Difference between revisions of "SquidConfiguration"

From Amahi Wiki
Jump to: navigation, search
m (add link to transparent proxy info)
 
(8 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
{{MessageBox|
 +
backgroundcolor = #f8d6d6|
 +
image =Warning.png|
 +
heading =WARNING|
 +
message = This is recommended only for advanced users, proceed with caution.}}
 +
== Installation ==
 +
ssh into your hda
 +
 +
become root:
 +
<pre>
 +
su
 +
</pre>
 +
 +
install squid:
 +
<pre>
 +
yum -y install squid
 +
</pre>
 +
 
== Configuration ==
 
== Configuration ==
Getting basic Squid running wasn't too hard at all, but there are some issues that make it not ready to use.  Hopefully we can work through those issues here.  But if you want to test it out at least, following these instructions.
+
Getting basic Squid running wasn't too hard at all.
  
 
As root user edit:
 
As root user edit:
Line 11: Line 29:
 
visible_hostname hda.local
 
visible_hostname hda.local
 
http_port 3128
 
http_port 3128
 +
dns_defnames on
 
cache_dir ufs /var/spool/squid 1000 16 256
 
cache_dir ufs /var/spool/squid 1000 16 256
 
cache_access_log /var/log/squid/access.log
 
cache_access_log /var/log/squid/access.log
Line 18: Line 37:
 
</pre>
 
</pre>
  
Referred to [http://www.redhatmagazine.com/2007/04/11/squid-in-5-minutes/ this article] for the approach.  But note that there is a correction to the ''acl intranet src 192.168.0.0/24'' line, included above.  He was missing ''src'' in that line.
+
Built on top of [http://www.redhatmagazine.com/2007/04/11/squid-in-5-minutes/ this approach].
  
 
== Start Up ==
 
== Start Up ==
Line 27: Line 46:
  
 
== Set Up Clients ==
 
== Set Up Clients ==
In web browser, goto its settings or preferences and enter a '''Proxy Server''' using host/server URL as: hda.  No username or password required.
+
In web browser, goto its settings or preferences and enter a '''Proxy Server''' using host/server URL as: hda.  No username or password required. It may require setting the port number to 3128 (default Squid port), and setting the checkmark for all protocols to use the proxy.
  
 
Now when you view a web page, it stores a cached copy on the server.  Then when you look at it again, it uses the cache instead of downloading it all again.   
 
Now when you view a web page, it stores a cached copy on the server.  Then when you look at it again, it uses the cache instead of downloading it all again.   
Line 38: Line 57:
  
 
== Issues ==
 
== Issues ==
Browsing to our custom HDA domains doesn't work, e.g. http://wiki or http://calendar.
+
*<s>Browsing to our custom HDA domains doesn't work, e.g. http://wiki or http://calendar.</s>
There are various approaches to fixing this, but I don't know how to do them so far.
+
** '''SOLVED:''' adding ''dns_defnames on'' to configuration did the trick
  
Making it transparent, so clients don't need any web browser proxy server settings, is also very possible.  You use iptables (also already installed and running) to forward port 80 traffic to the squid server port 3128.  I tried but didn't get it working.  I was sure how to remove the iptables entries, so I just turned that service off and all was back to normal.
+
* Making it transparent, so clients don't need any web browser proxy server settings, is also very possible.  You use iptables (also already installed and running) to forward port 80 traffic to the squid server port 3128.  I tried but didn't get it working.  I was sure how to remove the iptables entries, so I just turned that service off and all was back to normal.
* Referring to [http://tldp.org/HOWTO/TransparentProxy-5.html TransparentProxy howot]
+
** Referring to [http://tldp.org/HOWTO/TransparentProxy-5.html TransparentProxy howto]
 +
** And more details from [http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-182f30adede2d8daf8569aef5027629ed799b0d4 the Squid FAQ] and [http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-935dbe4ef8ea8e21c1e04cc7753a09095c0d8285 here]
 +
** others say you can use DHCP or DNS to forward to the proxy too
 +
** more ipchains rules are listed [http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid here], haven't test it yet

Latest revision as of 23:43, 12 July 2012

Warning.png WARNING
This is recommended only for advanced users, proceed with caution.


Installation

ssh into your hda

become root:

su

install squid:

yum -y install squid

Configuration

Getting basic Squid running wasn't too hard at all.

As root user edit:

/etc/squid/squid.conf

Add to the top:

visible_hostname hda.local
http_port 3128
dns_defnames on
cache_dir ufs /var/spool/squid 1000 16 256
cache_access_log /var/log/squid/access.log

acl intranet src 192.168.0.0/24
http_access allow intranet

Built on top of this approach.

Start Up

Start Squid:

service squid start

Set Up Clients

In web browser, goto its settings or preferences and enter a Proxy Server using host/server URL as: hda. No username or password required. It may require setting the port number to 3128 (default Squid port), and setting the checkmark for all protocols to use the proxy.

Now when you view a web page, it stores a cached copy on the server. Then when you look at it again, it uses the cache instead of downloading it all again.

Monitor

To see if it is working watch the log file expand while browsing to new pages: tail -f /var/log/squid/access.log

Issues

  • Browsing to our custom HDA domains doesn't work, e.g. http://wiki or http://calendar.
    • SOLVED: adding dns_defnames on to configuration did the trick
  • Making it transparent, so clients don't need any web browser proxy server settings, is also very possible. You use iptables (also already installed and running) to forward port 80 traffic to the squid server port 3128. I tried but didn't get it working. I was sure how to remove the iptables entries, so I just turned that service off and all was back to normal.