« [e-access] 毎日、同じ時間に、同じ遅延が発生している | トップページ | squid 3.5.12-20151128-r13959 解説編Ⅰ(起動・設定) »

2015年12月24日 (木)

squid 3.5.12-20151128-r13959 のビルド(成功手順編)

raspberrypiで squid3.5.12をビルドしたのでメモ(成功編)。
まずは、最小限の手順と結果だけを書きます。解説編、失敗編はのちほど。

前提
raspbian: 2015-05-05-raspbian-wheezy.img
squid: squid-3.5.12-20151128-r13959

開発ツールインストール
$ sudo apt-get install automake perl gcc-4.8 g++-4.8

ソースダウンロード
$ cd
$ wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.12-20151128-r13959.tar.gz
$ tar zxf squid-3.5.12-20151128-r13959.tar.gz
$ cd squid-3.5.12-20151128-r13959

ビルド
$ ./configure --prefix=/usr \
--localstatedir=/var \
--libexecdir=${prefix}/lib/squid \
--datadir=${prefix}/share/squid \
--sysconfdir=/etc/squid \
--with-default-user=proxy \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-large-files \
--with-build-environment=POSIX_V6_ILP32_OFFBIG \
--enable-inline \
--enable-async-io=8 \
--enable-storeio=rock,ufs,aufs,diskd \
--enable-removal-policies=lru,heap \
--enable-delay-pools \
--enable-cache-digests \
--enable-underscores \
--enable-esi \
--enable-zph-qos \
--enable-wccpv2 \
--enable-linux-netfilter \
--enable-follow-x-forwarded-for \
CC=gcc-4.8 \
CXX=g++-4.8 \
CFLAGS='-O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall' \
LDFLAGS='-fPIE -pie -Wl,-z,relro -Wl,-z,now' \
CPPFLAGS='-D_FORTIFY_SOURCE=2' \
CXXFLAGS='-std=c++11 -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security'

$ make -j4
$ sudo make install

initスクリプトの作成と権限付与
$ cd /etc/init.d
$ sudo vi squid
----
※後述
----
$ sudo chmod +x squid

squid.confの作成と権限付与
$ cd /etc/squid
$ sudo vi squid.conf
----
※※後述
----
$ chown proxy.proxy squid.conf

ログディレクトリの権限付与
$ sudo chown proxy.proxy /var/log/squid

PIDディレクトリの権限付与
$ sudo chown proxy.proxy /var/run/squid

キャッシュディレクトリ初期化
$ sudo -u proxy squid -z

squid起動
$ sudo service squid start

cachemgr確認
$ sudo squidclient cachemgr mgr:info

以上

/etc/init.d/squid
http://wiki.squid-cache.org/SquidFaq/CompilingSquid#KnowledgeBase.2FDebian.Init_Script
----
#! /bin/sh
#
# squid Startup script for the SQUID HTTP proxy-cache.
#
# Version: @(#)squid.rc 1.0 07-Jul-2006 luigi@debian.org
#
# pidfile: /var/run/squid.pid
#
### BEGIN INIT INFO
# Provides: squid
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Should-Start: $named
# Should-Stop: $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Squid HTTP Proxy version 3.x
### END INIT INFO

NAME=squid
DESC="Squid HTTP Proxy"
DAEMON=/usr/sbin/squid
PIDFILE=/var/run/$NAME.pid
CONFIG=/etc/squid/squid.conf
SQUID_ARGS="-YC -f $CONFIG"

[ ! -f /etc/default/squid ] || . /etc/default/squid

. /lib/lsb/init-functions

PATH=/bin:/usr/bin:/sbin:/usr/sbin

[ -x $DAEMON ] || exit 0

ulimit -n 65535

find_cache_dir () {
w=" " # space tab
res=`$DAEMON -k parse -f $CONFIG 2>&1 |
grep "Processing:" |
sed s/.*Processing:\ // |
sed -ne '
s/^['"$w"']*'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
t end;
d;
:end q'`
[ -n "$res" ] || res=$2
echo "$res"
}

grepconf () {
w=" " # space tab
res=`$DAEMON -k parse -f $CONFIG 2>&1 |
grep "Processing:" |
sed s/.*Processing:\ // |
sed -ne '
s/^['"$w"']*'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
t end;
d;
:end q'`
[ -n "$res" ] || res=$2
echo "$res"
}

create_run_dir () {
run_dir=/var/run/squid
usr=`grepconf cache_effective_user proxy`
grp=`grepconf cache_effective_group proxy`

if [ "$(dpkg-statoverride --list $run_dir)" = "" ] &&
[ ! -e $run_dir ] ; then
mkdir -p $run_dir
chown $usr:$grp $run_dir
[ -x /sbin/restorecon ] && restorecon $run_dir
fi
}

start () {
cache_dir=`find_cache_dir cache_dir`
cache_type=`grepconf cache_dir`
run_dir=/var/run/squid

#
# Create run dir (needed for several workers on SMP)
#
create_run_dir

#
# Create spool dirs if they don't exist.
#
if test -d "$cache_dir" -a ! -d "$cache_dir/00"
then
log_warning_msg "Creating $DESC cache structure"
$DAEMON -z -f $CONFIG
[ -x /sbin/restorecon ] && restorecon -R $cache_dir
fi

umask 027
ulimit -n 65535
cd $run_dir
start-stop-daemon --quiet --start \
--pidfile $PIDFILE \
--exec $DAEMON -- $SQUID_ARGS < /dev/null
return $?
}

stop () {
PID=`cat $PIDFILE 2>/dev/null`
start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
#
# Now we have to wait until squid has _really_ stopped.
#
sleep 2
if test -n "$PID" && kill -0 $PID 2>/dev/null
then
log_action_begin_msg " Waiting"
cnt=0
while kill -0 $PID 2>/dev/null
do
cnt=`expr $cnt + 1`
if [ $cnt -gt 24 ]
then
log_action_end_msg 1
return 1
fi
sleep 5
log_action_cont_msg ""
done
log_action_end_msg 0
return 0
else
return 0
fi
}

cfg_pidfile=`grepconf pid_filename`
if test "${cfg_pidfile:-none}" != "none" -a "$cfg_pidfile" != "$PIDFILE"
then
log_warning_msg "squid.conf pid_filename overrides init script"
PIDFILE="$cfg_pidfile"
fi

case "$1" in
start)
res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL .*"`
if test -n "$res";
then
log_failure_msg "$res"
exit 3
else
log_daemon_msg "Starting $DESC" "$NAME"
if start ; then
log_end_msg $?
else
log_end_msg $?
fi
fi
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
if stop ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
reload|force-reload)
res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL .*"`
if test -n "$res";
then
log_failure_msg "$res"
exit 3
else
log_action_msg "Reloading $DESC configuration files"
start-stop-daemon --stop --signal 1 \
--pidfile $PIDFILE --quiet --exec $DAEMON
log_action_end_msg 0
fi
;;
restart)
res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL .*"`
if test -n "$res";
then
log_failure_msg "$res"
exit 3
else
log_daemon_msg "Restarting $DESC" "$NAME"
stop
if start ; then
log_end_msg $?
else
log_end_msg $?
fi
fi
;;
status)
status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit 3
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart|status}"
exit 3
;;
esac

exit 0
----


※※squid.conf
----
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# 2015-12-07 add
acl snmppublic snmp_community public

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/cache/squid 100 16 256
# 2015-12-07 add
cache_dir rock /mnt/jetflash2/squid 8000 max-size=65536 max-swap-rate=320 swap-timeout=350
cache_dir aufs /mnt/jetflash3/squid 12000 16 256 min-size=65537

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
#
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320
#refresh_pattern . 0 20% 4320

# 2015-12-07 add
cache_swap_log /var/log/squid/cache_swap_${process_number}.log
access_log none
cache_log /var/log/squid/cache_${process_number}.log
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
ftp_user hogehoge@hogehoge.jp
snmp_port 3401
snmp_access allow snmppublic localhost
snmp_access deny all
ipcache_size 4096
via off
forwarded_for off
#pipeline_prefetch 3
shutdown_lifetime 5 seconds
----

« [e-access] 毎日、同じ時間に、同じ遅延が発生している | トップページ | squid 3.5.12-20151128-r13959 解説編Ⅰ(起動・設定) »

コメント

コメントを書く

(ウェブ上には掲載しません)

トラックバック

この記事のトラックバックURL:
http://app.cocolog-nifty.com/t/trackback/143173/62931658

この記事へのトラックバック一覧です: squid 3.5.12-20151128-r13959 のビルド(成功手順編):

« [e-access] 毎日、同じ時間に、同じ遅延が発生している | トップページ | squid 3.5.12-20151128-r13959 解説編Ⅰ(起動・設定) »

最近のトラックバック

2017年4月
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            
フォト
無料ブログはココログ