Private Island Networks Inc.

Build Squid 5 on Ubuntu 20.04 Linux from Source

We build Squid Version 5 from source (Git) on Ubuntu Linux and show some basic examples on how to use it.

Overview

The Squid caching proxy is an excellent, long established open source project with an active mail list. Aside from the core proxy and cache functionality, Squid is also great for managing, filtering, & analyzing HTTP and HTTPS accesses. An example of this is using a content filter to either rewrite or redirect URLs, and a typical application for this is blocking tracking sites and objectionable content, such as porn. If you're interested in this application, you may want to review our article Basic Python Squid Redirector / Rewriter for Content Filtering / Ad blocking for an example implementation.

Install from Source

Squid can be installed on Ubuntu using apt, but we want to experiment with the configuration options and source, so we build it from its repository on Github

Below we clone the Squid repo and build the latest from the beta version 5 branch.

$ cd /build  # this is where we build our code
$ git clone https://github.com/squid-cache/squid.git squid
Cloning into 'squid'...

$ cd squid
$ git branch -r
  origin/HEAD -> origin/master
  ...
  origin/v3.5
  origin/v4
  origin/v5

$ git checkout v5
Branch 'v5' set up to track remote branch 'v5' from 'origin'.
Switched to a new branch 'v5'

$ ./bootstrap.sh 
automake (1.16.1) : automake
autoconf (2.69) : autoconf
libtool  (2.4.6) : libtool
libtool path : /usr/bin
Bootstrapping 
parallel-tests: installing 'cfgaux/test-driver'
Fixing configure recursion
Autotool bootstrapping complete.

$ mkdir build; cd build
$ pwd
/build/squid/build

Now it's time to configure our build. Note that there are many available configuration options, and a good starting point to exploring them is configure --help.

$ ../configure --prefix=/opt/squid --with-default-user=squid --enable-ssl --disable-inlined \
--disable-optimizations --enable-arp-acl --disable-wccp --disable-wccp2 --disable-htcp \
--enable-delay-pools --enable-linux-netfilter --disable-translation --disable-auto-locale \
--with-logdir=/opt/squid/log/squid --with-pidfile=/opt/squid/run/squid.pid

...
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands

Let's build the code and install it to /opt/squid as specified above during configure

$ make

$ make install   # no need for sudo since we're installing to our own /opt/squid

$ ls /opt/squid
bin  etc  libexec  log  run  sbin  share  var

Important Files and Folders

File/Folder Purpose
etc/squid.conf Squid configuration file
log/squid/access.log, log/squid/cache.log Squid log files

Squid Runtime Configuration

Change the default configuration by editing etc/squid.conf. Note that the default squid.conf configuration provided by the 5.0 branch may be sufficient for basic testing and use.

Configure the devices / subnet allowed access.

acl localnet src 192.168.3.0/24

http_access allow localnet

Find the http_port tag. By default it is set to port 3128. This is the port that Squid will listen to for requests. You will also need to set this port in your browser when you configure the browser's proxy.

# Squid normally listens to port 3128
http_port 3128

Now create a squid user and give it permissions to write to various folders under /opt/squid:

$ sudo adduser squid

$ mkdir -p /opt/squid/log
$ sudo chown -R squid:squid /opt/squid/log
$ sudo chown -R squid:squid /opt/squid/var
$ sudo chown -R squid:squid /opt/squid/run 

Running Squid

su as squid and start squid:

$ su squid
$ /opt/squid/sbin/squid
	
$ ps -e | grep squid
10486 ?        00:00:00 squid
10501 ?        00:00:00 squid

$ more /opt/squid/log/squid/cache.log 
2021/06/30 10:42:24 kid1| Set Current Directory to /opt/squid/var/cache/squid
2021/06/30 10:42:24 kid1| Starting Squid Cache version 5.0.6-VCS for x86_64-pc-linux-gnu...
2021/06/30 10:42:24 kid1| Service Name: squid
2021/06/30 10:42:24 kid1| Process ID 98677
2021/06/30 10:42:24 kid1| Process Roles: worker
2021/06/30 10:42:24 kid1| With 1024 file descriptors available
2021/06/30 10:42:24 kid1| Initializing IP Cache...
2021/06/30 10:42:24 kid1| DNS Socket created at [::], FD 7
2021/06/30 10:42:24 kid1| DNS Socket created at 0.0.0.0, FD 8
2021/06/30 10:42:24 kid1| Adding nameserver XX.XX.XX.XX from /etc/resolv.conf
2021/06/30 10:42:24 kid1| Logfile: opening log daemon:/opt/squid/log/squid/access.log
2021/06/30 10:42:24 kid1| Logfile Daemon: opening log /opt/squid/log/squid/access.log
2021/06/30 10:42:24 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2021/06/30 10:42:24 kid1| Store logging disabled
2021/06/30 10:42:24 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2021/06/30 10:42:24 kid1| Target number of buckets: 1008
2021/06/30 10:42:24 kid1| Using 8192 Store buckets
2021/06/30 10:42:24 kid1| Max Mem  size: 262144 KB
2021/06/30 10:42:24 kid1| Max Swap size: 0 KB
2021/06/30 10:42:24 kid1| Using Least Load store dir selection
2021/06/30 10:42:24 kid1| Set Current Directory to /opt/squid/var/cache/squid
2021/06/30 10:42:24 kid1| Finished loading MIME types and icons.
2021/06/30 10:42:24 kid1| Squid plugin modules loaded: 0
2021/06/30 10:42:24 kid1| Adaptation support is off.
2021/06/30 10:42:24 kid1| Accepting HTTP Socket connections at conn3 local=[::]:3128 remote=[::] FD 11 flags=9
2021/06/30 10:42:25 kid1| storeLateRelease: released 0 objects

When you make changes to squid.conf, you can run a reconfigure:

$ /opt/squid/sbin/squid -k reconfigure

Testing Squid

Log into a Linux host, configure use of a proxy on the command line, and perform a get. Note that below our Squid proxy is running on 192.168.3.75, and we're testing it from 192.168.3.44.

$ export http_proxy=192.168.3.75:3128

$ $ wget http://example.com
--2021-06-30 10:50:17--  http://example.com/
Connecting to 192.168.3.75:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: 1256 (1.2K) [text/html]
Saving to: ‘index.html’
...

You can view Squid activity by viewing access.log. If configured for native format, each line will be written as shown below. Further information on the log format can be found here.

1625064617.247     46 192.168.3.20 TCP_MISS/200 1673 GET http://example.com/ - HIER_DIRECT/93.184.216.34 text/html

There are a lot of very interesting things that you can do with Squid. We plan to expand this article to show some of them (e.g., replacing header fields).

References

Didn't find an answer to your question? Post your issue below or in our new FORUM, and we'll try our best to help you find a solution.

And please note that we update our site daily with new content related to our open source approach to network security and system design. If you would like to be notified about these changes, then please join our mailing list.

Related articles on this site:

share
subscribe to mailing list:

Date: July 30, 2021

Author: jonas

Comment:

You forgot something important, that many guides does.. The required packages for compilation.. What do I need to install (libs, pkg?) to make the compilation work?

Date: Oct. 7, 2021

Author: naa

Comment:

thanks. good guide. on debian I had to install libltdl-dev and use user proxy instead of squid then I copied distro provided squid systemd unit: systemctl --force --full edit squid5 # /etc/systemd/system/squid5.service ## Copyright (C) 1996-2019 The Squid Software Foundation and contributors ## ## Squid software is distributed under GPLv2+ license and includes ## contributions from numerous individuals and organizations. ## Please see the COPYING and CONTRIBUTORS files for details. ## [Unit] Description=Squid 5 Web Proxy Server Documentation=man:squid(8) After=network.target network-online.target nss-lookup.target [Service] Type=exec PIDFile=/opt/squid/var/run/squid.pid ExecStartPre=/opt/squid/sbin/squid --foreground -z ExecStart=/opt/squid/sbin/squid --foreground -sYC ExecReload=/bin/kill -HUP $MAINPID KillMode=mixed User=proxy [Install] WantedBy=multi-user.target

Date: Oct. 7, 2021

Author: naa

Comment:

also installed libtool-bin

Date: Oct. 7, 2021

Author: naa

Comment:

I had to change type to 'exec' from 'forking' and add '--foreground' to 'ExecStart=' or else with old squid3 systemd service config copypasted, starting service would hang.

Date: Oct. 7, 2021

Author: naa

Comment:

a nice useful followup would be git and re-build steps to update it when a new v5 commit happens upstream.

Date: Nov. 13, 2022

Author: Eldar

Comment:

Hi,I have a question, please tell me how to install Authentication helper program(for example:basic_ncsa_auth) during building the code?

Add a new comment here or reply to one above:

your email address will be kept private
authenticate with a 3rd party for enhanced features, such as image upload
previous month
next month
Su
Mo
Tu
Wd
Th
Fr
Sa
loading