inComum

1. BASIC
2.  
3. 1. place the inComum file in /usr/lib/squid
4.  
5.      cp. /inComum/usr/lib/squid/
6.  
7. 2. make it executable
8.  
9.      chmod + x /usr/lib/squid/inComum
10.  
11. 3. change the owner for the same squid (inComum proxy.proxy):
12.  
13.      proxy.proxy chown /usr/lib/squid/inComum
14.  
15. 4. Install script in squid.conf
16.  
17. 5. configurations redirector that makes the equivalence of URL
18.  
19. storeurl_rewrite_program /​​usr/lib/squid/inComum
20. storeurl_rewrite_children 10 // depends on your load. Normally use 5-100.
21.  
22. 6. acl to just send the URL redirector modifiable pro
23.  
24. acl store_rewrite_list dstdomain. youtube.com. googlevideo.com orkut.com. avast.com. catalog.video.msn.com. blip.tv
25. storeurl_access allow store_rewrite_list
26. storeurl_access deny all
27.  
28. 7. remove a disservice Squid
29. 8. COMMENT these lines (to disable them)
30.  
31. # acl QUERY urlpath_regex cgi-bin \?
32. # cache deny QUERY
33.  
34. 9. put this down below
35.  
36. cache allow all
37.  
38. 10. not expire youtube videos - currently (Feb/2010), expire under 2 hours.
39.  
40. ATTENTION: BEFORE putting this line the other lines refresh_pattern
41.  
42. refresh_pattern (get_video\?|videoplayback\?|videodownload\?) 5259487 999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000
43. refresh_pattern ^http:\/\/av\.vimeo\.com\/.\.(mp4|flv) 5259487 999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000
44. refresh_pattern ^http:\/\/.{0,2}\.video[0-9]\.blip\.tv.\.(flv|mp4|wmv|rm|ram|mov|avi|m4v|mp3) 5259487 999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000
45. refresh_pattern ^http://flashvideo.globo.com/*mp4 5259487 999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000
46. refresh_pattern (catalog.video.msn.com) 5259487 999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000
47. 11. Remember to increase the size of your cache of objects.
48.  
49.      between 30 and 100MB is usually a good value
50.  
51. maximum_object_size 30 MB
52.  
53.  
54. to Read first
55.  
56. 1. Prepare enviroment
57. Install needed files to compile.
58. From apt-get's man: "build-dep causes apt-get to install/remove packages in an attempt to satisfy the build dependencies for a source package."
59. # apt-get build-dep squid
60. 2. Download Squid's sources
61. System download and apply patches.
62. # apt-get source squid
63. 3. Edit compilations config on file ./debian/rules
64. # vim <squid source directory>/debian/rules
65. 3.1. Find following lines inside 'rules' file:
66. # Configure the package.
67. config.status:
68. In my case (squid-2.7.STABLE9), they were on lines 132 e 133.
69. 3.2. Add HTTP violations
70. On that point, you will find a serie of options. Add violations on it's middle.
71. My section became (notice line 166):
72. 132 # Configure the package.
73. 133 config.status:
74. 134
75. 135 rm cfgaux/config.sub cfgaux/config.guess
76. 136 ln -s /usr/share/misc/config.sub cfgaux/
77. 137 ln -s /usr/share/misc/config.guess cfgaux/
78. 138
79. 139 $(opt_ac_cv_func_setresuid) \
80. 140 ./configure \
81. 141 --prefix=/usr \
82. 142 --exec_prefix=/usr \
83. 143 --bindir=/usr/sbin --sbindir=/usr/sbin \
84. 144 --libexecdir=/usr/lib/squid \
85. 145 --sysconfdir=$(sysconfdir) \
86. 146 --localstatedir=/var/spool/squid \
87. 147 --datadir=/usr/share/squid \
88. 148 $(with_pthreads) \
89. 149 $(with_netfilter) \
90. 150 $(with_arp_acl) \
91. 151 $(with_epoll) \
92. 152 --enable-removal-policies=lru,heap \
93. 153 --enable-snmp \
94. 154 --enable-delay-pools \
95. 155 --enable-htcp \
96. 156 --enable-cache-digests \
97. 157 --enable-underscores \
98. 158 --enable-referer-log \
99. 159 --enable-useragent-log \
100. 160 --enable-auth="basic,digest,ntlm,negotiate" \
101. 161 --enable-negotiate-auth-helpers=squid_kerb_auth \
102. 162 --enable-carp \
103. 163 --enable-follow-x-forwarded-for \
104. 164 --with-large-files \
105. 165 --with-maxfd=65536 \
106. 166 --enable-http-violations \
107. 167 $(DEB_HOST_ARCH_CPU)-debian-$(DEB_HOST_ARCH_OS)
108. 4. Make .deb files.
109. You must be on <squid source> directory. If you are still on <squid source>/debian, go up one level.
110. # dpkg-buildpackage
111. It will be generated a squid_<version>.deb and a squid-common_<version>.deb inside directory above <squid_source>.
112. 5. Install generated debs.
113. # dpkg -i squid_2.7.STABLE9-2_i386.deb squid-common_2.7.STABLE9-2_all.deb
114. That's it. You will have now a much more powerfull Squid and you may finally use all the power of refresh pattern.
115.  
116. IMPORTANT
117. =========
118. Don't put on production before read this!
119. There is a possibility for your Squid to be imcompatible with this script.
120. When you initialize Squid, a process-father has the basic function to initialize process-children.
121. These shall receive and treat the requests.
122. In some versions, each child process initialize some instancy from sctipt called in storeurl_rewrite_program.
123. These children processes stay active until the parent process decides to remove them from memory.
124. In some versions of Squid, when children process are removed from memory, they do not remove the external program, letting it â??orphanâ?.
125. In younger versions, that does not happen.
126. You have to check if your version of Squid produces this unexpected result before putting it in production.
127. This can be done verifying how many processes run inComum:
128. $ ps ax|grep inComum
129. It is normal that the number is a little bit bigger or smaller than the number shown in storeurl_rewrite_children. It is a problem if this number keeps growing (it will take all your memory with ghosts processes).
130. Observe the system at the first day and check out its behavior.
131. If there are not large changes in quantity, your system is ready to have the script implanted.
132.  
133. INSTALL
134. =======
135. PRE-REQUISITES
136. --------------
137. => Squid2 >= v2.7 (yet not ported for Squid3)
138. For better results, Squid must be compiled with --enable-http-violations directive.
139. Some versions may present problems. Read important.txt before install.
140. INSTALL
141. ----------
142. 1. Put file inComum in /usr/lib/squid and inComum.conf in /etc/squid/
143. # cp ./inComum /usr/lib/squid/
144. # cp ./inComum.conf /etc/squid/
145. 2. Make it runnable
146. # chmod +x /usr/lib/squid/inComum
147. 3. Change owner to the same squid runner (usually proxy.proxy):
148. # chown proxy.proxy /usr/lib/squid/inComum
149. # chown proxy.proxy /etc/squid/inComum.conf
150. 4. Configure inComum.conf
151. For now, you may change the following options:
152. -storeurl_rewrite_children
153. -maximum_object_size
154. 5. Install helper on squid.conf
155. To install add following line (without #) on squid.conf:
156. include /etc/squid/inComum.conf
157. IMPORTANT: above line MUST be inserted BEFORE any other config.
158. (Not exactly: must be before acl QUERY or any other refresh_pattern).