30.

sudo mv /etc/squid/squid.conf /etc/squid/squid.conf.bkp

31.

sudo nano /etc/squid/squid.conf

32.

Please read about all the directives here. You must understand what you’re doing.

I’ll only explain a few.

#These are default.
acl all src 0.0.0.0/0.0.0.0
acl CONNECT method CONNECT
acl localhost src 127.0.0.1/255.255.255.255
acl manager proto cache_object
cache_effective_user nobody
	
#This one is obviously for squirm.
redirect_program /usr/local/squirm/bin/squirm
redirect_children 500
	
#Cache log is usually relatively small, so you
#better leave it enabled for troubleshooting.
cache_log /var/log/squid/cache.log
	
#access log, on the other hand is very fast growing.
#enable it only for debugging.
#access_log /var/log/squid/access.log
access_log none
	
#the same goes for the cache store log.
#cache_store_log /var/log/squid/store.log
cache_store_log none
	
#and also for the useragent - unless you need it.
#useragent_log /var/log/squid/useragent.log
	
#No need to keep more than 2 logs, unless you want to.
logfile_rotate 1
	
#I removed all of my real IPs and hostnames, so I'm gonna use fake ones.
dns_nameservers 10.0.0.5
	
#Read about these.
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 1024 KB
	
#Where and how to store cached files.
# 15000 = 15GB
cache_dir coss /var/spool/squid/coss 15000 block-size=1024 max-size=1MB
cache_swap_log /var/spool/squid/%s
	
#I have 2GB RAM, you should make cache_mem according to your hardware.
cache_mem 1024 MB
	
#Read about these.
memory_pools on
client_persistent_connections on
memory_pools_limit 50 MB
maximum_object_size 10 MB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off
	
#The commented out options below are for HTTP/1.1,
#I didn't have the time yet to test it in production.
pid_filename /var/run/squid.pid
#via off
max_filedescriptors 65536
#ignore_expect_100 on
#server_http11 on
relaxed_header_parser on
	
#This one is important, so that you don't cache for
#default 5 min 503 and such responses. Maybe you'd want
#to increase the value though.
negative_ttl 1 second
	
#these are default.
acl purge method PURGE
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 210         # wais
acl Safe_ports port 21          # ftp
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 631         # cups
acl Safe_ports port 70          # gopher
acl Safe_ports port 777         # multiling http
acl Safe_ports port 80          # http
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl SSL_ports port 443 563      # https, snews
acl SSL_ports port 873          # rsync
acl to_localhost dst 127.0.0.0/8
coredump_dir /var/spool/squid
hierarchy_stoplist cgi-bin ?
hosts_file /etc/hosts
http_access allow localhost
http_access allow manager localhost
http_access allow purge localhost
	
#This line is also waiting for me to turn on the HTTP/1.1
#http_port 80 vhost http11
http_port 80 vhost
	
#cache peers are your backbone servers and other squids in your setup.
#I'm only using backbone.
cache_peer 10.1.1.1 parent 80 0 originserver name=server1 no-query no-digest
acl GOOD3 dst 10.1.1.1
http_access allow GOOD3
cache_peer_access server1 allow GOOD3
	
cache_peer 10.1.1.2 parent 80 0  name=server2 originserver no-digest
acl GOOD2 dst 10.1.1.2
http_access allow GOOD2
cache_peer_access server2 allow GOOD2
	
#If you need SNMP. Set your string.
snmp_port 127
acl snmppublic snmp_community public
snmp_access allow snmppublic all
	
acl BAD dst 0.0.0.0/0.0.0.0
http_access deny BAD
	
http_access deny CONNECT !SSL_ports
http_access deny manager
http_access deny purge
http_access deny !Safe_ports
	
http_reply_access allow all
icp_access allow all
	
#This one is also important, as we had some bad loads
#on the backbone, until we decided to ignore the reload requests.
#You should set the expiration date to each page on the webserver though.
refresh_pattern -i ^http://www.website.com  14400   80%  43200 ignore-reload
refresh_pattern [/]                            14400   80%  43200 ignore-reload
refresh_pattern -i somestring                  14400   80%  43200 negative-ttl=3600
refresh_pattern -i string2             14400   80%  43200 ignore-reload
refresh_pattern -i string3                    14400   80%  43200 ignore-reload
refresh_pattern .               0       20%    4320
refresh_pattern ^ftp:           1440    20%    10080
refresh_pattern ^gopher:        1440    0%     1440
	
#change this also.
visible_hostname server-squid7
	
connect_timeout 120 second
read_timeout 60 second
request_timeout 30 second
pconn_timeout 120 second

And once again, read about each and every directive, so that you understand exactly what you’re doing. It’s possible you don’t need some of what I’ve used or do need some I haven’t.

33.

We also use the hosts file to relate to our backend servers.

sudo nano /etc/hosts

34.

10.1.1.1   www.website.com
10.1.1.2   another.website.com
	
#the upper part should look like that:
#(change the hostname \"server-squid7\" to the right one!)
127.0.0.1       localhost server-squid7
127.0.1.1       server-squid7

35.

Let’s configure squirm:

sudo nano /usr/local/squirm/etc/squirm.conf

36.

begin
network 0.0.0.0/0
log logs/match.log
#abort-log logs/private-abort.log
pattern common.patterns all
end
	
# uncomment the \"log\" after the test!

37.

This is the regex we use. Enter the right one for you. What it does is take any file that has the extensions mentioned below and cuts everything that comes after the extension. This way the squid can cache them and use them (usefull if you have the same file coming with autogenerated query string after the extension).

Be very careful here as this one is only suited for our setup!

Plus, you may want to read about new squid directives concerning rewrites. Maybe using squirm is not necessary anymore.

sudo nano /usr/local/squirm/etc/common.patterns

regexi ^(.*)\.swf\?.*$ \1.swf .swf
regexi ^(.*)\.gif\?.*$ \1.gif .gif
regexi ^(.*)\.jpg\?.*$ \1.jpg .jpg
regexi ^(.*)\.flv\?.*$ \1.flv .flv

38.

sudo chmod -R 775 /usr/local/squirm

39.

Let’s set up the webmin.

sudo nano /etc/squid/cachemgr.conf

40.

localhost:80

41.

squid -z

this creates the cache.

42.

sudo /etc/init.d/squid start

we should check the cache.log to see when it’s done creating the cache. it’s supposed to take 6 min with cache dir of this size.

sudo tail -100 /var/log/squid/cache.log

Now, let’s test it.