Thank you. Comments inline. On Sun, Jan 10, 2010 at 5:49 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > Dave T wrote: >> >> I just set up squid for the first time. It is on a Ubuntu box hosted >> on Linode.com. I have zero experience with proxy servers. I used this >> guide: >> http://news.softpedia.com/news/Seting-Up-a-HTTP-Proxy-Server-with-Authentication-and-Filtering-52467.shtml > > Eeek! That tutorial is advising people to create open proxies for global public access (allow all). I think that is just for initial testing. The tutorial actually changes that in the second step. > > >> >> (I also looked at a few other guides such as this one: >> http://ubuntuforums.org/showthread.php?t=320733. However, I wanted to >> most barebones config to start with and the link I used was the >> simplest I found.) > > The simplest and safest documentation is in: > /usr/share/doc/squid-common/QUICKSTART > or > /usr/share/doc/squid3-common/QUICKSTART > > ... which outlines the minimal config changes to go from a clean install of your particular version to a working proxy. Thanks. Amazing that I looked everywhere else but on my local HDD. :) > > >> >> So now that I have it set up, I'm testing it with FoxyProxy. It is not >> working well. Many web pages do not load completely. Some load very >> slowly. A few load fast (but even then, some images are often >> missing). Many times I have to try an address several times before a >> page will even start to load. >> >> I am using iptables. When I turn the firewall off, I have slightly >> less problems, but nothing significantly changes. I don't want to >> leave the firewall off, so I took a few ideas from here: >> http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html >> But the changes I put in actually made the performance a little worse >> than before. And like I said, even with the firewall off, the problems >> I described remain. >> >> What should I look at next to begin to understand my problem? Thanks. > > Coming here was a good start. > > We are going to need to known the version of Squid you are using, there are a dozen or more available on Ubuntu. > I assume this will give more than enough info: $ dpkg -s squid Package: squid Status: install ok installed Priority: optional Section: web Installed-Size: 1584 Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@xxxxxxxxxxxxxxxx> Architecture: i386 Version: 2.6.18-1ubuntu3 Replaces: squid-novm Depends: adduser, libc6 (>= 2.4), libdb4.6, libldap-2.4-2 (>= 2.4.7), libpam0g (>= 0.99.7.1), logrotate (>= 3.5.4-1), lsb-base, netbase, squid-common (>= 2.6.18-1ubuntu3), ssl-cert (>= 1.0-11ubuntu1) Pre-Depends: debconf (>= 1.2.9) | debconf-2.0 Suggests: logcheck-database, resolvconf (>= 0.40), smbclient, squid-cgi, squidclient, winbind Conflicts: sarg (<< 1.1.1-2), squid-novm Conffiles: /etc/init.d/squid 19cb626e40f26e79596786ca3dbf991e /etc/logrotate.d/squid 04a97ec018c01cd54851de772812067f /etc/resolvconf/update-libc.d/squid c066626f87865da468a7e74dc5d9aeb0 Description: Internet object cache (WWW proxy cache) This package provides the Squid Internet Object Cache developed by the National Laboratory for Applied Networking Research (NLANR) and Internet volunteers. Homepage: http://www.squid-cache.org/ Original-Maintainer: Luigi Gangitano <luigi@xxxxxxxxxx> Linux Linode01 2.6.18.8-linode19 #1 SMP Mon Aug 17 22:19:18 UTC 2009 i686 GNU/Linux > > Also, we are going to have to see what squid.conf you have ended up working with. Minus the documentation comments and empty lines please. Here is what I am using for TESTING only. I was getting TCP_DENIED/407 errors in the log, so I made an attempt to test it with no auth required at all. (Not sure if I achieved that with this config or not, but the problems didn't go away.) acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl purge method PURGE acl CONNECT method CONNECT http_access allow all icp_access allow all http_port 3128 hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid acl QUERY urlpath_regex cgi-bin \? cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache broken_vary_encoding allow apache extension_methods REPORT MERGE MKACTIVITY CHECKOUT hosts_file /etc/hosts coredump_dir /var/spool/squid > > >> >> BTW, is there a recent preconfigured squid virtual appliance that I >> could host on Amazon EC2 (or similar) that would be suitable for my >> own personal proxy server? > > Not that I'm aware of. There have been several attempts in the last years to get a current Squid appliance made. But none of those people have reported back even to advertise their wares. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 > Current Beta Squid 3.1.0.15
