Date: Thu, 11 Apr 2024 09:55:14 +0000 From: PinPin Poola <pinpinpoola@xxxxxxxxxxx> To: "squid-users@xxxxxxxxxxxxxxxxxxxxx" <squid-users@xxxxxxxxxxxxxxxxxxxxx> Subject: Squid as a http/https transparent web proxy in 2024.... do I still have to build from source? Message-ID: <CWLP123MB6315CFE4C893F5D1AD2A885DB2052@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" I have put this off for a while, as I find everything about squid very intimidating. The fact you still use an email mailing list and not a web forum site amazes & scares me in equal part. I am probably using the wrong terminology here, but I now desperately need to build a http/https transparent web proxy with two interfaces, so that clients on a isolated/non-Internet routable subnet can download some large (25GB+) packages. I don't care which Linux distro tbh; but would prefer Ubuntu as I have most familiarity with it. I have watched a few old YouTube videos of people explaining that at the time to do this you had to build from source and add switches like "--enable-ssl --enable-ssl-crtd --with-openssl \" before compiling the code.
At least for FreeBSD binary-packaged squid these three switches
should be on, but I don't know if they are sufficient.
FreeBSD 13.3-RELEASE-p1 GENERIC amd64
# squid -v
Squid Cache: Version 6.6
Service Name: squid
This binary uses OpenSSL 1.1.1w-freebsd 11 Sep 2023. For legal
restrictions on distribution see
https://www.openssl.org/source/license.html
configure options: '--with-default-user=squid'
'--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin'
'--datadir=/usr/local/etc/squid'
'--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var'
'--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid'
'--with-pidfile=/var/run/squid/squid.pid'
'--with-swapdir=/var/squid/cache' '--without-gnutls'
'--with-included-ltdl' '--enable-build-info'
'--enable-removal-policies=lru heap' '--disable-epoll'
'--disable-arch-native' '--disable-strict-error-checking'
'--without-systemd' '--without-netfilter-conntrack'
'--without-cap' '--enable-eui' '--without-ldap'
'--enable-cache-digests' '--enable-delay-pools' '--disable-ecap'
'--disable-esi' '--without-expat' '--without-xml2'
'--enable-follow-x-forwarded-for' '--with-pthreads'
'--with-heimdal-krb5=/usr' 'CFLAGS=-I/usr/include -O2 -pipe
-fstack-protector-strong -isystem /usr/local/include
-fno-strict-aliasing ' 'LDFLAGS= -pthread
-fstack-protector-strong -L/usr/local/lib ' 'LIBS=-lkrb5 -lgssapi
-lgssapi_krb5 ' 'KRB5CONFIG=/usr/bin/krb5-config'
'krb5_config=/usr/bin/krb5-config' '--enable-htcp'
'--enable-icap-client' '--enable-icmp' '--enable-ident-lookups'
'--enable-ipv6' '--enable-kqueue' '--with-large-files'
'--enable-http-violations' '--without-nettle' '--enable-snmp' '--enable-ssl'
'--with-openssl' '--enable-security-cert-generators=file'
'LIBOPENSSL_CFLAGS=-I/usr/include' 'LIBOPENSSL_LIBS=-lcrypto
-lssl' '--enable-ssl-crtd' '--disable-stacktraces'
'--without-tdb' '--disable-ipf-transparent'
'--enable-ipfw-transparent' '--disable-pf-transparent'
'--without-nat-devpf' '--enable-forw-via-db' '--enable-wccp'
'--enable-wccpv2' '--enable-auth-basic=DB NCSA PAM POP3 RADIUS
SMB_LM fake getpwnam NIS' '--enable-auth-digest=file'
'--enable-auth-negotiate=kerberos wrapper'
'--enable-auth-ntlm=fake SMB_LM' '--enable-log-daemon-helpers=file
DB' '--enable-external-acl-helpers=file_userip unix_group delayer'
'--enable-url-rewrite-helpers=fake LFS'
'--enable-security-cert-validators=fake'
'--enable-storeid-rewrite-helpers=file' '--enable-storeio=aufs
diskd rock ufs' '--enable-disk-io=DiskThreads DiskDaemon AIO
Blocking IpcIo Mmapped' '--prefix=/usr/local'
'--mandir=/usr/local/man' '--disable-silent-rules'
'--infodir=/usr/local/share/info/'
'--build=amd64-portbld-freebsd13.2'
'build_alias=amd64-portbld-freebsd13.2' 'CC=cc' 'CPPFLAGS=-isystem
/usr/local/include' 'CXX=c++' 'CXXFLAGS=-O2 -pipe
-fstack-protector-strong -isystem /usr/local/include
-fno-strict-aliasing -isystem /usr/local/include ' 'CPP=cpp'
'PKG_CONFIG_LIBDIR=/wrkdirs/usr/ports/www/squid/work/.pkgconfig:/usr/local/libdata/pkgconfig:/usr/local/share/pkgconfig:/usr/libdata/pkgconfig'
--enable-ltdl-convenience
# pkg info squid
squid-6.6
Name : squid
Version : 6.6
Installed on : Thu Feb 22 10:57:12 2024 CET
Origin : www/squid
Architecture : FreeBSD:13:amd64
Prefix : /usr/local
Categories : www
Licenses : GPLv2
Maintainer : timp87@xxxxxxxxx
WWW : http://www.squid-cache.org/
Comment : HTTP Caching Proxy
Options :
ARP_ACL : on
AUTH_LDAP : off
AUTH_NIS : on
AUTH_SASL : off
AUTH_SMB : off
AUTH_SQL : off
CACHE_DIGESTS : on
DEBUG : off
DELAY_POOLS : on
DOCS : on
ECAP : off
ESI : off
EXAMPLES : on
FOLLOW_XFF : on
FS_AUFS : on
FS_DISKD : on
FS_ROCK : on
GSSAPI_BASE : on
GSSAPI_HEIMDAL : off
GSSAPI_MIT : off
GSSAPI_NONE : off
HTCP : on
ICAP : on
ICMP : on
IDENT : on
IPV6 : on
KQUEUE : on
LARGEFILE : on
LAX_HTTP : on
NETTLE : off
SNMP : on
SSL : on
SSL_CRTD : on
STACKTRACES : off
TDB : off
TP_IPF : off
TP_IPFW : on
TP_PF : off
VIA_DB : on
WCCP : on
WCCPV2 : on
Annotations :
FreeBSD_version: 1302001
build_timestamp: 2024-02-16T15:01:11+0000
built_by : poudriere-git-3.4.1
cpe :
cpe:2.3:a:squid-cache:squid:6.6:::::freebsd13:x64
port_checkout_unclean: no
port_git_hash : 756e18783
ports_top_checkout_unclean: no
ports_top_git_hash: b3e528239
repo_type : binary
repository : FreeBSD
Flat size : 7.99MiB
Description :
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not
quite)
HTTP/1.1 compliant. Squid offers a rich access control,
authorization and
logging environment to develop web proxy and content serving
applications.
Is this still that case that I cannot download and use a pre-compiled binary from your site? Many Thanks Pin
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
