subject:"\[squid\-users\] Building squid \| Best Practices\?"

Re: [squid-users] Building squid | Best Practices?

2015-09-26 Thread Howard Waterfall

Hey guys back at it. I expect that Linux issues are really a much bigger
problem for me than squid!

I'm running into this problem now:

/var/run/squid3.pid: (13) Permission denied

I know it's a permission problem, but not sure the optimal way of fixing it.

I created user 'proxy' and group 'squid' to run squid:

sudo addgroup --system squid
sudo adduser --system --no-create-home --group proxy squid

And I set up my build config accordingly:

--with-default-user=proxy

but 'proxy' does not have access to /var/run:

lrwxrwxrwx 1 root root /var/run

This explains why /var/run/squid3.pid cannot be written, but I'm not sure
simply changing ownership of /var/run to 'proxy' is the best approach given
that squid is not the only service that accesses that folder. I'm thinking
that I should configure the build differently.

In order to see what configurations are used in the distro package, I
installed it:

sudo apt-get install squid

and had a look at the output of:

squid3 -v

These setting are troubling for me:

--prefix=/usr
--localstatedir=/var
--with-swapdir=/var/spool/squid3
--with-logdir=/var/log/squid3
--with-pidfile=/var/run/squid3.pid
--datadir=/usr/share/squid3
--mandir=/usr/share/man'
--sysconfdir=/etc
--sysconfdir=/etc/squid3

Yes --sysconfdir is defined twice! Regardless of that, wouldn't it better
to set them up this way:

--prefix=/usr
--localstatedir=${prefix}/var
--with-swapdir=${localstatedir}/spool/squid3
--with-logdir=${localstatedir}/log/squid3
--with-pidfile=${localstatedir}/run/squid3.pid
--datadir=${prefix}/share/squid3
--mandir=${prefix}/share/man'
--sysconfdir=${prefix}/etc/squid3

I'm not positive about this directive:

--sysconfdir=${prefix}/etc/squid3

that may be better left as:

--sysconfdir=/etc/squid3

I am curious about the others though. If what I've said makes sense, I'll
update my build config that way and make one more change:

--prefix=/proxy

Thanks
Deiter

On Mon, Sep 7, 2015 at 6:44 PM, Amos Jeffries  wrote:

> On 8/09/2015 10:10 a.m., Eliezer Croitoru wrote:
> > Hey Howard,
> >
> > I forgot to mention that squid uses the directory "/var/run/squid" as
> > the IPC directory which should be owned by the proxy or squid
> > user(depends on the OS).
> > From what you have mentioned squid tries to access some directory and is
> > getting denied by permissions.
> > Please Don't run squid with a "-n" option if possible, it will limit
> > your options to using only one worker(which is the default and is OK in
> > most basic cases).
>
> No. The -N (upper case) means that. On Ubuntu the -N was needed for
> Upstart integration (now defunct in the custom build).
>
> Not to be confused with -n (lower case) which means a multi-tenant /
> multi-instance named service is being used.
>
> Amos
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Building squid | Best Practices?

2015-09-07 Thread Amos Jeffries

On 8/09/2015 6:32 a.m., Howard Waterfall wrote:
> Rafael / Amos -
> I got my system up and running yesterday. Thanks so much for the help. I
> couldn't get some of the suggestions that Amos made to work, but they did
> after running some of the commands on Rafael's wiki, so a real team effort!
> 
> After getting it up and running, I found that mac address filtering was not
> working. On closer inspection I found that I was running v3.3.8. I guess
> that’s the version my new Ubuntu install (14.04.03 LTS) uses with:
> 
> sudo apt-get install squid
> 
> 
> I decided to try and build the latest version of squid from source and I
> ran into some more problems I cannot solve, so some follow up questions
> 
> 1) Earlier in the thread, Amos suggested I run:
> 
> apt-get build-dep squid
> 
> 
> to install the packages needed to build squid. That’s just the dependencies
> though right; I still need the squid source code? Sorry if that seems
> obvious, just want to make sure I’m not missing something.
> 
> 2) I downloaded squid-3.5.8.tar.xz. I captured the configure options from
> my current v3.3.8 squid install using:
> 
> squid3 -v
> 
> 
> but it led to errors when building v3.5.8, for example:
> 
> '--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'.
> 
> 
> 
> I suppose it’s not surprising given it’s such an old version, so I went
> through them all and used the ones I thought made most sense for me. I got
> it to build. Here’s the squid3 -v output from my v3.5.8 build:
> 
> Squid Cache: Version 3.5.8
> Service Name: squid
> configure options:  '--prefix=/mysquid' '--enable-arp-acl'
> '--localstatedir=/var' '--libexecdir=/lib/squid3' '--datadir=/share/squid3'
> '--sysconfdir=/etc/squid3' '--with-default-user=proxy'
> '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid'
> '--build=arm-linux-gnueabihf' '--includedir=/include' '--mandir=/share/man'
> '--infodir=/share/info' '--srcdir=.' '--enable-basic-auth-helpers=DB'
> 'build_alias=arm-linux-gnueabihf'
> 
> 
> Here are the problems:
> 
> a) I had to change the owner of /var/log/squid3 from root to proxy:
> 
> sudo chown proxy /var/log/squid3
> 
> 
> Not a big deal I guess, but why can’t make install take care of the
> permissions?
> 

It should be. Thanks, I will look into it.

> b) It doesn’t start as a service and there’s no squid file in:
> 
> /etc/init.d/
> 
> 
> so I cannot make the DAEMON= and CONFIG= variables point at my custom
> /mysquid/sbin/squid and /etc/squid3/squid.conf (I’ll change the
> --sysconfdir config parameter to /mysquid/etc/squid3 in a future build)
> 

That script is part of the OS packaging. You will have to pull a copy of
it out of the official package.



> c) There’s no error when I run:
> 
> /mysquid/sbin/squid -k parse
> 
> 
> but when I run:
> 
> /mysquid/sbin/squid -NCd1
> 
> 
> I get:
> 
> FATAL: Ipc::Mem::Segment::create failed to
> shm_open(/squid-cf__metadata.shm): (13) Permission denied
> 

For this you need to "mount /dev/shm" on Debian/Ubuntu systems.

Before you start Squid make sure that there is no other Squid running,
and that the directory is empty of squid things.


> d) The configuration file:
> 
> /etc/squid3/squid.conf
> 
> 
> is a lot different! For example I cannot find:
> 
> cache_effective_user
> 
> 
> Can you point me to the updated documentation for configuring squid?

You dont need it now :-). Build option --with-default-user=proxy causes
"cache_effective_user proxy" to be the built-in default. The only use
that directive has is when sharing your build with someone else who
doesn't want 'proxy' as their low-privilege user account.

All directives not listed in squid.conf are optional and most of the
documentation has been removed to squid.conf.documented and online at
. What remains is the bare
essentials and recommended security settings for a simple LAN proxy.

Squid should work fine with just the default config file. If it doesn't
that problem needs fixing before anything more complicated get added.
The usualy first issues are making sure the LAN ranges are in the
localnet ACL definition, the /dev/shm mounted, and nothing else running
on Squid listening port.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Building squid | Best Practices?

2015-09-07 Thread Amos Jeffries

On 8/09/2015 9:57 a.m., Howard Waterfall wrote:
> Thanks Eliezer.
> 
> Looking at my notes, I'm pretty sure that:
> 
> *apt-get build-dep squid*
> 
> was a typo and I actually did
> 
> *apt-get build-dep squid3*
> 
> Is there something in the output I provided that confirms it's actually
> squid and not squid3? It built OK...
> 

In the lates few Ubuntu it should not matter. The two package names are
aliases for each other now, with the same underlying sources and build
dependencies.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Building squid | Best Practices?

2015-09-07 Thread Eliezer Croitoru


Hey Howard,

I forgot to mention that squid uses the directory "/var/run/squid" as 
the IPC directory which should be owned by the proxy or squid 
user(depends on the OS).
From what you have mentioned squid tries to access some directory and 
is getting denied by permissions.
Please Don't run squid with a "-n" option if possible, it will limit 
your options to using only one worker(which is the default and is OK in 
most basic cases).
Try to take advantage of the cache.log file to get the relevant 
information about an issue.
I am recommending it since squid is designed to run in a "daemon" like 
mode and in most cases this is how it is defined.


Eliezer

On 08/09/2015 00:57, Howard Waterfall wrote:

Thanks Eliezer.

Looking at my notes, I'm pretty sure that:

*apt-get build-dep squid*

was a typo and I actually did

*apt-get build-dep squid3*

Is there something in the output I provided that confirms it's actually
squid and not squid3? It built OK...


I enabled deb-src because when I did:

*apt-get build-dep squid3*


I got:

*You must put some 'source' uris in your sources.list*


In the meantime, I'll purge and try again and follow your wiki a little
more closely.

Cheers,
Howard

On Mon, Sep 7, 2015 at 1:58 PM, Eliezer Croitoru 
wrote:


Hey Howard,

On 07/09/2015 21:32, Howard Waterfall wrote:


1) Earlier in the thread, Amos suggested I run:

apt-get build-dep squid



You would need to use the "squid3" and not "squid" since this is the
package ubuntu builds squid for.
so the command should be:
apt-get build-dep squid3

I have seen you enabled deb-src in your sources.list file.
This is the opposite to the requirements.
You must have a deb-src that will have "squid3" sources in it.
If you try "squid" it(apt-get) assumes that you know what package you want
and in a case you it can't find sources for that package it will tell you
that it needs a relevant deb-src.
All that is irrelevant since you have used the wrong package.

There is also a big different between building a basic squid to a more
advanced squid which supports all sorts of helpers.
The manual way of compiling as I showed in the past at:
http://ubuntuforums.org/showthread.php?t=1847884

I had a init script for ubuntu somewhere but it kind of got lost in a data
loss couple years ago.
You can however install squid3, copy the init script and then purge it or
just download the source package(mentioned in diladele article)that
includes the init script.

All The Bests,
Eliezer

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users





___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Building squid | Best Practices?

2015-09-07 Thread Amos Jeffries

On 8/09/2015 10:10 a.m., Eliezer Croitoru wrote:
> Hey Howard,
> 
> I forgot to mention that squid uses the directory "/var/run/squid" as
> the IPC directory which should be owned by the proxy or squid
> user(depends on the OS).
> From what you have mentioned squid tries to access some directory and is
> getting denied by permissions.
> Please Don't run squid with a "-n" option if possible, it will limit
> your options to using only one worker(which is the default and is OK in
> most basic cases).

No. The -N (upper case) means that. On Ubuntu the -N was needed for
Upstart integration (now defunct in the custom build).

Not to be confused with -n (lower case) which means a multi-tenant /
multi-instance named service is being used.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Building squid | Best Practices?

2015-09-07 Thread Eliezer Croitoru


Hey Howard,

On 07/09/2015 21:32, Howard Waterfall wrote:

1) Earlier in the thread, Amos suggested I run:

apt-get build-dep squid


You would need to use the "squid3" and not "squid" since this is the 
package ubuntu builds squid for.

so the command should be:
apt-get build-dep squid3

I have seen you enabled deb-src in your sources.list file.
This is the opposite to the requirements.
You must have a deb-src that will have "squid3" sources in it.
If you try "squid" it(apt-get) assumes that you know what package you 
want and in a case you it can't find sources for that package it will 
tell you that it needs a relevant deb-src.

All that is irrelevant since you have used the wrong package.

There is also a big different between building a basic squid to a more 
advanced squid which supports all sorts of helpers.

The manual way of compiling as I showed in the past at:
http://ubuntuforums.org/showthread.php?t=1847884

I had a init script for ubuntu somewhere but it kind of got lost in a 
data loss couple years ago.
You can however install squid3, copy the init script and then purge it 
or just download the source package(mentioned in diladele article)that 
includes the init script.


All The Bests,
Eliezer
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Building squid | Best Practices?

2015-09-07 Thread Howard Waterfall

Rafael / Amos -
I got my system up and running yesterday. Thanks so much for the help. I
couldn't get some of the suggestions that Amos made to work, but they did
after running some of the commands on Rafael's wiki, so a real team effort!

After getting it up and running, I found that mac address filtering was not
working. On closer inspection I found that I was running v3.3.8. I guess
that’s the version my new Ubuntu install (14.04.03 LTS) uses with:

sudo apt-get install squid


I decided to try and build the latest version of squid from source and I
ran into some more problems I cannot solve, so some follow up questions

1) Earlier in the thread, Amos suggested I run:

apt-get build-dep squid


to install the packages needed to build squid. That’s just the dependencies
though right; I still need the squid source code? Sorry if that seems
obvious, just want to make sure I’m not missing something.

2) I downloaded squid-3.5.8.tar.xz. I captured the configure options from
my current v3.3.8 squid install using:

squid3 -v


but it led to errors when building v3.5.8, for example:

'--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'.



I suppose it’s not surprising given it’s such an old version, so I went
through them all and used the ones I thought made most sense for me. I got
it to build. Here’s the squid3 -v output from my v3.5.8 build:

Squid Cache: Version 3.5.8
Service Name: squid
configure options:  '--prefix=/mysquid' '--enable-arp-acl'
'--localstatedir=/var' '--libexecdir=/lib/squid3' '--datadir=/share/squid3'
'--sysconfdir=/etc/squid3' '--with-default-user=proxy'
'--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid'
'--build=arm-linux-gnueabihf' '--includedir=/include' '--mandir=/share/man'
'--infodir=/share/info' '--srcdir=.' '--enable-basic-auth-helpers=DB'
'build_alias=arm-linux-gnueabihf'


Here are the problems:

a) I had to change the owner of /var/log/squid3 from root to proxy:

sudo chown proxy /var/log/squid3


Not a big deal I guess, but why can’t make install take care of the
permissions?

b) It doesn’t start as a service and there’s no squid file in:

/etc/init.d/


so I cannot make the DAEMON= and CONFIG= variables point at my custom
/mysquid/sbin/squid and /etc/squid3/squid.conf (I’ll change the
--sysconfdir config parameter to /mysquid/etc/squid3 in a future build)

c) There’s no error when I run:

/mysquid/sbin/squid -k parse


but when I run:

/mysquid/sbin/squid -NCd1


I get:

FATAL: Ipc::Mem::Segment::create failed to
shm_open(/squid-cf__metadata.shm): (13) Permission denied


It didn’t help to make the owner of the "squid-cf*" files to
cache_effective_user as suggested in an online post:

*-rw--- 1 proxy mysquid   8 Sep  7 09:31
/dev/shm/squid-cf__metadata.shm*

*-rw--- 1 proxy mysquid 8216 Sep  7 09:31 /dev/shm/squid-cf__queues.shm*

*-rw--- 1 proxy mysquid   44 Sep  7 09:31
/dev/shm/squid-cf__readers.shm*


d) The configuration file:

/etc/squid3/squid.conf


is a lot different! For example I cannot find:

cache_effective_user


Can you point me to the updated documentation for configuring squid?

Thanks,
Deiter



On Sun, Aug 30, 2015 at 12:15 PM, Amos Jeffries 
wrote:

> On 31/08/2015 5:27 a.m., Howard Waterfall wrote:
> > Thanks again, this is valuable information!
> >
> > As you may have guessed, I'm asking about the user that should do builds
> to
> > ensure that the build outputs are created with the appropriate
> permissions
> > - I get a little concerned about security. It sounds like you are
> > suggesting that I simply create a directory for my custom builds:
> >
> > I assign the --prefix option to the folder I create, so my build output
> > goes there, and then I make sure the permissions for that folder (and
> it's
> > sub-directories) are set for the user defined by *cache_effective_user*
> (and
> > the user defined by the ./configure option --*with-default-user*). Could
> > you confirm?
>
> Ah, no.
>
> You set ownership of the /proxy folder to whoever amongst the local
> machine user accounts you want to have the ability to build and alter
> the custom Squid binaries etc. Pretty much Admin powers over Squid.
>
> The make process should install the sub-folders with correct permissions
> for the users that will be involved at run-time.
>
> Running the init script / squid as root will take care of the rest.
>
> [ "the rest" being:
>
> The init script runs as root and starts the 'master process' with root
> privileges. That process creates the run-time files and logs etc with
> correct permissions for the effective-user account to access.
>
> The effective-user account is the low-privilege one named in
> --with-default-user and can read/exec the things it needs but not write
> outside the few things the master has explicitly given it ownership of
> (ie those run-time PID file, logs).
>
> ]
>
> PS.
>  You do not need to work with both --with-default-user and
>

Re: [squid-users] Building squid | Best Practices?

2015-08-30 Thread Howard Waterfall

+squid-users

Thanks again, this is valuable information!

As you may have guessed, I'm asking about the user that should do builds to
ensure that the build outputs are created with the appropriate permissions
- I get a little concerned about security. It sounds like you are
suggesting that I simply create a directory for my custom builds:

I assign the --prefix option to the folder I create, so my build output
goes there, and then I make sure the permissions for that folder (and it's
sub-directories) are set for the user defined by *cache_effective_user* (and
the user defined by the ./configure option --*with-default-user*). Could
you confirm?

Finally (I hope), I've re-installed Ubuntu (various reasons, not just squid
issues) and I successfully installed squid using:
*sudo apt-get install squid3*

Squid wasn't found the first time:
*E: Unable to locate package squid3*

I had to run this first:
*sudo apt-get update*

However, when I try *apt-get build-dep squid,* I get:
*You must put some 'source' uris in your sources.list*

I can't seem to get over this problem. I've un-commented every line in
*/etc/apt/sources.list* that starts with deb-src.

Could you suggest a repository that I can add to */etc/apt/sources.list*?

Thanks,
Deiter

On Sun, Aug 30, 2015 at 5:54 AM, Amos Jeffries squ...@treenet.co.nz wrote:

 On 30/08/2015 1:07 p.m., Howard Waterfall wrote:
  Great stuff thanks a lot! Excellent timing too just getting ready to do
 the
  make. I'll follow your suggestions. A couple of follow ups:
 
  When doing the make (including ./configure), do I have to be running as
  root or some particular user? I set up a squid user and user group and
 also
  a squidadm user group...

 You dont for the ./configure part.

 Make might need it to overwrite system files during the install part if
 you choose to replace the system files in-place. But that is just
 another reason to use a custom /proxy folder for the installation, which
 wont need root.


 
  Finally I noticed that configure didn't have -x permissions with 3.5.7. I
  guess I'll have to change that out of the gate...
 

 Hmm. Yes it should have -x permissions. Thanks for that I will have to
 double-check the 3.5.8 release.

 Amos


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Building squid | Best Practices?

2015-08-30 Thread Rafael Akchurin

Hello Howard,

This is how we rebuild default Squid 3.3.8 in Ubuntu 14.01 to enable HTTPS 
filtering - 
http://docs.diladele.com/administrator_guide_4_2/installation_and_removal/ubuntu14/squid.html
Hope the scripts can be easily adapted to build the latest Squid instead of the 
stock one.

Best regards,
Rafael Akchurin
Diladele B.V.

From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Howard Waterfall
Sent: Sunday, August 30, 2015 7:42 PM
To: Amos Jeffries squ...@treenet.co.nz
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Building squid | Best Practices?

+squid-users

Thanks again, this is valuable information!

As you may have guessed, I'm asking about the user that should do builds to 
ensure that the build outputs are created with the appropriate permissions - I 
get a little concerned about security. It sounds like you are suggesting that I 
simply create a directory for my custom builds:

I assign the --prefix option to the folder I create, so my build output goes 
there, and then I make sure the permissions for that folder (and it's 
sub-directories) are set for the user defined by cache_effective_user (and the 
user defined by the ./configure option --with-default-user). Could you confirm?

Finally (I hope), I've re-installed Ubuntu (various reasons, not just squid 
issues) and I successfully installed squid using:
sudo apt-get install squid3

Squid wasn't found the first time:
E: Unable to locate package squid3

I had to run this first:
sudo apt-get update

However, when I try apt-get build-dep squid, I get:
You must put some 'source' uris in your sources.list

I can't seem to get over this problem. I've un-commented every line in 
/etc/apt/sources.list that starts with deb-src.

Could you suggest a repository that I can add to /etc/apt/sources.list?

Thanks,
Deiter

On Sun, Aug 30, 2015 at 5:54 AM, Amos Jeffries 
squ...@treenet.co.nzmailto:squ...@treenet.co.nz wrote:
On 30/08/2015 1:07 p.m., Howard Waterfall wrote:
 Great stuff thanks a lot! Excellent timing too just getting ready to do the
 make. I'll follow your suggestions. A couple of follow ups:

 When doing the make (including ./configure), do I have to be running as
 root or some particular user? I set up a squid user and user group and also
 a squidadm user group...

You dont for the ./configure part.

Make might need it to overwrite system files during the install part if
you choose to replace the system files in-place. But that is just
another reason to use a custom /proxy folder for the installation, which
wont need root.



 Finally I noticed that configure didn't have -x permissions with 3.5.7. I
 guess I'll have to change that out of the gate...


Hmm. Yes it should have -x permissions. Thanks for that I will have to
double-check the 3.5.8 release.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Building squid | Best Practices?

2015-08-29 Thread Amos Jeffries

On 29/08/2015 12:52 p.m., Howard Waterfall wrote:
 Ubuntu 14.04
 
 Squid 3.5.5
 
 Hi -
 
 I've successfully installed, configured and run squid 3.5.5 w/o a problem
 using:
 
 sudo apt-get install squid
 
 I want to filter by mac address though, so I purged that install and
 re-built squid with the *--enable-arp-acl* flag. I installed using make
 install.
 

It seems the documentation is outdated. EUI support is built into
current Squid by default.

Note however that ARP and MAC/EUI-48 is an IPv4-only feature and does
not work on complex networks anyway due to how ARP operates. IPv6 uses
other mechanisms to route packets.


 This is when the problems begin. I've summarized that in a separate thread:
 
 http://lists.squid-cache.org/pipermail/squid-users/2015-August/005232.html
 
 I wonder if there's a way to simply *avoid* all those problems.

There is. At least its simple for someone used to custom building.


step 1) Purge your custom build and reinstall the distro package.

If this is just for the ARP. That should be enough.


If you want other custom features continue with ...

step 2) run apt-get build-dep squid to install the packages needed to
build squid yourself.

step 3) Use squid -v to identify the system-specific build options.


If you build Squd now with the options straight from -v the make
install step will replace the existing package files with updated copies.

Note that Upgrading the system package later will in turn replace your
custom build in the same way. So this is mostly useful for custom builds
to fix/patch temporary bugs you expect the system package to fix later.
Or if you use aptitudes 'hold' feature.

But, there are more steps below..

 
 A couple of questions:
 
 
1. My build configuration is below. After building and installing, squid
ended up here: */usr/local/squid/sbin*. I think that's the same place *sudo
apt-get install squid *puts it right?

That /usr/local is the default location for user-built programs in *NIX
and *BSD operating systems. System provided packages go elsewhere.

Debian/Ubuntu has a different package layout as well. The squid -v step
above will provide you with the build options needed to setup for that
layout properly.



2. Given I had no problems with *sudo apt-get install squid*, is the
best practice to install squid using that method and arrange for my builds
to install squid to a different location and simply copy it over?


If you just want to keep the Squid installation separate from the system
package. Then the FS layout does not matter. Just...


 
 Thanks,
 
 Deiter
 
 ./configure --prefix=/usr --localstatedir=/var
 --libexecdir=${prefix}/lib/squid3 --srcdir=.
 --datadir=${prefix}/share/squid3 --sysconfdir=/etc/squid3
 --with-default-user=proxy --with-logdir=/var/log
 --with-pidfile=/var/run/squid.pid --enable-arp-acl
 


step 4) run mkdir /proxy (or whatever you want to call it)

step 5) change that --prefix option to /proxy

The make install should then create everything which makes up Squid
inside /proxy.

step 6) edit the /etc/init.d/squid script DAEMON= and CONFIG= variables
to point at your custom /proxy/sbin/squid and /proxy/etc/squid/squid.conf


The system package upgrades will then not affect your customizations.


Thats how I do it anyway :-)

Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Building squid | Best Practices?

2015-08-29 Thread Howard Waterfall

Great stuff thanks a lot! Excellent timing too just getting ready to do the
make. I'll follow your suggestions. A couple of follow ups:

When doing the make (including ./configure), do I have to be running as
root or some particular user? I set up a squid user and user group and also
a squidadm user group...

Finally I noticed that configure didn't have -x permissions with 3.5.7. I
guess I'll have to change that out of the gate...

Cheers,
Deiter

On Sat, Aug 29, 2015, 5:32 PM Amos Jeffries squ...@treenet.co.nz wrote:

 On 29/08/2015 12:52 p.m., Howard Waterfall wrote:
  Ubuntu 14.04
 
  Squid 3.5.5
 
  Hi -
 
  I've successfully installed, configured and run squid 3.5.5 w/o a problem
  using:
 
  sudo apt-get install squid
 
  I want to filter by mac address though, so I purged that install and
  re-built squid with the *--enable-arp-acl* flag. I installed using make
  install.
 

 It seems the documentation is outdated. EUI support is built into
 current Squid by default.

 Note however that ARP and MAC/EUI-48 is an IPv4-only feature and does
 not work on complex networks anyway due to how ARP operates. IPv6 uses
 other mechanisms to route packets.


  This is when the problems begin. I've summarized that in a separate
 thread:
 
 
 http://lists.squid-cache.org/pipermail/squid-users/2015-August/005232.html
 
  I wonder if there's a way to simply *avoid* all those problems.

 There is. At least its simple for someone used to custom building.


 step 1) Purge your custom build and reinstall the distro package.

 If this is just for the ARP. That should be enough.


 If you want other custom features continue with ...

 step 2) run apt-get build-dep squid to install the packages needed to
 build squid yourself.

 step 3) Use squid -v to identify the system-specific build options.


 If you build Squd now with the options straight from -v the make
 install step will replace the existing package files with updated copies.

 Note that Upgrading the system package later will in turn replace your
 custom build in the same way. So this is mostly useful for custom builds
 to fix/patch temporary bugs you expect the system package to fix later.
 Or if you use aptitudes 'hold' feature.

 But, there are more steps below..

 
  A couple of questions:
 
 
 1. My build configuration is below. After building and installing,
 squid
 ended up here: */usr/local/squid/sbin*. I think that's the same place
 *sudo
 apt-get install squid *puts it right?

 That /usr/local is the default location for user-built programs in *NIX
 and *BSD operating systems. System provided packages go elsewhere.

 Debian/Ubuntu has a different package layout as well. The squid -v step
 above will provide you with the build options needed to setup for that
 layout properly.



 2. Given I had no problems with *sudo apt-get install squid*, is the
 best practice to install squid using that method and arrange for my
 builds
 to install squid to a different location and simply copy it over?


 If you just want to keep the Squid installation separate from the system
 package. Then the FS layout does not matter. Just...


 
  Thanks,
 
  Deiter
 
  ./configure --prefix=/usr --localstatedir=/var
  --libexecdir=${prefix}/lib/squid3 --srcdir=.
  --datadir=${prefix}/share/squid3 --sysconfdir=/etc/squid3
  --with-default-user=proxy --with-logdir=/var/log
  --with-pidfile=/var/run/squid.pid --enable-arp-acl
 


 step 4) run mkdir /proxy (or whatever you want to call it)

 step 5) change that --prefix option to /proxy

 The make install should then create everything which makes up Squid
 inside /proxy.

 step 6) edit the /etc/init.d/squid script DAEMON= and CONFIG= variables
 to point at your custom /proxy/sbin/squid and /proxy/etc/squid/squid.conf


 The system package upgrades will then not affect your customizations.


 Thats how I do it anyway :-)

 Amos
 ___
 squid-users mailing list
 squid-users@lists.squid-cache.org
 http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Building squid | Best Practices?

2015-08-28 Thread Howard Waterfall

Ubuntu 14.04

Squid 3.5.5

Hi -

I've successfully installed, configured and run squid 3.5.5 w/o a problem
using:

sudo apt-get install squid

I want to filter by mac address though, so I purged that install and
re-built squid with the *--enable-arp-acl* flag. I installed using make
install.

This is when the problems begin. I've summarized that in a separate thread:

http://lists.squid-cache.org/pipermail/squid-users/2015-August/005232.html

I wonder if there's a way to simply *avoid* all those problems.

A couple of questions:


   1. My build configuration is below. After building and installing, squid
   ended up here: */usr/local/squid/sbin*. I think that's the same place *sudo
   apt-get install squid *puts it right?
   2. Given I had no problems with *sudo apt-get install squid*, is the
   best practice to install squid using that method and arrange for my builds
   to install squid to a different location and simply copy it over?

Thanks,

Deiter

./configure --prefix=/usr --localstatedir=/var
--libexecdir=${prefix}/lib/squid3 --srcdir=.
--datadir=${prefix}/share/squid3 --sysconfdir=/etc/squid3
--with-default-user=proxy --with-logdir=/var/log
--with-pidfile=/var/run/squid.pid --enable-arp-acl
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Building squid | Best Practices?

Re: [squid-users] Building squid | Best Practices?

Re: [squid-users] Building squid | Best Practices?

Re: [squid-users] Building squid | Best Practices?

Re: [squid-users] Building squid | Best Practices?

Re: [squid-users] Building squid | Best Practices?

Re: [squid-users] Building squid | Best Practices?

Re: [squid-users] Building squid | Best Practices?

Re: [squid-users] Building squid | Best Practices?

Re: [squid-users] Building squid | Best Practices?

Re: [squid-users] Building squid | Best Practices?

[squid-users] Building squid | Best Practices?

12 matches

Site Navigation

Mail list logo

Footer information