19. Squid 1.2

19.1 How do I configure 'ssl_proxy' now?

By default, Squid connects directly to origin servers for SSL requests. But if you must force SSL requests through a parent, first tell Squid it can not go direct for SSL:

        acl SSL method CONNECT
        never_direct allow SSL

        cache_peer parent1 parent 3128 3130
        cache_peer parent2 parent 3128 3130
        cache_host_acl parent2 !SSL

19.2 Logfile rotation doesn't work with Async I/O

It is a know limitation when using Async I/O on Linux. The Linux Threads package steals (uses internally) the SIGUSR1 signal that squid uses to rotate logs.

In order to not disturb the threads package SIGUSR1 use is disabled in Squid when threads is enabled on Linux.

19.3 Adding a new cache disk

Simply add your new cache_dir line to squid.conf, then run squid -z again. Squid will create swap directories on the new disk and leave the existing ones in place.

19.4 Squid 1.2 performs badly on Linux

by Henrik Nordstrom

You may have enabled Asyncronous I/O with the --enable-async-io configure option. Be careful when using threads on Linux. Most versions of libc5 and early versions of glibc have problems with threaded applications. I would not recommend --enable-async-io on Linux unless your system uses a recent version of glibc.

You should also know than --enable-async-io is not optimal unless you have a very busy cache. For low loads the cache performs slightly better without --enable-async-io.

Try recompiling Squid without --enable-async-io. If a non-threaded Squid performs better then your libc probably can't handle threads correctly. (don't forget "make clean" after running configure)

19.5 How do I configure proxy authentication with Squid-1.2?

As of Squid-1.2.beta24, the implementation and configuration has changed. Authentication is now handled via external processes. Arjan's proxy auth page describes how to set it up. Some simple instructions are given below as well.

1. We assume you have configured an ACL entry with proxy_auth, for example:

           acl foo proxy_auth
           http_access allow foo
   

2. You will need to compile and install an external authenticator program. Most people will want to use ncsa_auth. The source for this program is included in the source distribution, in the auth_modules/NCSA directory.

           % cd auth_modules/NCSA
           % make
           % make install
   

   You should now have an ncsa_auth program in the same directory where your squid binary lives.
3. You may need to create a password file. If you have been using proxy authentication before, you probably already have such a file. You can get apache's htpasswd program from our server. Pick a pathname for your password file. We will assume you will want to put it in the same directory as your squid.conf.
4. Configure the external authenticator in squid.conf. For ncsa_auth you need to give the pathname to the executable and the password file as an argument. For example:

           authenticate_program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/passwd
   

After all that, you should be able to start up Squid. If we left something out, or haven't been clear enough, please let us know (squid-faq@ircache.net).