Difference between revisions of "SquidConfiguration"
From Amahi Wiki
Spatialguru (talk | contribs) m (add link to transparent proxy info) |
Spatialguru (talk | contribs) m (add one fix) |
||
| Line 1: | Line 1: | ||
== Configuration == | == Configuration == | ||
| − | Getting basic Squid running wasn't too hard at all | + | Getting basic Squid running wasn't too hard at all. |
As root user edit: | As root user edit: | ||
| Line 11: | Line 11: | ||
visible_hostname hda.local | visible_hostname hda.local | ||
http_port 3128 | http_port 3128 | ||
| + | dns_defnames on | ||
cache_dir ufs /var/spool/squid 1000 16 256 | cache_dir ufs /var/spool/squid 1000 16 256 | ||
cache_access_log /var/log/squid/access.log | cache_access_log /var/log/squid/access.log | ||
| Line 18: | Line 19: | ||
</pre> | </pre> | ||
| − | + | Built on top of [http://www.redhatmagazine.com/2007/04/11/squid-in-5-minutes/ this approach]. | |
== Start Up == | == Start Up == | ||
| Line 38: | Line 39: | ||
== Issues == | == Issues == | ||
| − | Browsing to our custom HDA domains doesn't work, e.g. http://wiki or http://calendar. | + | *<s>Browsing to our custom HDA domains doesn't work, e.g. http://wiki or http://calendar.</s> |
| − | + | ** '''SOLVED:''' adding ''dns_defnames on'' to configuration did the trick | |
| − | Making it transparent, so clients don't need any web browser proxy server settings, is also very possible. You use iptables (also already installed and running) to forward port 80 traffic to the squid server port 3128. I tried but didn't get it working. I was sure how to remove the iptables entries, so I just turned that service off and all was back to normal. | + | * Making it transparent, so clients don't need any web browser proxy server settings, is also very possible. You use iptables (also already installed and running) to forward port 80 traffic to the squid server port 3128. I tried but didn't get it working. I was sure how to remove the iptables entries, so I just turned that service off and all was back to normal. |
| − | * Referring to [http://tldp.org/HOWTO/TransparentProxy-5.html TransparentProxy howto] | + | ** Referring to [http://tldp.org/HOWTO/TransparentProxy-5.html TransparentProxy howto] |
| − | * And more details from [http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-182f30adede2d8daf8569aef5027629ed799b0d4 the Squid FAQ] | + | ** And more details from [http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-182f30adede2d8daf8569aef5027629ed799b0d4 the Squid FAQ] |
| + | ** others say you can use DHCP or DNS to forward to the proxy too | ||
Revision as of 00:32, 25 September 2008
Configuration
Getting basic Squid running wasn't too hard at all.
As root user edit:
/etc/squid/squid.conf
Add to the top:
visible_hostname hda.local http_port 3128 dns_defnames on cache_dir ufs /var/spool/squid 1000 16 256 cache_access_log /var/log/squid/access.log acl intranet src 192.168.0.0/24 http_access allow intranet
Built on top of this approach.
Start Up
Start Squid:
service squid start
Set Up Clients
In web browser, goto its settings or preferences and enter a Proxy Server using host/server URL as: hda. No username or password required.
Now when you view a web page, it stores a cached copy on the server. Then when you look at it again, it uses the cache instead of downloading it all again.
Monitor
To see if it is working watch the log file expand while browsing to new pages:
tail -f /var/log/squid/access.log
Issues
Browsing to our custom HDA domains doesn't work, e.g. http://wiki or http://calendar.- SOLVED: adding dns_defnames on to configuration did the trick
- Making it transparent, so clients don't need any web browser proxy server settings, is also very possible. You use iptables (also already installed and running) to forward port 80 traffic to the squid server port 3128. I tried but didn't get it working. I was sure how to remove the iptables entries, so I just turned that service off and all was back to normal.
- Referring to TransparentProxy howto
- And more details from the Squid FAQ
- others say you can use DHCP or DNS to forward to the proxy too
