ProxyScript

by williamwangmi
2237 deployments · 2231 still active · last rev. 1 month ago

N/A

Compatible with: Debian 8
						#!/bin/bash
#
# Debian
#

apt-get -y update

apt-get install -y ntpdate
apt-get install -y squid3 apache2-utils build-essential

cp /etc/squid3/squid.conf /etc/squid3/squid.conf.bak

cat << EOF > /etc/squid3/squid.conf
http_port 8080

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/.passwd
auth_param basic children 5
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl auth proxy_auth REQUIRED
acl localhost src 216.165.243.241

http_access allow auth
http_access allow localhost
http_access deny all

cache deny all

forwarded_for delete
request_header_access Via deny all

hosts_file /etc/hosts
dns_nameservers 8.8.8.8 8.8.4.4
maximum_object_size_in_memory 50 KB
logfile_rotate 10
memory_pools off
maximum_object_size 50 MB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off

EOF

htpasswd -b -c /etc/squid3/.passwd sesame proxy

wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE14.tar.gz
tar xvzf squid-2.6.STABLE14.tar.gz
cd squid-2.6.STABLE14
CHOST="x86_64-pc-linux-gnu" \
CFLAGS="-DNUMTHREADS=60 \
-march=nocona \
-O3 \
-pipe \
-fomit-frame-pointer \
-funroll-loops \
-ffast-math \
-fno-exceptions" \
./configure \
--prefix=/usr \
--enable-async-io \
--enable-icmp \
--enable-useragent-log \
--enable-snmp \
--enable-cache-digests \
--enable-follow-x-forwarded-for \
--enable-storeio="aufs" \
--enable-removal-policies="heap,lru" \
--with-maxfd=16384 \
--enable-poll \
--disable-ident-lookups \
--enable-truncate \
--exec-prefix=/usr \
--bindir=/usr/sbin \
--libexecdir=/usr/lib/squid


make
make install

cat << EOF >> /etc/sysctl.conf
fs.file-max = 65535
net.core.rmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_default = 262144
net.core.wmem_max = 262144
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 65536 8388608
net.ipv4.tcp_mem = 4096 4096 4096
net.ipv4.tcp_low_latency = 1
net.core.netdev_max_backlog = 4000
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 16384
EOF

echo "* - nofile 65535" >> /etc/security/limits.conf

reboot