL=0
                fi
                echo
        fi
        return $RETVAL
}

reload() {
        $SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF
}

restart() {
        stop
        start
}

condrestart() {
        [ -e /var/lock/subsys/squid ] && restart || :
}

rhstatus() {
        status $SQUID && $SQUID -k check -f $SQUID_CONF
}


case "$1" in
start)
        start
        ;;

stop)
        stop
        ;;

reload|force-reload)
        reload
        ;;

restart)
        restart
        ;;

condrestart|try-restart)
        condrestart
        ;;

status)
        rhstatus
        ;;

probe)
        probe
        ;;

*)
        echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}"
        exit 2
esac

exit $?
[root@example ~]# chmod +x /etc/rc.d/init.d/squid

(9)キャッシュディレクトリを保存するディレクトリ作成
[root@example ~]# mkdir /var/cache/squid/

(10)パーミッションの変更
[root@example ~]# chown squid:squid /var/log/squid/
[root@example ~]# chown squid:squid /var/cache/squid/

(11)squidの設定変更
[root@example ~]# vi /etc/squid/squid.conf
cache_mem 256 MB # 追加
#cache_dir ufs /var/cache 100 16 256
↓ # 変更(例)
cache_dir ufs /var/cache/squid 600 16 256

visible_hostname        example.local # 追加(squidを起動するホスト名)
※適切な値にしてください。

(12)キャッシュディレクトリ作成
[root@example ~]# squid -z
2011/11/13 03:20:19| Creating Swap Directories
2011/11/13 03:20:19| /var/cache/squid exists
2011/11/13 03:20:19| Making directories in /var/cache/squid/00
2011/11/13 03:20:19| Making directories in /var/cache/squid/01
2011/11/13 03:20:19| Making directories in /var/cache/squid/02
2011/11/13 03:20:19| Making directories in /var/cache/squid/03
2011/11/13 03:20:19| Making directories in /var/cache/squid/04
2011/11/13 03:20:19| Making directories in /var/cache/squid/05
2011/11/13 03:20:19| Making directories in /var/cache/squid/06
2011/11/13 03:20:19| Making directories in /var/cache/squid/07
2011/11/13 03:20:19| Making directories in /var/cache/squid/08
2011/11/13 03:20:19| Making directories in /var/cache/squid/09
2011/11/13 03:20:19| Making directories in /var/cache/squid/0A
2011/11/13 03:20:19| Making directories in /var/cache/squid/0B
2011/11/13 03:20:19| Making directories in /var/cache/squid/0C
2011/11/13 03:20:19| Making directories in /var/cache/squid/0D
2011/11/13 03:20:19| Making directories in /var/cache/squid/0E
2011/11/13 03:20:19| Making directories in /var/cache/squid/0F

(12)squidの起動
[root@example ~]# service squid start
squid を起動中: .                                          [  OK  ]
[root@example ~]# lsof -i:3128
COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
squid   16215 squid   14u  IPv4 139803      0t0  TCP *:squid (LISTEN)

後は、お好みに設定するだけ:D


11月 13, 2011 at 3:16 am by 黒ぶちメガネ
Category: Linux, proxy