Thursday, 1 November 2012

Squid 3 Compilation on Ubuntu 12 with SSL



Squid 3 - Proxy Server

Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol. (WCCP)

The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid proxy, or caching servers, ensure your system is configured with a large amount of physical memory, as Squid maintains an in-memory cache for increased performance.

_____________________________________________________________________________
Binary installation of squid on Ubuntu 12
sudo su

apt-get install squid

cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original

chmod a-w /etc/squid3/squid.conf.original

vi /etc/squid3/squid.conf
_____________________________________________________________________________

Compilation of Squid 3.2.1 and 3.1.21 on Ubuntu 12

sudo su
 
apt-get update

apt-get upgrade
 
Latest release of 3.2
wget http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.1.tar.gz

Last release of 3.1
wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.21.tar.gz

tar -xzvf squid-3.2.1.tar.gz

apt-get install g++ gawk m4 gcc-multilib

NOTE: if found any error regarding gcc then install it
------------------------------------------------------------------------
sudo add-apt-repository ppa:ubuntu-toolchain-r/test
sudo apt-get update
sudo apt-get install gcc-4.7
------------------------------------------------------------------------

apt-get install smbclient

apt-get install openssl*

apt-get install libcap-*

./configure --prefix=/usr --includedir=/usr/include --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid --enable-delay-pools --enable-ssl --enable-ssl-crtd --enable-linux-netfilter --enable-arp-acl --enable-snmp --enable-gnuregex && echo "Configured Successfully"

NOTE: for squid 3.2.1
--enable-arp-acl replaced with --enable-eui

make all && echo "Compiled Successfully"

make install && echo "Installed Successfully"


cd /usr/share/ssl-cert

openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem  -out myCA.pem

openssl x509 -in myCA.pem -outform DER -out myCA.der

The result file should be imported into the 'Authorities' section of users' browsers.
For example, in FireFox:
1.    Open 'Preferences'
2.    Go to the 'Advanced' section, 'Encryption' tab
3.    Press the 'View Certificates' button and go to the 'Authorities' tab
4.    Press the 'Import' button, select the .der file that was created previously and pres 'OK'


vi /etc/squid/squid.conf

http_port 192.168.5.239:3128 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/share/ssl-cert/myCA.pem

##Also add the following lines to enable SSL bumping:
always_direct allow all
ssl_bump allow all
# the following two options are unsafe and not always necessary:
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

touch /var/logs/cache.log
chown nobody:adm /var/logs/cache.log

touch /var/logs/access.log
chown nobody:adm /var/logs/access.log

chown nobody:adm /var/cache/squid

## To Initialize cache
/usr/sbin/squid -z

## To Run squid
/usr/sbin/squid &

iptables -t nat -A PREROUTING -i eth0 -p tcp --syn --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

echo "1">/proc/sys/net/ipv4/ip_forward

1 comment:

  1. I compiled it and it works completely for me.

    ReplyDelete