Compile and install Squid 2.7 on Red Hat Enterprise Linux 3 ES (RHEL3)

May 17, 2010

I recently had a client with an old install of Squid 2.5-STABLE3 on their RHEL3 box. They were suffering from various issues specific to the old release of Squid. Namely issues with SSL and the following error in the cache.log file:

sslReadServer: FD XX: read failure: (104) Connection reset by peer

Given the age of Squid 2.5, I wanted to upgrade the server to Squid 2.7 but there were no pre-made packages available. So I decided to compile Squid from source myself. These instructions assume you already have Squid 2.5-STABLE3 installed.

First, download and install the required RHEL3 packages (GCC Compiler + OpenSSL development libraries)

up2date --get gcc openssl-devel
up2date --install gcc openssl-devel

Download the latest Squid source from squid-cache.org

wget http://www.squid-cache.org/Versions/v2/2.7/squid-2.7.STABLE9.tar.gz

Extract

tar -xzvf squid-2.7.STABLE9.tar.gz

Change to the extracted directory

cd squid-2.7.STABLE9

Configure with SSL and transparent proxy support (if applicable). Although this particular server does listen for https requests transparently, I have included the necessary configure options if you require SSL.

Options specifically for RHEL can be found here. Initially I noticed that configure was failing to include ssl.h due to not being able to find a kerberos file (krb5.h) so thanks to this site I was able to add the additional options needed for kerberos.

./configure --prefix=/usr --includedir=/usr/include --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid --enable-ssl --enable-linux-netfilter CFLAGS='-I/usr/local/ssl/include' CCFLAGS='-I-I/usr/local/ssl/include' CPPFLAGS='-I/usr/kerberos/include -I/usr/local/ssl/include' LDFLAGS='-L/usr/kerberos/lib -L/usr/local/ssl/lib'

Compile

make

Now is a good time to stop the original Squid 2.5 process if you haven’t already.

/etc/init.d/squid stop

Install

make install

Squid 2.7 is now installed.

Since this server already had Squid 2.5 installed, and I was too lazy to start with a fresh Squid 2.7 config file (/etc/squid/squid.conf.default), I had to uncomment many of the assumed defaults from the original Squid 2.5 config file (/etc/squid/squid.conf), this may not be applicable if you already have a customised squid.conf. These are the specific lines I had to uncomment specific to default file locations in RHEL:

  • cache_dir ufs /var/spool/squid 5000 16 256 (use appropriate swap file for your configuration, 5000 = 5GB)
  • cache_access_log /var/log/squid/access.log
  • cache_access_log /var/log/squid/access.log
  • cache_log /var/log/squid/cache.log
  • cache_store_log /var/log/squid/store.log
  • pid_filename /var/run/squid.pid
  • cache_effective_user squid
  • cache_effective_group squid

If you are running a transparent proxy, any references to httpd_accel_port, httpd_accel_host, httpd_accel_with_proxy and httpd_accel_uses_host_header will need to be removed from /etc/squid/squid.conf as these are depreciated settings. In Squid 2.7, a transparent proxy is now defined by adding transparent to the http_port part of the config file. For example:

http_port 3128 transparent

Once complete, start Squid!

/etc/init.d/squid start

tags: , , ,
posted in Linux, Server by Sam Kendall

Follow comments via the RSS Feed | Leave a comment | Trackback URL

Leave Your Comment

 
Powered by Wordpress and MySQL. Theme by Shlomi Noach, openark.org