Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Compiling newer Squid 3.4.5 in SL 6.5, Includes SSL-Bump related items
Screwballl
 Posted: Jun 18 2014, 01:49 AM
Quote Post


SLF Junior
**

Group: Members
Posts: 28
Member No.: 3067
Joined: 14-April 14









Some of us need the options available in newer versions of squid (such as ssl-bump and other SSL related extras) that the current 3.1.10 available in the SL repo does not provide. This howto is how I was able to compile it from source.

NOTE: You need perl and a few other things to ensure this works. The "yum install" items I show here were just items I needed myself (or added here just in case some of you need them), you may need more or less depending on your usage and current setup. Luckily yum is pretty tolerant, so if you already have some of these packages installed, it should just say "package already installed" and skip it.


cd to /usr/src/
CODE
wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.5.tar.gz


Usual build chain:
CODE
yum install perl gcc autoconf automake make openssl sudo wget


Extra pkgs for CentOS/SL based installs:
CODE
yum install libxml2-devel libcap-devel gcc gcc-c++ avr-gcc-c++

CODE
yum install libtool-ltdl-devel openssl-devel

CODE
yum install ksh perl-Crypt-OpenSSL-X509.x86_64


You could add all of these on one line, I just added them as configure and make errors presented themselves to me.

Extract source file:
CODE
tar -xvf squid-3.4.5.tar.gz

CODE
cd  squid-3.4.5

CODE
./configure '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl' '--enable-ssl-crtd' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig' –enable-ltdl-convenience


CODE
make
(this will probably take a while with all those options, took about 4 minutes with my newer dual core system, will take much longer on older systems)
CODE
make install


CODE
adduser -M squid

CODE
chown -R squid /var/log/squid

CODE
chmod 4755 /usr/lib64/squid/pinger

CODE
chown -R squid /var/cache/squid

CODE
restorecon /var/cache/squid
(needed so selinux doesn't block squid)
CODE
cd /etc/init.d
and create new file “squid”, I added the contents of this file to the end of this document since it is so long. This allows it to be run as a service seen by the OS.
edit squid.conf to enable the cache (cache_dir ufs /var/cache/squid 10000 32 512)
CODE
squid -z
to create the needed cache directories
Do not start squid service (yet)

At this point you can edit the /etc/squid/squid.conf as needed.

For ssl-bump:

Certificate related info
I created server side certs in /etc/squid/ssl/ (for use by squid) and the folder (for website/user certs) in /var/lib/squid_ssl_db. Another option is keep them in closer proximity, so instead of /var/lib/squid_ssl_db/, could use /etc/squid/cert/ssl_db/

CODE
mkdir /etc/squid/ssl/

CODE
cd /etc/squid/ssl/

CODE
openssl req -new -newkey rsa:1024 -days 9999 -nodes -x509 -keyout squid.key  -out squid.pem

CODE
openssl x509 -in squid.pem -outform DER -out squid.der


I set it below as 16MB since this will be used on a larger production server with a lot of users. For a home or small office, 4 or 8MB should be fine (4MB = around 1000 certificates):
CODE
/usr/lib64/squid/ssl_crtd -c -s /var/lib/squid_ssl_db -M 16MB


CODE
chown -R nobody /var/lib/squid_ssl_db

Do not start squid service (yet)






squid.conf additions for SSL-bump:

# These act like “IF” commands: if http, intercept from 3128 > 3129 and process; if https intercept from 3128 > 3130. The browser never sees these alternate ports, they are only used internally thus no need for iptables rules.
# Also with dansguardian involved, dansguardian sends info to squid via localhost:3128 so DG related info does not start until rule “http_port 3128” if I understand it correctly. Also the default http port for dansguardian is 8080 or 10101 so the proxy in the browser will need that port, and Secure Proxy as 3128 directly into squid (since dansguardian cannot handle secure sites).
# With the 3130 line, I set it below as 16MB since this will be used on a larger production server with a lot of users. For a home or small office, 4 or 8MB should be fine (4MB = around 1000 certificates).

CODE
http_port 3128 # this port is what will be used for SSL Proxy on client browser
http_port 3129 intercept
https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH

sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 16MB
sslcrtd_children 50 startup=5 idle=1
ssl_bump server-first all
ssl_bump none localhost


Do not start squid service (yet)



IPTABLES ENTRY:
Change if you plan to use another port above as primary port.
CODE
iptables -I INPUT 4 -p tcp -m tcp --dport 3128 -j ACCEPT

I prefer INPUT 4 as it puts it above most deny entries, and below the initial allow entries.

START squid
After all this, you can now “service squid start”


Squid as service
vim /etc/init.d/squid (should come back as new document in case of compiling from source)

CODE
#!/bin/bash
# chkconfig: - 90 25
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid.conf
#
### BEGIN INIT INFO
# Provides: squid
# Short-Description: starting and stopping Squid Internet Object Cache
# Description: Squid - Internet Object Cache. Internet object caching is \
#       a way to store requested Internet objects (i.e., data available \
#       via the HTTP, FTP, and gopher protocols) on a system closer to the \
#       requesting site than to the source. Web browsers can then use the \
#       local Squid cache as a proxy HTTP server, reducing access time as \
#       well as bandwidth consumption.
### END INIT INFO


PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

if [ -f /etc/sysconfig/squid ]; then
. /etc/sysconfig/squid
fi

# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-""}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
SQUID_PIDFILE_DIR="/var/run/squid"
SQUID_USER="squid"
SQUID_DIR="squid"

# determine the name of the squid binary
[ -f /usr/sbin/squid ] && SQUID=squid

prog="$SQUID"

# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
grep cache_dir | awk '{ print $3 }'`

RETVAL=0

probe() {
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1

[ `id -u` -ne 0 ] && exit 4

# check if the squid conf file is present
[ -f $SQUID_CONF ] || exit 6
}

start() {
# Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions.
if [ ! -d $SQUID_PIDFILE_DIR ]; then mkdir $SQUID_PIDFILE_DIR; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi
probe

parse=`$SQUID -k parse -f $SQUID_CONF 2>&1`
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
 echo -n $"Starting $prog: "
 echo_failure
 echo
 echo "$parse"
 return 1
fi
for adir in $CACHE_SWAP; do
 if [ ! -d $adir/00 ]; then
  echo -n "init_cache_dir $adir... "
  $SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
 fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
 timeout=0;
 while :; do
  [ ! -f /var/run/squid.pid ] || break
  if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
   RETVAL=1
   break
  fi
  sleep 1 && echo -n "."
  timeout=$((timeout+1))
 done
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}

stop() {
echo -n $"Stopping $prog: "
$SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
 $SQUID -k shutdown -f $SQUID_CONF &
 rm -f /var/lock/subsys/$SQUID
 timeout=0
 while :; do
  [ -f /var/run/squid.pid ] || break
  if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
   echo
   return 1
  fi
  sleep 2 && echo -n "."
  timeout=$((timeout+2))
 done
 echo_success
 echo
else
 echo_failure
 if [ ! -e /var/lock/subsys/$SQUID ]; then
  RETVAL=0
 fi
 echo
fi
rm -rf $SQUID_PIDFILE_DIR/*
return $RETVAL
}

reload() {
$SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF
}

restart() {
stop
rm -rf $SQUID_PIDFILE_DIR/*
start
}

condrestart() {
[ -e /var/lock/subsys/squid ] && restart || :
}

rhstatus() {
status $SQUID && $SQUID -k check -f $SQUID_CONF
}


case "$1" in
start)
start
;;

stop)
stop
;;

reload|force-reload)
reload
;;

restart)
restart
;;

condrestart|try-restart)
condrestart
;;

status)
rhstatus
;;

probe)
probe
;;

*)
echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}"
exit 2
esac

exit $?
PM
^
Screwballl
 Posted: Jun 29 2014, 04:51 PM
Quote Post


SLF Junior
**

Group: Members
Posts: 28
Member No.: 3067
Joined: 14-April 14









Squid version 3.4.6 (released 25 June 2014) and the process is the same, already tested on several servers.
PM
^
hermouche
 Posted: Dec 12 2014, 09:51 AM
Quote Post


SLF Newbie


Group: Members
Posts: 1
Member No.: 3309
Joined: 12-December 14









QUOTE (Screwballl @ Jun 18 2014, 02:49 AM)
Some of us need the options available in newer versions of squid (such as ssl-bump and other SSL related extras) that the current 3.1.10 available in the SL repo does not provide. This howto is how I was able to compile it from source.

NOTE: You need perl and a few other things to ensure this works.  The "yum install" items I show here were just items I needed myself (or added here just in case some of you need them), you may need more or less depending on your usage and current setup. Luckily yum is pretty tolerant, so if you already have some of these packages installed, it should just say "package already installed" and skip it.


cd to /usr/src/
CODE
wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.5.tar.gz


Usual build chain:
CODE
yum install perl gcc autoconf automake make openssl sudo wget


Extra pkgs for CentOS/SL based installs:
CODE
yum install libxml2-devel libcap-devel gcc gcc-c++ avr-gcc-c++

CODE
yum install libtool-ltdl-devel openssl-devel

CODE
yum install ksh perl-Crypt-OpenSSL-X509.x86_64


You could add all of these on one line, I just added them as configure and make errors presented themselves to me.

Extract source file:
CODE
tar -xvf squid-3.4.5.tar.gz

CODE
cd  squid-3.4.5

CODE
./configure '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl' '--enable-ssl-crtd' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig' –enable-ltdl-convenience


CODE
make
(this will probably take a while with all those options, took about 4 minutes with my newer dual core system, will take much longer on older systems)
CODE
make install


CODE
adduser -M squid

CODE
chown -R squid /var/log/squid

CODE
chmod 4755 /usr/lib64/squid/pinger

CODE
chown -R squid /var/cache/squid

CODE
restorecon /var/cache/squid
(needed so selinux doesn't block squid)
CODE
cd /etc/init.d
and create new file “squid”, I added the contents of this file to the end of this document since it is so long. This allows it to be run as a service seen by the OS.
edit squid.conf to enable the cache (cache_dir ufs /var/cache/squid 10000 32 512)
CODE
squid -z
to create the needed cache directories
Do not start squid service (yet)

At this point you can edit the /etc/squid/squid.conf as needed.

For ssl-bump:

Certificate related info
I created server side certs in /etc/squid/ssl/ (for use by squid) and the folder (for website/user certs) in /var/lib/squid_ssl_db. Another option is keep them in closer proximity, so instead of /var/lib/squid_ssl_db/, could use /etc/squid/cert/ssl_db/

CODE
mkdir /etc/squid/ssl/

CODE
cd /etc/squid/ssl/

CODE
openssl req -new -newkey rsa:1024 -days 9999 -nodes -x509 -keyout squid.key  -out squid.pem

CODE
openssl x509 -in squid.pem -outform DER -out squid.der


I set it below as 16MB since this will be used on a larger production server with a lot of users. For a home or small office, 4 or 8MB should be fine (4MB = around 1000 certificates):
CODE
/usr/lib64/squid/ssl_crtd -c -s /var/lib/squid_ssl_db -M 16MB


CODE
chown -R nobody /var/lib/squid_ssl_db

Do not start squid service (yet)






squid.conf additions for SSL-bump:

# These act like “IF” commands: if http, intercept from 3128 > 3129 and process; if https intercept from 3128 > 3130. The browser never sees these alternate ports, they are only used internally thus no need for iptables rules.
# Also with dansguardian involved, dansguardian sends info to squid via localhost:3128 so DG related info does not start until rule “http_port 3128” if I understand it correctly. Also the default http port for dansguardian is 8080 or 10101 so the proxy in the browser will need that port, and Secure Proxy as 3128 directly into squid (since dansguardian cannot handle secure sites).
# With the 3130 line, I set it below as 16MB since this will be used on a larger production server with a lot of users. For a home or small office, 4 or 8MB should be fine (4MB = around 1000 certificates).

CODE
http_port 3128 # this port is what will be used for SSL Proxy on client browser
http_port 3129 intercept
https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH

sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 16MB
sslcrtd_children 50 startup=5 idle=1
ssl_bump server-first all
ssl_bump none localhost


Do not start squid service (yet)



IPTABLES ENTRY:
Change if you plan to use another port above as primary port.
CODE
iptables -I INPUT 4 -p tcp -m tcp --dport 3128 -j ACCEPT

I prefer INPUT 4 as it puts it above most deny entries, and below the initial allow entries.

START squid
After all this, you can now “service squid start”


Squid as service
vim /etc/init.d/squid (should come back as new document in case of compiling from source)

CODE
#!/bin/bash
# chkconfig: - 90 25
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid.conf
#
### BEGIN INIT INFO
# Provides: squid
# Short-Description: starting and stopping Squid Internet Object Cache
# Description: Squid - Internet Object Cache. Internet object caching is \
#       a way to store requested Internet objects (i.e., data available \
#       via the HTTP, FTP, and gopher protocols) on a system closer to the \
#       requesting site than to the source. Web browsers can then use the \
#       local Squid cache as a proxy HTTP server, reducing access time as \
#       well as bandwidth consumption.
### END INIT INFO


PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

if [ -f /etc/sysconfig/squid ]; then
. /etc/sysconfig/squid
fi

# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-""}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
SQUID_PIDFILE_DIR="/var/run/squid"
SQUID_USER="squid"
SQUID_DIR="squid"

# determine the name of the squid binary
[ -f /usr/sbin/squid ] && SQUID=squid

prog="$SQUID"

# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
grep cache_dir | awk '{ print $3 }'`

RETVAL=0

probe() {
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1

[ `id -u` -ne 0 ] && exit 4

# check if the squid conf file is present
[ -f $SQUID_CONF ] || exit 6
}

start() {
# Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions.
if [ ! -d $SQUID_PIDFILE_DIR ]; then mkdir $SQUID_PIDFILE_DIR; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi
probe

parse=`$SQUID -k parse -f $SQUID_CONF 2>&1`
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
 echo -n $"Starting $prog: "
 echo_failure
 echo
 echo "$parse"
 return 1
fi
for adir in $CACHE_SWAP; do
 if [ ! -d $adir/00 ]; then
  echo -n "init_cache_dir $adir... "
  $SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
 fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
 timeout=0;
 while :; do
  [ ! -f /var/run/squid.pid ] || break
  if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
   RETVAL=1
   break
  fi
  sleep 1 && echo -n "."
  timeout=$((timeout+1))
 done
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}

stop() {
echo -n $"Stopping $prog: "
$SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
 $SQUID -k shutdown -f $SQUID_CONF &
 rm -f /var/lock/subsys/$SQUID
 timeout=0
 while :; do
  [ -f /var/run/squid.pid ] || break
  if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
   echo
   return 1
  fi
  sleep 2 && echo -n "."
  timeout=$((timeout+2))
 done
 echo_success
 echo
else
 echo_failure
 if [ ! -e /var/lock/subsys/$SQUID ]; then
  RETVAL=0
 fi
 echo
fi
rm -rf $SQUID_PIDFILE_DIR/*
return $RETVAL
}

reload() {
$SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF
}

restart() {
stop
rm -rf $SQUID_PIDFILE_DIR/*
start
}

condrestart() {
[ -e /var/lock/subsys/squid ] && restart || :
}

rhstatus() {
status $SQUID && $SQUID -k check -f $SQUID_CONF
}


case "$1" in
start)
start
;;

stop)
stop
;;

reload|force-reload)
reload
;;

restart)
restart
;;

condrestart|try-restart)
condrestart
;;

status)
rhstatus
;;

probe)
probe
;;

*)
echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}"
exit 2
esac

exit $?


Thank you very much for your post Screenballl,
Very interesting since i guess we can track the HTTPS in my college. Some student's are just by passing the proxy squid by using some proxy web site (VPN) !!!

However, i'm tryying to follow your post and I've got a problem whent i try to compile:

QUOTE
configure: error: in `/root/squid-3.4.5':
configure: error: C compiler cannot create executables


What could be the problem please?

I am using CentOS release 6.6 (Final)
Thanks a lot Screenballl. http://th166.photobucket.com/albums/u117/rdshear/Smiley%20Faces/th_smiley-face-thumbs-up.gif
PMEmail Poster
^
inittux
 Posted: Dec 29 2014, 01:39 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 279
Member No.: 953
Joined: 20-October 11









Do you have glibc-devel installed?


QUOTE

Thank you very much for your post Screenballl,
Very interesting since i guess we can track the HTTPS in my college. Some student's are just by passing the proxy squid by using some proxy web site (VPN) !!!

However, i'm tryying to follow your post and I've got a problem whent i try to compile:

QUOTE
configure: error: in `/root/squid-3.4.5':
configure: error: C compiler cannot create executables


What could be the problem please?

I am using CentOS release 6.6 (Final)
Thanks a lot Screenballl. http://th166.photobucket.com/albums/u117/rdshear/Smiley%20Faces/th_smiley-face-thumbs-up.gif

--------------------
PM
^
Screwballl
 Posted: Jan 27 2015, 04:34 PM
Quote Post


SLF Junior
**

Group: Members
Posts: 28
Member No.: 3067
Joined: 14-April 14









I have also tested this with squid 3.4.7 and the newest 3.5.1 as well, process is the same, just need to modify the name of the original file download, everything else is the same.

No differences on doing this with SL6.5 versus 6.6.
PM
^
peace
 Posted: Aug 17 2016, 03:27 PM
Quote Post


SLF Newbie


Group: Members
Posts: 1
Member No.: 3744
Joined: 17-August 16









QUOTE (Screwballl @ Jun 29 2014, 08:51 AM)
Squid version 3.4.6 (released 25 June 2014) and the process is the same, already tested on several servers.


This is very good post. I followed everything and was able to install squid-3.4.5 and http is working but when i try https it throws following message in access.log :

CODE
1471102901.348      0 192.168.74.107 TAG_NONE/400 4037 NONE error:invalid-request - HIER_NONE/- text/html


Can you please help me what changes i need to make in this case?

Thanks!!
PM
^
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll