Notice: Undefined offset: 1 in /usr/local/src/wordpress/wp-content/themes/montezuma/includes/parse_php.php on line 79

HowTo: Cache Web Objects with Squid

Squid

~~   Forward   ~~

Be kind to the Internet.   Practice good web hygiene and help yourself at the same time.   Squid is a venerable web object caching server, which optimizes the data flow between your browser and that distant webserver to improve performance and cache frequently-used content to save bandwidth.

I run most of my daemons (services) on my biggest machine, which is the Home Theater PeeCee.   From there I extend the ports of these daemons to remote client machines using reverse SSH tunnels, so I can use those remote services as if they were local.

It’s easy.

~~   Server Configuration   ~~

This HowTo is Debian-centric, and I’m assuming you’ve converted your Debian system from sysv to the systemd init system, as Debian is moving to this.

ON THE SERVER MACHINE

# apt-get install squid3 lsof command-not-found
# systemctl enable squid
# squid -z
# systemctl restart squid

This will install the Squid daemon and get it running, but it is not optimized yet.   We want it to withhold all headers except those we authorize.   Headers give away everything from your name to MAC to OS and so on.   Also it would be interesting to surf around masquerading as a Google spider, wouldn’t it?   Admins check their logs and ‘oh, here’s a Googlebot’.   So we have to make some changes to /etc/squid/squid.conf.

Make yours like mine over here.   Or just put mine in place of yours.   I know it’s 7,081 lines long, but you only have to care about the lines without a #, and you only have to do this once.

Be sure to change ‘acl localnet src’ down at line 900 (turn on line numbering in KWrite|Settings), to match your LAN’s class C.

Header anonymization starts at line 4315, denying all, then allowing selectively.   It’s all set to allow headers which log you in to forums automatically, and deny much of the information leakage.

Save, and:
# systemctl restart squid
# lsof -i -n -P |grep 3128

squid 4236 proxy 4u IPv4 49302 0t0 TCP 127.0.0.1:3128 (LISTEN)

Good, it’s running, and listening on port 3128/tcp. (If not, check /var/log/squid3/cache.log)   Now let’s test it.   First start your browser and fly to
proxydetect.com
… you will find about what you expected.   It knows who you are, what you’re running, and so on.

Now set Squid as your proxy.   In Firefox/Iceweasel this is
hamburger (those 3 lines for menu)|Preferences|Advanced|Network|Settings and Manual

– HTTP Proxy: 127.0.0.1:3128
– Use this proxy for all: checked.
– {OK}
And now reload the website:
proxydetect.com

Different story now ain’t it?   Not only does it think you’re a G**gle spider, but what you can’t see is that many more headers are being withheld which leak information about you.   As you use Squid day to day, your page load times will improve as the cache self-optimizes.

~~   Client Configuration   ~~

So, we have Squid running on the Server machine, now we want to extend its service to other machines on the LAN, securely.   We do this with reverse SSH tunnels.   Please follow my article there to extend the Squid port to other machines.   Once you set it up, it will always stay set up.

~~   Troubleshooting   ~~

If you check
# systemctl status squid
… and part of it is:
Apr 17 12:52:21 jarmano squid[4061]: Starting Squid Cache version 3.3.8 for x86_64-unknown-l…u…
Apr 17 12:52:21 jarmano squid[4061]: chdir: /var/spool/squid: (2) No such file or directory
Apr 17 12:52:21 jarmano systemd[1]: squid.service: Supervising process 4061 which is not our…its.

… it’s not created your caching directory for some reason.   So:
# squid -z
# chown -R proxy:proxy /var/spool/squid
# systemctl restart squid
# systemctl status squid

… and see if it’s OK now.

,'after' => '

') )