Spent this evening installing the Squid proxy server. This will provide a local cache of accessed web pages and page components, hopefully speeding up Internet access all round. There is good documentation, in the Squid wiki, and here and here. That’s a good thing because it has a formidable conf file, though thankfully most of it can be left as it comes out of the box. However, Debian makes it very easy for you, if you
apt-get install squid
it will install all the necessary files, create the disk cache, install and start the squid daemon. In order to get a working slug system you just need a few edits to
the /etc/squid/squid.conf file:
-
1. Pick a port for squid to listen on, 8080 seems to be favourite
http_port 8080
-
2. Allow access to machines on your network (obviously use your IP addresses)!
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
acl our_networks src 192.168.1.1-192.168.1.100
http_access allow our_networks
http_access allow localhost
-
3. If you have the disk space, increase the size of Squid’s cache files (here 500Mb):
cache_dir ufs /var/spool/squid 500 16 256
-
4. If you want to, identify yourself as the webmaster:
cache_mgr bofh@slugspalace.org
-
5. and then restart Squid:
/etc/init.d/squid restart
You can either set up the proxy name in the preferences for each browser or for all browsers in the system preferences (Mac OSX), something like
192.168.1.77:8080
if you are using a fixed IP address for your slug.
An easy way to check that the cache is being used is to enter a non-existent URL in the browser, you will get an error message which is obviously from the proxy if its working OK.
By default Squid will log every URL entered by every user on your network in /var/log/squid/* . Once you are happy it is working OK you need to decide whether or not to keep doing this. If you decide to respect their privacy you can stop the logging by replacing the logfile names with none in squid.conf .
There’s lots more stuff you can do if you really want to:
-
• set up a proxy.pac to ‘autoconfigure’ browsers
-
• make the proxy totally transparent using iptables
-
• block certain machines from accessing the Internet
-
• block certain sites
but I’ think I’m going to leave mine where it is for now.