Installing Squid with the delay pools
As I mentioned before, Squid has a feature called delay pools, which allows us to control download bandwidth. Unfortunately, in most distributions, Squid is shipped without that feature.So if you have Squid already installed, I must disappoint you -- you need to uninstall it and do it once again with delay pools enabled in the way I explain below.
To get maximum performance from our Squid proxy, it's best to create a separate partition for its cache, called /cache/. Its size should be about 300 megabytes, depending on our needs.
If you don't know how to make a separate partition, you can create the /cache/ directory on a main partition, but Squid performance can suffer a bit.
We add a safe 'squid' user:
# useradd -d /cache/ -r -s /dev/null squid >/dev/null 2>&1
No one can log in as squid, including root.
We download Squid sources from http://www.squid-cache.org
When I was writing this HOWTO, the latest version was Squid 2.4 stable 1:
squid-2.4.STABLE1-src.tar.gz
We unpack everything to /var/tmp:
# tar xzpf squid-2.4.STABLE1-src.tar.gz
We compile and install Squid (everthing is in one line):
# ./configure --prefix=/opt/squid --exec-prefix=/opt/squid --enable-delay-pools --enable-cache-digests --enable-poll --disable-ident-lookups --enable-truncate --enable-removal-policies
# make all
# make install
Configuring Squid to use the delay pools feature
Configure our squid.conf file (located under /opt/squid/etc/squid.conf):#squid.conf
#Every option in this file is very well documented in the original squid.conf file
#and on http://www.visolve.com/squidman/Configuration%20Guide.html
#
#The ports our Squid will listen on
http_port 8080
icp_port 3130
#cgi-bins will not be cached
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
#Memory the Squid will use. Well, Squid will use far more than that.
cache_mem 16 MB
#250 means that Squid will use 250 megabytes of disk space
cache_dir ufs /proxy 250 16 256
redirect_rewrites_host_header off
cache_replacement_policy GDSF
acl localnet src 192.168.1.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 80 443 210 119 70 21 1025-65535
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
http_access allow localnet
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT
http_access deny all
maximum_object_size 3000 KB
store_avg_object_size 50 KB
#all our LAN users will be seen by external servers
#as if they all use Mozilla on Linux :)
anonymize_headers deny User-Agent
fake_user_agent Mozilla/5.0 (X11; U; Linux 2.4.4 i686)
#To make our connection even faster, we put a line similar
#to the one below. Don't forget to change the server to your closest!
#Measure pings, traceroutes and so on.
#Make sure that http and icp ports are correct
#cache_peer w3cache.icm.edu.pl parent 8080 3130 no-digest default
#This is useful when we want to use the Cache Manager
#copy cachemgr.cgi to cgi-bin of your www server
cache_mgr your@email
cachemgr_passwd secret_password all
#This is a name of a user our Squid will work as
cache_effective_user squid
cache_effective_group squid
log_icp_queries off
buffered_logs on
#####DELAY POOLS
#This is the most important part for shaping incoming traffic with Squid
#For detailed description see squid.conf file or docs at http://www.squid-cache.org
#We don't want to limit downloads on our local network
acl magic_words1 url_regex -i 192.168
#We want to limit downloads of these type of files
#Put this all in one line
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt
.ram .rm .iso .raw .wav
#We don't block .html, .gif, .jpg and similar files, because they
#generally don't consume much bandwidth
#We have two different delay_pools
delay_pools 2
#First delay pool
#W don't want to delay our local traffic
#There are three pool classes; here we will deal only with the second
delay_class 1 2
#-1/-1 mean that there are no limits
delay_parameters 1 -1/-1 -1/-1
#magic_words1: 192.168
delay_access 1 allow magic_words1
#Second delay pool
#we want to delay downloading files mentioned in magic_words2
delay_class 2 2
#The numbers here are values in bytes;
#we must remember that Squid doesn't consider start/stop bits
#6000/150000 are values for the whole network
#5000/150000 are values for the single IP
#after downloaded files exceed about 150000 bytes,
#they will continue to download at about 5000 bytes/s
delay_parameters 2 6000/150000 5000/150000
delay_access 2 allow magic_words2
#EOF
OK, when we have configured everything, we must make sure everything under /opt/squid and /cache directories belongs to user 'squid'.
# chown -R squid:squid /opt/squid/
# chown -R squid:squid /cache/
or
# chown -R squid.squid /opt/squid/
# chown -R squid.squid /cache/
Now everything is ready to run Squid. When we do it for the first time, we have to create its cache directories:
# /opt/squid/usr/bin/squid -z
We run Squid and check if everything is working. A good tool to do that is IPTraf; you can find it on http://freshmeat.net. Make sure you have set the appropriate proxy in your web browsers (192.168.1.1, port 8080 in our example):
# /opt/squid/usr/bin/squid
If everything is working, we add /opt/squid/usr/bin/squid line to the end of our initializing scripts. Usually, it can be /etc/rc.d/rc.local.
Other helpful options in Squid may be:
# /opt/squid/usr/bin/squid -k reconfigure (it reconfigures Squid if we made any changes in its squid.conf file)
# /opt/squid/usr/bin/squid -help :) self-explanatory
You can also copy cachemgr.cgi to the cgi-bin directory of your WWW server.
