Compile squid 3.5.x under Debian Jessie

Inspired by this article I tried to compile the most recent stable version of squid under Debian Jessie. With some small changes it works as expected.

If you haven’t already, install the “build-essential” package. Additionally, if you want to compile squid with SSL-support, you also need “openssl” and “libssl-dev”:
apt-get install -y openssl build-essential libssl-dev

Then download and unpack the most recent source archive of squid 3.5. At the time of this writing it’s 3.5.3:
wget -O - http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.3.tar.gz | tar zxfv -

Luckily we can still use the compile dependencies from the 3.4.x branch:
apt-get build-dep squid3

Ok, no we are ready to run configure. Here’s my configuration. You may take it as a jumping-off point:
cd squid-3.5.3
./configure --build=x86_64-linux-gnu \
--prefix=/usr \
--includedir=${prefix}/include \
--mandir=${prefix}/share/man \
--infodir=${prefix}/share/info \
--sysconfdir=/etc \
--localstatedir=/var \
--libexecdir=${prefix}/lib/squid3 \
--srcdir=. \
--disable-maintainer-mode \
--disable-dependency-tracking \
--disable-silent-rules \
--datadir=/usr/share/squid3 \
--sysconfdir=/etc/squid3 \
--mandir=/usr/share/man \
--enable-inline \
--disable-arch-native \
--enable-async-io=8 \
--enable-storeio=ufs,aufs,diskd,rock \
--enable-removal-policies=lru,heap \
--enable-delay-pools \
--enable-cache-digests \
--enable-icap-client \
--enable-follow-x-forwarded-for \
--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB \
--enable-auth-digest=file,LDAP \
--enable-auth-negotiate=kerberos,wrapper \
--enable-auth-ntlm=fake,smb_lm \
--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group \
--enable-url-rewrite-helpers=fake \
--enable-eui \
--enable-esi \
--enable-icmp \
--enable-zph-qos \
--enable-ecap \
--disable-translation \
--with-swapdir=/var/spool/squid3 \
--with-logdir=/var/log/squid3 \
--with-pidfile=/var/run/squid3.pid \
--with-filedescriptors=65536 \
--with-large-files \
--with-default-user=proxy \
--enable-ssl \
--with-open-ssl=/etc/ssl/openssl.cnf \
--enable-linux-netfilter \
'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' \
'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' \
'CPPFLAGS=-D_FORTIFY_SOURCE=2' \
'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'

If configure complains about a too old libecap, you can download (and compile & install) a recent one here: http://www.e-cap.org/Downloads

If everything’s look fine, just fire up the well-known
make & make install
That’s it!

6 comments

  1. hello,
    nice write up 🙂
    i followed it to the T but sadly got an error complaining about squid not being compiled with ssl!
    turns out, as of squid 3.5, we need “–with-openssl” instead of “–enable-ssl”
    the configure option u have “–with-open-ssl=/etc/ssl/openssl.cnf” is deprecated i guess

  2. Why not use normal debian build process, like

    apt-get build-dep squid3
    apt-get sources squid3
    cd squid*
    ./configure –with-gnutls –without-openssl

    ?

    1. I needed the most recent version of squid that days because of some new features. At the date of writing, the latest source in Debian’s repo was for version 3.4.x.
      AFAIK for Debian Jessie it’S still version 3.4.8 today you can get through “apt-get source”.

  3. this is great!!! but is necesary configure all modules in “./configure” options, what modules are enables by default?
    thanks for your answer.

Leave a comment

Your email address will not be published. Required fields are marked *