pain medication

Home > How To, Software > How To: Install and configure Squid on Mac OS X

How To: Install and configure Squid on Mac OS X

September 27th, 2009 Leave a comment Go to comments

What is Squid?
Squid is a caching proxy server for the web.
Whether you’re using it at home for just a few machines, or at an office for thousands of machines, it’s reliable, can help save bandwidth, and most importantly is relatively simple to get running.

Requirements

  • Xcode Tools must be installed, as you will be compiling Squid from its source code. Xcode Tools is available on you Mac OS X Install discs, and also from http://developer.apple.com/
  • Knowledge of the command line interface
  • Administrator access

Installation and Configuration

1. Download the Squid source code from here: http://www.squid-cache.org/. Follow the links and download the latest stable release. This guide was written for Squid v3.0 Stable 19  (.tar.gz download), but later versions will most likely follow the same process.

2. Open Terminal and cd to the location you downloaded the file to:

cd ~/Downloads

3. Extract the archive:

tar zxvf squid-3.0.STABLE19.tar.gz

4. Go into the squid source code directory:

cd squid-3.0.STABLE19

5. Run the configure script, with the location of the squid installation. I always use the below, because it separates the squid install into a specific directory instead of sprawling files all over the system (which makes it harder to remove later, if you need to)

./configure –prefix=/usr/local/squid

6. Compile squid with the following command:

make all

7. Install squid with the following command:

sudo make install

8. Now that squid is installed, it needs some configuring:

cd /usr/local/squid/etc/

9. Edit the default configuration file:

sudo vi squid.conf

10. Add an ACL to allow all hosts on your network to use squid. Locate the line:

http_access allow localnet

Add the following line above it:

http_access allow all

11. Set the cache_dir (the location to store the cache files). Locate the line:

# cache_dir ufs /usr/local/squid/var/cache 100 16 256

Uncomment the line, and change the path to one of your choosing. E.g.:

cache_dir ufs /Volumes/Misc/var/cache 5000 16 256

12. The default maximum_object_size is 4MB. This means squid will only cache files smaller than 4MB. Not very helpful if you’re downloading large files (specifically, software updates). Locate the line:

# maximum_object_size 4096 KB

Change the line to something more appropriate for your needs. E.g.:

maximum_object_size 214096 KB

13. By default, squid will allow go into a “shutdown pending” mode if it receives a SIGTERM or SIGHUP. This tends to make the Mac shutdown process pause for some time while it waits for Squid to exit. I’ve worked around this by changing this line:

# shutdown_lifetime 30 seconds

# shutdown_lifetime 30 seconds

to this:

shutdown_lifetime 2 seconds

14. Set other options as necessary.

15. Ensure the cache directory exists, and that permissions are correct. By default, squid will run as “nobody”, so the cache directory and those under it need permission to access it.

cd /Volumes/Misc/var/

sudo mkdir cache

sudo chown -R nobody:nobody cache

16. Ensure the log directory exists, and that permissions are correct. Squid will be logging to /usr/local/squid/var/logs.

sudo mkdir /usr/local/squid/var/logs

sudo chown nobody /usr/local/squid/var/logs

17. Start squid for the first time manually. This is required in order for it to create the necessary cache directories:

cd /usr/local/squid/sbin

sudo ./squid -z

18. Squid will create the cache directories and then exit.

19. Start squid in the foreground and test it out. Configure a web browser to use the proxy server localhost:3128, then run squid again:

sudo ./squid

20. If you can access the web via the proxy, then you’re all set. Otherwise, review settings and check the logs (/usr/local/squid/var/logs/ – cache.log and access.log)

21. Stop squid, as we’ll now configure it to run at startup:

sudo ./squid -k shutdown

ps -ef | grep squid

22. Download this file: http://maxpowerindustries.com/files/org.squid.squid.plist

23. Locate the file and copy it to /Library/LaunchDaemons.

24. Fix permissions on the startup item:

cd /Library/LaunchDaemons

sudo chown -R root:wheel Squid

sudo chmod 644 org.squid.squid.plist

25. Restart your Mac and confirm that Squid is running once it starts back up. Open Terminal, and run:

ps -ef | grep squid

26. Configure other machines on your network to use Squid.

That’s pretty much it for a basic config on Mac OS X for a home user. It’s functional, but by no means completely secure and optimised.

Its worth configuring squid log rotations as well, since the logs can grow quickly. Setting up a cron job to run ‘/usr/local/squid/sbin/squid -k rotate’ will overcome this. If you want to archive the logs, you might want to set up your own scripts to do this.

  1. Eddie
    October 29th, 2009 at 17:03 | #1

    thanx for the ‘HowTo’ doco.
    Any suggestions on how to implement SquidProxy in transparent mode on Mac OSX Server and Mac clients classroom environment.
    cheers!

  2. Chris
    January 22nd, 2010 at 04:45 | #2

    @Eddie

    I’d love to know that too.. looking at setting up squid on a number of Xserves in a school environment and I would love to know where to start on this…. any info would be great.

    Cheers!

  3. GUiLTY
    July 10th, 2011 at 09:38 | #3

    Me too! +1

  4. June 23rd, 2012 at 13:42 | #4

    I have a problem with installing squid 2.7 stable 9. I already chmod to nobody the var and cache folder. It’s running fine, it’s creating the swap dir, no errors but it won’t cache. There is no hit, and my cache folder always the same. Any idea?

  5. December 1st, 2012 at 07:42 | #5

    Thankyou very much Dangelovich for your post. 2012 almost over and still helping people. After a lot of research I incorporated some options on the compile to make it run better on the MAC, particularly the –disable-eui because it is not supported on the MAC and it gave me tons of error in the cache.log. The –enable-async-io permits using the AUFS filesystem which works much better in a multiprocessing machine.

    cache_dir aufs /Volumes/Misc/var/cache 5000 16 256

    The –enable-removal-policies permits adding to the squid.conf

    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF

    which should help optimizing memory for fast hits and hardrive for bandwith savings.

    Mine is a MacMiniServer Quadcore i7 (squid 3.2.3) and I can get it to process 50 http requests per second. When it hits 60 the client_http.all_median_svc_time degrades to 0.27s. I wonder if running Ubuntu would give me better performance than Lion Server. Has anybody compared Linux to Mac OS for performance?

    MY ./CONFIGURE LINE:
    ==============
    ./configure –prefix=/usr/local/squid –enable-url-rewrite-helpers –enable-build-info –enable-async-io –enable-removal-policies=heap,lru –enable-snmp –disable-eui

    MY FULL SQUID.CONF
    ==============

    # ==============================
    # Recommended minimum configuration:
    # ==============================

    # Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
    acl localnet src 190.14.233.128/27
    acl localnet src fc00::/7 # RFC 4193 local private network range
    acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

    acl SSL_ports port 443
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT

    # If you want to exclude some site from Cache, use following
    acl NoCache dstdomain .youtube.com
    cache deny NoCache

    acl PURGE method PURGE
    http_access allow PURGE localhost
    http_access deny PURGE

    # ==============================
    # Transparent Mode & Example ACL
    # ==============================
    http_port 3128 accel vhost allow-direct
    # http_port 8080
    shutdown_lifetime 2 seconds

    # Only allow cachemgr access from localhost
    http_access allow localhost manager
    http_access deny manager
    http_access allow localnet
    http_access allow localhost
    http_access deny all

    #
    # Deny requests to certain unsafe ports
    http_access deny !Safe_ports
    #
    # Deny CONNECT to other than secure SSL ports
    http_access deny CONNECT !SSL_ports

    # We strongly recommend the following be uncommented to protect innocent
    # web applications running on the proxy server who think the only
    # one who can access services on “localhost” is a local user
    http_access deny to_localhost
    #
    # Uncomment and adjust the following to add a disk cache directory.
    # cache_dir ufs /usr/local/squid/var/cache/squid 48000 16 256
    cache_dir aufs /usr/local/squid/var/cache/squid 64000 16 256
    cache_dir aufs /Volumes/Datos/var/cache 64000 16 256

    store_avg_object_size 150 kB
    minimum_object_size 5 KB
    maximum_object_size 256 MB
    maximum_object_size_in_memory 128 KB
    cache_mem 2500 MB
    cache_swap_low 98
    cache_swap_high 99

    dns_timeout 20 seconds
    dns_nameservers 200.24.7.20 200.110.169.20
    ipcache_size 16384
    ipcache_low 90
    ipcache_high 95

    #============================================================$
    # SNMP , if you want to generate graphs for SQUID via MRTG
    #============================================================
    #acl snmppublic snmp_community gl
    #snmp_port 3401
    #snmp_access allow snmppublic all
    #snmp_access allow all

    #============================================================
    #ZPH , To enable cache content to be delivered at full lan speed, bypass the queue at MT.
    #============================================================
    #tcp_outgoing_tos 0x30 all
    #zph_mode tos
    #zph_local 0x30
    #zph_parent 0
    #zph_option 136

    # Warning por si HTTP Service time muy largo, high page faults
    high_response_time_warning 400 # milliseconds
    high_page_fault_warning 10 # page faults per second

    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF

    # Leave coredumps in the first cache dir
    coredump_dir /Volumes/Mini/var/cache

    # Accelrators (Working SQUID.CONF 2.7 Example!)
    max_filedescriptors 65536
    fqdncache_size 16384
    memory_pools off
    retry_on_error on
    offline_mode off
    pipeline_prefetch on

    # ==============================
    # Updates y Youtube: Range Requests ó abortos antes de terminar de bajar
    # ==============================
    # para que baje un range request desde el principio lo que empieza en 2 MB
    # range_offset_limit 2 MB
    # no baja mas de lo que el usuario pide
    range_offset_limit 0
    # si ya bajó 90% e interrumpe continúe bajando
    quick_abort_pct 90
    # -1 para que siempre continúe bajando lo que se interrumpe
    quick_abort_min 2 MB
    # si interrumpe y queda mas que esto aborte bajada. -1 para que siempre baje
    quick_abort_max 2 MB

    # ==============================
    # Add one of these lines for each of the websites you want to cache.
    # ==============================
    refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 432000 reload-into-ims
    refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 432000 reload-into-ims
    refresh_pattern -i windowsupdate.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 432000 reload-into-ims
    refresh_pattern -i update.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 432000 reload-into-ims
    refresh_pattern -i download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 432000 reload-into-ims
    refresh_pattern -i http://www.download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 432000 reload-into-ims
    refresh_pattern -i avast.com/.*\.(vpu|vpaa) 4320 100% 432000 reload-into-ims
    refresh_pattern symantecliveupdate.com/.*\.(zip|exe) 43200 100% 432000 reload-into-ims

    #=============================
    # Refresh Rate Patterns : zaib
    #=============================
    refresh_pattern -i \.flv$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.mp3$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.mp4$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.swf$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.gif$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.jpg$ 10080 90% 10080
    refresh_pattern -i \.jpeg$ 10080 90% 10080
    refresh_pattern -i \.exe$ 10080 90% 10080 override-expire override-lastmod reload-into-ims

    # 1 year = 525600 mins, 1 month = 10080 mins, 1 day = 1440
    refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 10080 90% 10080 ignore-private override-expire override-lastmod reload-into-ims
    refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 10080 90% 10080 ignore-private override-expire override-lastmod reload-into-ims
    refresh_pattern \.(ico|video-stats) 10080 90% 10080 override-expire ignore-private ignore-auth override-lastmod
    refresh_pattern \.etology\? 10080 90% 10080 override-expire ignore-no-cache
    refresh_pattern galleries\.video(\?|sz) 10080 90% 10080 override-expire ignore-no-cache
    refresh_pattern brazzers\? 10080 90% 10080 override-expire ignore-no-cache
    refresh_pattern \.adtology\? 10080 90% 10080 override-expire ignore-no-cache
    refresh_pattern ^.*safebrowsing.*google 10080 90% 10080 override-expire ignore-no-cache ignore-private ignore-auth
    refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 10080 90% 10080 override-expire
    refresh_pattern ytimg\.com.*\.jpg 10080 90% 10080 override-expire
    refresh_pattern images\.friendster\.com.*\.(png|gif) 10080 90% 10080 override-expire
    refresh_pattern garena\.com 10080 90% 10080 override-expire reload-into-ims
    refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 10080 90% 10080 override-expire
    refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 10080 90% 10080 ignore-no-cache override-expire override-lastmod
    refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 10080 90% 10080 reload-into-ims override-expire ignore-private
    refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 10080 90% 10080 reload-into-ims override-expire
    refresh_pattern ^http:\/\/www.onemanga.com.*\/ 10080 90% 10080 reload-into-ims override-expire
    refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9]) 10080 90% 10080 override-expire ignore-private ignore-auth override-lastmod

    #images facebook
    refresh_pattern -i \.facebook.com.*\.(jpg|png|gif) 10080 90% 10080 override-expire
    refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 10080 90% 10080 override-expire
    refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 10080 90% 10080 override-expire
    refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 10080 90% 10080 override-expire

    #All File
    refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 10080 90% 10080 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar) 10080 90% 10080 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 10080 90% 10080
    refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob) 10080 90% 10080 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 90% 10080 override-expire override-lastmod reload-into-ims

    refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern ^ftp: 10080 95% 10080 override-lastmod reload-into-ims
    refresh_pattern . 1400 40% 10080

    # ==============================
    # Add any of your own refresh_pattern entries above these.
    # ==============================
    #refresh_pattern ^ftp: 1440 20% 10080
    #refresh_pattern ^gopher: 1440 0% 1440
    #refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
    #refresh_pattern . 0 20% 4320

  1. September 8th, 2010 at 11:32 | #1