Inspired by this article I tried to compile the most recent stable version of squid under Debian Jessie. With some small changes it works as expected.
If you haven’t already, install the “build-essential” package. Additionally, if you want to compile squid with SSL-support, you also need “openssl” and “libssl-dev”:
apt-get install -y openssl build-essential libssl-dev
Then download and unpack the most recent source archive of squid 3.5. At the time of this writing it’s 3.5.3:
wget -O - http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.3.tar.gz | tar zxfv -
Luckily we can still use the compile dependencies from the 3.4.x branch:
apt-get build-dep squid3
Ok, no we are ready to run configure. Here’s my configuration. You may take it as a jumping-off point:
cd squid-3.5.3
./configure --build=x86_64-linux-gnu \
--prefix=/usr \
--includedir=${prefix}/include \
--mandir=${prefix}/share/man \
--infodir=${prefix}/share/info \
--sysconfdir=/etc \
--localstatedir=/var \
--libexecdir=${prefix}/lib/squid3 \
--srcdir=. \
--disable-maintainer-mode \
--disable-dependency-tracking \
--disable-silent-rules \
--datadir=/usr/share/squid3 \
--sysconfdir=/etc/squid3 \
--mandir=/usr/share/man \
--enable-inline \
--disable-arch-native \
--enable-async-io=8 \
--enable-storeio=ufs,aufs,diskd,rock \
--enable-removal-policies=lru,heap \
--enable-delay-pools \
--enable-cache-digests \
--enable-icap-client \
--enable-follow-x-forwarded-for \
--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB \
--enable-auth-digest=file,LDAP \
--enable-auth-negotiate=kerberos,wrapper \
--enable-auth-ntlm=fake,smb_lm \
--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group \
--enable-url-rewrite-helpers=fake \
--enable-eui \
--enable-esi \
--enable-icmp \
--enable-zph-qos \
--enable-ecap \
--disable-translation \
--with-swapdir=/var/spool/squid3 \
--with-logdir=/var/log/squid3 \
--with-pidfile=/var/run/squid3.pid \
--with-filedescriptors=65536 \
--with-large-files \
--with-default-user=proxy \
--enable-ssl \
--with-open-ssl=/etc/ssl/openssl.cnf \
--enable-linux-netfilter \
'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' \
'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' \
'CPPFLAGS=-D_FORTIFY_SOURCE=2' \
'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'
If configure complains about a too old libecap, you can download (and compile & install) a recent one here: http://www.e-cap.org/Downloads
If everything’s look fine, just fire up the well-known
make & make install
That’s it!
hello,
nice write up 🙂
i followed it to the T but sadly got an error complaining about squid not being compiled with ssl!
turns out, as of squid 3.5, we need “–with-openssl” instead of “–enable-ssl”
the configure option u have “–with-open-ssl=/etc/ssl/openssl.cnf” is deprecated i guess
Why not use normal debian build process, like
apt-get build-dep squid3
apt-get sources squid3
cd squid*
./configure –with-gnutls –without-openssl
?
I needed the most recent version of squid that days because of some new features. At the date of writing, the latest source in Debian’s repo was for version 3.4.x.
AFAIK for Debian Jessie it’S still version 3.4.8 today you can get through “apt-get source”.
this is great!!! but is necesary configure all modules in “./configure” options, what modules are enables by default?
thanks for your answer.
whats modules are by default in squid 3.5?
thaks.
Hi Alberto,
I’m sorry but I’m afarid can’t answer this. Looking here may answer your question: http://etutorials.org/Server+Administration/Squid.+The+definitive+guide/Chapter+3.+Compiling+and+Installing/3.4+The+configure+Script/
AFAIK running ./configure with –help displays all avaliable options. If that doesn’t help you could still open the configure-script with “less” or any text-editor and look for the default definitions.
Hope that helps.