From owner-freebsd-questions@FreeBSD.ORG Wed Sep 1 23:03:27 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 712FE10656BB for ; Wed, 1 Sep 2010 23:03:27 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id F241E8FC19 for ; Wed, 1 Sep 2010 23:03:26 +0000 (UTC) Received: by wwb34 with SMTP id 34so9273981wwb.31 for ; Wed, 01 Sep 2010 16:03:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=tFBGnjPt94tpJVhwImx37mZTs9rbvYEtfseXQ2FnLdE=; b=Ou7qlATF4Z3cb+xdJaSpe8Et+62NWjejV/lUbAhkiYuAERKGBVeOV3BDWVFNXb9u/w hTkZj0XSEy6yKec2K6ORRJX8Rb1wUVPiZwP32TICtqaiaDn3t+VkbkYAHcbWM6LoR42y Z/5/ReGbYprgaj4gtdGUfrTFuahShaAtjDEjk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=Ya6mJE6y5V93deKbeCPbNQQr86Y1mGLeLQzlmSRJ8l2ZATmQ5fFDpA6JVHeYAHkM9Z iTVnYJbRXdJp/glQbIJVGthVf/XjlxmOPxPL2YOUPRp6D/1TTZ/qNJnaRwEcciiJakQy cagOgc4U+eRhkWnulDRqGB1D6P5wfPKuQ2dRA= Received: by 10.227.151.148 with SMTP id c20mr8473962wbw.15.1283382201235; Wed, 01 Sep 2010 16:03:21 -0700 (PDT) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id i14sm9296383wbe.18.2010.09.01.16.03.18 (version=SSLv3 cipher=RC4-MD5); Wed, 01 Sep 2010 16:03:19 -0700 (PDT) Date: Thu, 2 Sep 2010 00:03:16 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20100902000316.5a5cf931@gumby.homeunix.com> In-Reply-To: References: X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; i386-portbld-freebsd8.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Should a "squid" user have a shell? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Sep 2010 23:03:27 -0000 On Wed, 1 Sep 2010 09:38:03 -0700 Ed Flecko wrote: > Thank you Jerry. > > The only reason I'm not using the squid port is because I found a > website > ( http://teklimbu.wordpress.com/2007/10/03/enterprise-freebsd-squid-proxy-server/ ) > that has detailed instructions on installing squid for an Enterprise > environment claiming the performance is very good. > > Since I'm new to using squid and using squid on FreeBSD, I'm simply > trying to duplicate his setup. It's quite possible that I could > achieve the same performance results from using the port install of > squid...but maybe I wouldn't. You might as well build the port. There's nothing special in his configure settings - although the squid port provides a variable for this if you if you want to add extra configure settings not supported by the port options. The port will apply some patches to the code that may, or may not, be need. It will also provide an rc script and create the user/group. Either way you need to run squid -z to create the directories. IIRC this will create the directories with the correct ownership if the effective user/group is correct in squid.conf. That just leaves squid.conf which you have to setup anyway, since the port defaults to a small "ufs" cache. I'd suggest taking the default and stripping out the very lengthy comments, and them merging in any settings you want from his file - having looked-up what they actually do. Some of his setting are sensible, such as using diskd, some less so, such as the acl to deny query url caching, which more efficiently handled through refresh patterns in the default file. Also I'd suggest not using heap GDSF/LFUDA cache replacement until you have established you can't get a week's retention from the default lru policy. The suggestion of running a local dns cache shouldn't make much difference since squid does it own caching.