Proxy/Cache Web Service

[Ref: OpenBSD 5.6, squid-3.5pre20140626p1.tgz ]

There are at least three values in using a caching proxy, the immediately obvious two are bandwidth optimisation (in the form of minimising unnecessary traffic also known as caching) and control of what resources can be requested from outside (also known as access control through a proxy.)

The third, oft unexplored, value of a caching proxy server such as squid is the records, or logs that it maintains to allow the administrator to further 'fine-tune' the performance of the system and to isolate communications from within the environment to the external world.

Optimising Web Access

[squid-2.7.STABLE9p8-ldap-snmp]

To install Squid, use the binary packages built by the OpenBSD team as in the example below

# pkg_add /[path-to-package]/squid-3.5pre20140626p1
squid-3.5pre20140626p1: ok
The following new rcscripts were installed: /etc/rc.d/squid
See rc.d(8) for details.
Look in /usr/local/share/doc/pkg-readmes for extra documentation.

Once the package is installed you will be prompted to two items:

  • rc.d(8) for details on the rcscript /etc/rc.d/squid
  • Further instructions at pkg-readmes

Post Install Instructions

Following the above

cache_dir

The sample configuration in /etc/squid/squid.conf is a simple version
with only the most essential options. By default, only RAM-based cache is
used, un-comment the cache_dir line to enable a persistent disk cache
("swap"); this is normally kept in /var/squid/cache and must be
initialized with "squid -z" before starting the daemon. If you need to
place it elsewhere, create the directory and make sure it is owned and
writable by user _squid, group _squid.

Configure path for cache_dir.

The sample configuration is the below:

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/squid/cache 100 16 256

We can use the basic configuration, by removing the "#" comment

cache_dir ufs /var/squid/cache 100 16 256

We verify that the required permissions are configured on the path:

# ls -al /var/squid
total 16
drwxrwx--x   4 _squid  _squid  512 Apr  6 15:46 .
drwxr-xr-x  25 root    wheel   512 Apr  6 15:46 ..
drwxrwx--x   2 _squid  _squid  512 Apr  6 15:46 cache
drwxrwxr-x   2 _squid  _squid  512 Apr  6 15:46 logs
# ls -al /var/squid/cache
total 8
drwxrwx--x  2 _squid  _squid  512 Apr  6 15:46 .
drwxrwx--x  4 _squid  _squid  512 Apr  6 15:46 ..

Now, configure the cache_dir by executing "squid -z"

# /usr/local/sbin/squid -z
2015/04/06 15:58:37 kid1| Set Current Directory to /var/squid/cache
2015/04/06 15:58:37 kid1| Creating missing swap directories
2015/04/06 15:58:37 kid1| /var/squid/cache exists
2015/04/06 15:58:37 kid1| Making directories in /var/squid/cache/00
2015/04/06 15:58:38 kid1| Making directories in /var/squid/cache/01
2015/04/06 15:58:38 kid1| Making directories in /var/squid/cache/02
2015/04/06 15:58:39 kid1| Making directories in /var/squid/cache/03
2015/04/06 15:58:39 kid1| Making directories in /var/squid/cache/04
2015/04/06 15:58:40 kid1| Making directories in /var/squid/cache/05
2015/04/06 15:58:40 kid1| Making directories in /var/squid/cache/06
2015/04/06 15:58:41 kid1| Making directories in /var/squid/cache/07
2015/04/06 15:58:41 kid1| Making directories in /var/squid/cache/08
2015/04/06 15:58:42 kid1| Making directories in /var/squid/cache/09
2015/04/06 15:58:42 kid1| Making directories in /var/squid/cache/0A
2015/04/06 15:58:43 kid1| Making directories in /var/squid/cache/0B
2015/04/06 15:58:43 kid1| Making directories in /var/squid/cache/0C
2015/04/06 15:58:44 kid1| Making directories in /var/squid/cache/0D
2015/04/06 15:58:44 kid1| Making directories in /var/squid/cache/0E
2015/04/06 15:58:45 kid1| Making directories in /var/squid/cache/0F

System Resource Limits

[Ref: login.conf]

File extract: /etc/login.conf


squid:\
        :datasize=1500M:\
        :openfiles=4096:\
        :tc=daemon:
Sites with very large /etc/login.conf files may wish to create a database version of the file, 
/etc/login.conf.db, for improved performance. Using a database version for small files does 
not result in a performance improvement. To build /etc/login.conf.db from /etc/login.conf the 
following command may be used:
# cap_mkdb /etc/login.conf

rc.d startup scripts

[Ref: rc.d(8)]

Edit the file: /etc/rc.conf.local

pkg_scripts="squid"

Add the rc.d "squid" script to the list of pkg_scripts in /etc/rc.conf.local.

Each restart of the host will automatically start your squid server.

Starting Squid

Start squid by using the installed squid rc.d(8) script:

/etc/rc.d/squid start

Localised settings in OpenBSD package

It's useful to know where the standard configuration files, locations are specified for the OpenBSD packages.

# cat /usr/local/share/doc/pkg-readmes/squid-2.7.STABLE9p8-ldap-snmp
$OpenBSD: README,v 1.3 2011/04/14 08:11:50 sthen Exp $

Running Squid on OpenBSD
========================

The local (OpenBSD) differences are:
- configuration files are in            /etc/squid
- sample configuration files are in     /usr/local/share/examples/squid
- error message files are in            /usr/local/share/squid/errors
- sample error message files are in     /usr/local/share/examples/squid/errors
- icons are in                          /usr/local/share/squid/icons
- sample icons are in                   /usr/local/share/examples/squid/icons
- the cache is in                       /var/squid/cache
- logs are stored in                    /var/squid/logs
- the ugid squid runs as is             _squid:_squid

... [stuff left out] ...