Compile squid 3.5.x under Debian Jessie

Inspired by this article I tried to compile the most recent stable version of squid under Debian Jessie. With some small changes it works as expected.

If you haven’t already, install the „build-essential“ package. Additionally, if you want to compile squid with SSL-support, you also need „openssl“ and „libssl-dev“:
apt-get install -y openssl build-essential libssl-dev

Then download and unpack the most recent source archive of squid 3.5. At the time of this writing it’s 3.5.3:
wget -O - | tar zxfv -

Luckily we can still use the compile dependencies from the 3.4.x branch:
apt-get build-dep squid3

Ok, no we are ready to run configure. Here’s my configuration. You may take it as a jumping-off point:
cd squid-3.5.3
./configure --build=x86_64-linux-gnu \
--prefix=/usr \
--includedir=${prefix}/include \
--mandir=${prefix}/share/man \
--infodir=${prefix}/share/info \
--sysconfdir=/etc \
--localstatedir=/var \
--libexecdir=${prefix}/lib/squid3 \
--srcdir=. \
--disable-maintainer-mode \
--disable-dependency-tracking \
--disable-silent-rules \
--datadir=/usr/share/squid3 \
--sysconfdir=/etc/squid3 \
--mandir=/usr/share/man \
--enable-inline \
--disable-arch-native \
--enable-async-io=8 \
--enable-storeio=ufs,aufs,diskd,rock \
--enable-removal-policies=lru,heap \
--enable-delay-pools \
--enable-cache-digests \
--enable-icap-client \
--enable-follow-x-forwarded-for \
--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB \
--enable-auth-digest=file,LDAP \
--enable-auth-negotiate=kerberos,wrapper \
--enable-auth-ntlm=fake,smb_lm \
--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group \
--enable-url-rewrite-helpers=fake \
--enable-eui \
--enable-esi \
--enable-icmp \
--enable-zph-qos \
--enable-ecap \
--disable-translation \
--with-swapdir=/var/spool/squid3 \
--with-logdir=/var/log/squid3 \
--with-pidfile=/var/run/ \
--with-filedescriptors=65536 \
--with-large-files \
--with-default-user=proxy \
--enable-ssl \
--with-open-ssl=/etc/ssl/openssl.cnf \
--enable-linux-netfilter \
'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' \
'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' \
'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'

If configure complains about a too old libecap, you can download (and compile & install) a recent one here:

If everything’s look fine, just fire up the well-known
make & make install
That’s it!

6 Kommentare

  1. ahmad badawi

    nice write up 🙂
    i followed it to the T but sadly got an error complaining about squid not being compiled with ssl!
    turns out, as of squid 3.5, we need „–with-openssl“ instead of „–enable-ssl“
    the configure option u have „–with-open-ssl=/etc/ssl/openssl.cnf“ is deprecated i guess

  2. Sunday

    Why not use normal debian build process, like

    apt-get build-dep squid3
    apt-get sources squid3
    cd squid*
    ./configure –with-gnutls –without-openssl


    1. chris (Beitrag Autor)

      I needed the most recent version of squid that days because of some new features. At the date of writing, the latest source in Debian’s repo was for version 3.4.x.
      AFAIK for Debian Jessie it’S still version 3.4.8 today you can get through „apt-get source“.

  3. Alberto

    this is great!!! but is necesary configure all modules in „./configure“ options, what modules are enables by default?
    thanks for your answer.

  4. alberto

    whats modules are by default in squid 3.5?

    1. chris (Beitrag Autor)

      Hi Alberto,
      I’m sorry but I’m afarid can’t answer this. Looking here may answer your question:
      AFAIK running ./configure with –help displays all avaliable options. If that doesn’t help you could still open the configure-script with „less“ or any text-editor and look for the default definitions.
      Hope that helps.


Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

This site uses Akismet to reduce spam. Learn how your comment data is processed.