Coolstack Squid Installation Notes

I recently installed Squid, the HTTP Proxy, for the first time. The version I installed was 2.6-STABLE16 and came as part of Solaris Coolstack 1.2. Here are some notes from the installation process:

Installation

The application on Solaris x86 using the pkgadd utility and the appropriate Coolstack Squid package file (CSKsquid_1.2_x86.pkg). The installation process also created a new SMF service called csk-squid.

Setup

This was the first time I had installed Squid so, after reading the documentation provided by Coolstack, I tried starting the Squid service. Unfortunately, it kept complaining about missing cache directories and file permissions, and would not start. In the end, a colleague directed me towards the squid -z command, which carried out all of the required post-installation setup and duly sorted out all of the directory/permissions problems.

Configuration

I only had to make two small changes to the Squid configuration file (/opt/coolstack/squid/etc/squid.conf):

  1. Squid uses port 3128 by default but, since our corporate firewall permits very few outbound ports, we modified squid to use port 8080 instead:
  2. http_port 8080

  3. We wanted to restrict access to the new HTTP Proxy to only a certain range of corporate IP addresses. This was easily achieved by adding a simple access rule as follows:
  4. acl my_networks src XXX.XXX.XXX.XXX/24
    http_access allow my_networks

Other than this, the process was surprisingly straightforward.