Linux basic configurations - proxy server http://basicconfig.com/taxonomy/term/21 en Install and configure Squid in Slackware http://basicconfig.com/linuxnetwork/install-squid-in-slackware64-13.37 <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>This is a guide on how to create Slackware Squid package using scripts from Slackbuilds.org, install it in Slackware 13.37 (also Slackware64 14.1) and configure the squid.conf configuration file. It is just a basic configuration to get Squid cache proxy server works. Advanced setting is not included. You should read and at least understand some basic of Squid before try this step by step guide. Here is <a href="http://www.squid-cache.org" target="_blank">Squid-cache website</a>. Before we begin, please make sure you have these basic requirements:</p> <ol><li>Two network interface cards.</li> <li>Setup dhcp server.</li> </ol><p>The ip address must be set and working. For example, the first network card, eth0 is set and connected to the router. The second network card, eth1 is set and connected to the local network's switch. Here is a tutorial on how to configure network card in Slackware <a href="http://www.basicconfig.com/basicnetwork" target="_blank">Linux basic network configuration</a>. After that, setup dhcp server and make Slackware a gateway. Here is a guide on how to setup a dhcp server in Slackware, <a href="http://www.basicconfig.com/linuxnetwork/install_configure_dhcp_server_slackware_linux" target="_blank">Install and configure dhcp server in Slackware Linux</a>. When all clear, you can begin Squid cache proxy server configuration.</p> <p>This tutorial consists of several steps. Basically, here's what we are going to do:</p> <ul><li>Create Squid package for Slackware</li> <li>Install Squid package in Slackware</li> <li>Configure Squid cache proxy server in Slackware</li> <li>Configure Squid to block some domains and files</li> <li>Start Squid daemon in Slackware</li> </ul><h2>Create Squid package for Slackware</h2> <p>1) Download necessary files from SlackBuilds.org. All information needed are in the Slackbuilds website. Enter 'squid' in the search form and select your Slackware version.</p> <p>2) When you have all the necessary files, change directory to your working area and extract Squid slackbuilds script file. See example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">cd slackware/source/myslackware/</span><br /> root@slackware:~/slackware/source/myslackware# <span style="color:red;">tar zxvf /home/jinlusuh/squid/squid.tar.gz</span><br /> squid/<br /> squid/squid.logrotate<br /> squid/README<br /> squid/doinst.sh<br /> squid/squid.conf<br /> squid/squid.info<br /> squid/slack-desc<br /> squid/README.SBo<br /> squid/squid.SlackBuild<br /> squid/squid.conf.documented<br /> squid/rc.squid<br /> root@slackware:~/slackware/source/myslackware#<br /></code></td> </tr></table><p>3) Change directory to the "squid" directory from the slackbuild's script file that we've just extracted. Copy squid source, 'squid-3.1.xx.tar.bz2' into the directory. See step by step command below:</p> <p><strong>Note:</strong><em>Slackware 13.37 uses squid-3.1.12.tar.bz2 source, Slackware 14.1 uses squid-3.1.23.tar.bz2 source. The instruction steps and commands are the same.</em></p> <table><tr><td><code>root@slackware:~/slackware/source/myslackware# <span style="color:red;">cd squid/</span><br /> root@slackware:~/slackware/source/myslackware/squid# <span style="color:red;">cp /home/jinlusuh/squid/squid-3.1.xx.tar.bz2 .</span><br /> root@slackware:~/slackware/source/myslackware/squid#<br /></code></td> </tr></table><p>4) Run squid.SlackBuild script to begin create Slackware Squid package:</p> <table><tr><td><code>root@slackware:~/slackware/source/myslackware/squid# <span style="color:red;">./squid.SlackBuild </span><br /></code></td> </tr></table><p>5) When the process is over, you can find the Slackware Squid package result in the /tmp directory (default slackbuild configuration). Now change directory to the /tmp and copy the Squid package for backup. See step by step example below:</p> <table><tr><td><code>root@slackware:~/slackware/source/myslackware/squid# <span style="color:red;">cd /tmp/</span><br /> root@slackware:/tmp# <span style="color:red;">cp squid-3.1.xx-x86_64-1_SBo.tgz ~/slackware/packages/</span><br /></code></td> </tr></table><h2>Install Squid package in Slackware</h2> <p>Now that the Squid package is ready, let's install it using Slackware 'installpkg' tool. Below is the example on how to install Squid package in Slackware:</p> <table><tr><td><code>root@slackware:/tmp# <span style="color:red;">installpkg squid-3.1.xx-x86_64-1_SBo.tgz </span><br /> Verifying package squid-3.1.xx-x86_64-1_SBo.tgz.<br /> Installing package squid-3.1.xx-x86_64-1_SBo.tgz:<br /> PACKAGE DESCRIPTION:<br /> # Squid (a popular free and open source Web proxy server and web cache)<br /> #<br /> # Squid is a high-performance proxy caching server for web clients,<br /> # supporting FTP, gopher, and HTTP data objects.<br /> #<br /> # Homepage: http://www.squid-cache.org/<br /> #<br /> Executing install script for squid-3.1.xx-x86_64-1_SBo.tgz.<br /> Package squid-3.1.xx-x86_64-1_SBo.tgz installed.<br /><br /> root@slackware:/tmp#<br /></code></td> </tr></table><h2>Configure Squid cache proxy server in Slackware</h2> <p>We are ready to configure Squid in Slackware as a cache proxy server. Change the directory /etc/squid. This is the home of Squid configuration files.</p> <table><tr><td><code>root@slackware:/tmp# <span style="color:red;">cd /etc/squid/</span><br /> root@slackware:/etc/squid# <span style="color:red;">ls</span><br /> cachemgr.conf errorpage.css.default squid.conf<br /> cachemgr.conf.default mime.conf squid.conf.default<br /> errorpage.css mime.conf.default squid.conf.documented<br /> root@slackware:/etc/squid#<br /></code></td> </tr></table><p>You can start configure squid by editing the squid configuration file which is the /etc/squid/squid.conf file.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">vim /etc/squid/squid.conf</span><br /></code></td> </tr></table><p>Scroll down to the 'Recommended minimum configuration' or you can type '/Recommended minimum configuration' and press Enter. See example below:</p> <table><tr><td><code># Recommended minimum configuration:<br /> #<br /> acl manager proto cache_object<br /> acl localhost src 127.0.0.1/32 ::1<br /> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1<br /><br /> # Example rule allowing access from your local networks.<br /> # Adapt to list your (internal) IP networks from where browsing<br /> # should be allowed<br /> #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network<br /> #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network<br /> #acl localnet src 192.168.0.0/16 # RFC1918 possible internal network<br /> #acl localnet src fc00::/7 # RFC 4193 local private network range<br /> #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines<br /><span style="color:red;">acl localnet src 192.168.1.0/255.255.255.0 # Makmal Bahasa internal network</span><br /><br /> acl SSL_ports port 443<br /> acl Safe_ports port 80 # http<br /> acl Safe_ports port 21 # ftp<br /> acl Safe_ports port 443 # https<br /> acl Safe_ports port 70 # gopher<br /> acl Safe_ports port 210 # wais<br /> acl Safe_ports port 1025-65535 # unregistered ports<br /> acl Safe_ports port 280 # http-mgmt<br /> acl Safe_ports port 488 # gss-http<br /> acl Safe_ports port 591 # filemaker<br /> acl Safe_ports port 777 # multiling http<br /> acl CONNECT method CONNECT<br /></code></td> </tr></table><p>The red color font is a local network that we add to the proxy server. Next, we are going to set the http port for the proxy. So scroll down again until you found http_port as in the example below:</p> <table><tr><td><code># Squid normally listens to port 3128<br /> #http_port 3128<br /> #http_port 192.168.1.1:8080<br /><span style="color:red;">http_port 8080</span><br /></code></td> </tr></table><p>You can use the default port if you want. When you are done, we can set the cache directory size now. Scroll down and find 'cache_dir' as in the example below. The format is "cache_dir ufs Directory-Name Mbytes L1 L2 [options]" where L1 is level one subdirectory size and L2 is level 2 subdirectory size.</p> <table><tr><td><code>#Default:<br /><span style="color:red;">cache_dir ufs /var/cache/squid/ 5000 16 256</span><br /></code></td> </tr></table><p>That's the basic setting to get cache proxy server to works. The rest is up to you.</p> <h2>Configure Squid to block some domains and files</h2> <p>We can use Squid to restricts access to some domains using access list (acl). What we need to do is to configure acl in /etc/squid/dquid.conf file and create a file containing blocked domain names. Here are the steps:</p> <p>1. Add these red lines in /etc/squid/squid.conf file:</p> <table><tr><td><code># Recommended minimum configuration:<br /> #<br /> acl manager proto cache_object<br /> acl localhost src 127.0.0.1/32 ::1<br /> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1<br /><br /><span style="color:red;">acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"</span><br /> # Deny all blocked domains<br /><span style="color:red;">http_access deny blockeddomain</span><br /></code></td> </tr></table><p>Create a file name blocked.domains.acl in /etc/squid directory. Add those domains that you want to restrict access to. Here is the example:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">vim /etc/squid/blocked.domains.acl</span></code></td> </tr></table><p>Add domain names in line:</p> <table><tr><td><code>.facebook.com<br /> .youtube.com<br /> .onlinegames.com<br /></code></td> </tr></table><p>We put '.' at the beginning of the domain to block subdomain and if the domain start with www address. Save and quit the file.</p> <p>We can also restrict certain file that we don't want user to download by blocking the file extension. To do that, add these lines in red in the /etc/squid/squid.conf file:</p> <table><tr><td><code># Recommended minimum configuration:<br /> #<br /> acl manager proto cache_object<br /> acl localhost src 127.0.0.1/32 ::1<br /> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1<br /><br /> acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"<br /> # Deny all blocked domains<br /> http_access deny blockeddomain<br /><br /><span style="color:red;">acl blockfiles urlpath_regex -i "/etc/squid/blocked.files.acl"</span><br /> # Deny all blocked extensions<br /><span style="color:red;">deny_info ERR_BLOCKED_FILES blockfiles<br /> http_access deny blockfiles</span><br /></code></td> </tr></table><p>Create a file name blocked.files.acl in /etc/squid directory. Add file extension that you don't want user to download. Here is the example:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">vim /etc/squid/blocked.files.acl</span></code></td> </tr></table><p>Add file extension in line:</p> <table><tr><td><code># \.[Ee][Xx][Ee]$<br /> \.[Aa][Vv][Ii]$<br /> \.[Mm][Pp][Gg]$<br /> \.[Mm][Pp][Ee][Gg]$<br /> \.[Mm][Pp]3$<br /></code></td> </tr></table><p>Save and quit the file and we are done. It's time to run Squid in our network.</p> <h2>Start Squid daemon in Slackware</h2> <p>What you need to do now is to start Squid daemon. Run squid twice. One with the command '/usr/sbin/squid -z' and after that '/usr/sbin/squid'. Please check and make the rc.squid file executable and then restart the service. Below is the steps example:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">chmod 755 /etc/rc.d/rc.squid </span><br /> root@slackware:~# <span style="color:red;">/usr/sbin/squid -z </span><br /> 2013/12/31 10:45:00| Creating Swap Directories<br /> 2013/12/31 10:45:00| /var/cache/squid/ exists<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//00<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//01<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//02<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//03<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//04<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//05<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//06<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//07<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//08<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//09<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0A<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0B<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0C<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0D<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0E<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0F<br /> root@slackware:~# <span style="color:red;">/usr/sbin/squid </span><br /> 2013/12/31 10:43:20| aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in '192.168.2.0/16'<br /></code></td> </tr></table><p>Oh there are warnings. Open Squid configuration file again and edit the rules. See example below:</p> <table><tr><td><code># Example rule allowing access from your local networks.<br /> # Adapt to list your (internal) IP networks from where browsing<br /> # should be allowed<br /> #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network<br /> #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network<br /> #acl localnet src 192.168.0.0/16 # RFC1918 possible internal network<br /> #acl localnet src fc00::/7 # RFC 4193 local private network range<br /> #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines<br /><span style="color:red;">acl localnet src 192.168.1.0/24 # Makmal Bahasa internal network</span><br /></code></td> </tr></table><p>That's it for now. Don't forget to restart daemon after you modify the configuration file. There are three daemons related in this task which are squid daemon, inet1 (network card) and dhcpd. We are going to set on the client side now. See step by step guide below on how to do it.</p> <p>Start squid at boot by adding script below in /etc/rc.d/rc.local file:</p> <table><tr><td><code>root@slackware:/etc/rc.d# vim rc.local<br /> #!/bin/sh<br /> #<br /> # /etc/rc.d/rc.local: Local system initialization script.<br /> #<br /> # Put any local startup commands in here. Also, if you have<br /> # anything that needs to be run at shutdown time you can<br /> # make an /etc/rc.d/rc.local_shutdown script and put those<br /> # commands in there.<br /><span style="color:red;">if [ -x /etc/rc.d/rc.squid ]; then<br /> /etc/rc.d/rc.squid start<br /> fi</span><br /> root@slackware:/etc/rc.d#<br /></code></td> </tr></table><h2>Setup client to use squid cache proxy server</h2> <p>First we start with Mozilla Firefox browser. Click <b>Tools</b> menu and choose <b>Options...</b>.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid1.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid1.jpg" alt="Squid cache proxy client Firefox setup image" class="imgp_img" /></a></p> <p>In 'Options' window, choose <b>Advanced</b> tab. There are General, Network, Update and Encryption tabs. Choose <b>Network</b> and in the 'Connection section', click <b>Settings...</b> to configure how Firefox connects to the Internet.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid2.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid2.jpg" alt="Squid cache proxy client Firefox setup image2" class="imgp_img" /></a></p> <p>In 'Connection Settings' window, click <b>Manual proxy configuration</b> and key in 'HTTP Proxy' and 'Port'. Don't forget to tick <b>Use this proxy server for all protocols</b>.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid3.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid3.jpg" alt="Squid cache proxy client Firefox setup image3" class="imgp_img" /></a></p> <p>Click <b>OK</b> and you are done. If you forgot to tick 'Use this proxy server for all protocols' as mention above, you'll have trouble to connect to any https sites such as yahoo mail, gmail, etc.</p> <p>For Internet Explorer browser, follow the steps below to configure Squid cache proxy client:</p> <p>Open 'Menu bar'.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid4.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid4.jpg" alt="Squid cache proxy client IE setup image" class="imgp_img" /></a></p> <p>Click 'Tools' and and choose 'Internet Options'.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid5.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid5.jpg" alt="Squid cache proxy client IE setup image2" class="imgp_img" /></a></p> <p><in options="" window="" choose="" to="" setup="" an="" internet="" connection="" click="">Setup./p&gt;</in></p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid6.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid6.jpg" alt="Squid cache proxy client IE setup image3" class="imgp_img" /></a></p> <p>Finally, when 'Local Area Network Settings' window pops up, enter Squid proxy server IP address and port in 'Proxy server' section. Click 'OK' and you are done.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid7.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid7.jpg" alt="Squid cache proxy client IE setup image4" class="imgp_img" /></a></p> <p>That's all. The basic configuration and setup is done. You just need to study more about Squid and tweaks your squid's configuration to get the best out of it. Good luck and all the best!</p> </div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/21" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">proxy server</a></div><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/13" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux security</a></div></div></div> Wed, 22 Jun 2011 06:52:12 +0000 jinlusuh 128 at http://basicconfig.com http://basicconfig.com/linuxnetwork/install-squid-in-slackware64-13.37#comments Setup Ubuntu squid proxy server - Introduction, installation and basic configuration guide for beginner http://basicconfig.com/linuxnetwork/setup_ubuntu_squid_proxy_server_beginner_guide <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><table><tr><td><code>A girl and a boy bump into each other -- surely a coincidence. A girl and<br /> a boy bump and her handkerchief drops -- surely another coincidence. But<br /> when a girl gives a boy a dead squid, *that had to mean SOMETHING!*<br /></code></td> </tr></table><p>Squid is an open source caching proxy server. As a cache proxy server, squid accepts request data from client and passes it to appropriate Internet server. It keeps a copy of the returned data, especially hot objects cached in RAM. Squid also caches DNS lookups and supports non-blocking DNS lookups. Even when a client terminates a request, squid continues to fetch and complete the requested data. When it receives the same request again from other client, it just passes the stored data in its cache. This is the basic concept of how squid works, speeding up the Internet access and saving bandwidth.</p> <p>Other than http protocol, squid supports FTP, gopher, and HTTP data objects. Squid also supports other caching protocols too, such as:</p> <ul><li>Internet cache protocol (ICP) </li> <li>Cache digests </li> <li>Simple network management protocol (SNMP) </li> <li>Hyper text caching protocol (HTCP) </li> </ul><p>A cache proxy server can greatly improve Internet performance and squid cache proxy server is very fast and well known for high performance caching proxy server in Linux world. A normal firewall proxy does not store copy of returned data like squid does. Squid cache proxy server works great with firewall on the upper level and squid in the lower level protecting local network from each other.</p> <h2>Setup squid cache proxy server in Ubuntu</h2> <p>Before setting up a squid cache proxy server, you should consider several things that will influence the performance of the caching server later. The most important things are server hardware.</p> <h3>Basic hardware requirements</h3> <p>As we already know, squid stores meta data especially hot objects cached in RAM. So having a big RAM will improve squid performance and overall server performances. However, cpu power doesn't really effect squid performance.</p> <p>While keeping all caches in the hard disk, having a fast random-seek-time hard disk would boost squid performances. A high rpm hard disk is good but the price is higher. You would better consider adding extra hard disk with fast random-seek-time because having many hard disk also improve squid performances.</p> <h2>Install squid proxy in Ubuntu</h2> <p>You can check whether squid is already installed by checking squid service with ps command. To simply grab a running squid service with ps command, add | (pipe) and grep option like the example below:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">ps aux | grep squid</span><br /> luzar 5667 0.0 0.1 3236 796 pts/0 S+ 16:45 0:00 grep squid<br /> luzar@ubuntu:~$<br /></code></td> </tr></table><p>So there is no squid process running in our system. Then we can install squid package using apt-get package management system. Example of squid package installation in Ubuntu using apt-get:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">sudo apt-get install squid</span><br /> Reading package lists... Done<br /> Building dependency tree<br /> Reading state information... Done<br /> The following extra packages will be installed:<br /> openssl-blacklist squid-common ssl-cert<br /> Suggested packages:<br /> squidclient squid-cgi logcheck-database resolvconf smbclient winbind<br /> The following NEW packages will be installed:<br /> openssl-blacklist squid squid-common ssl-cert<br /> 0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.<br /> Need to get 7542kB of archives.<br /> After this operation, 19.5MB of additional disk space will be used.<br /> Do you want to continue [Y/n]? Y<br /> Get:1 http://us.archive.ubuntu.com intrepid/main openssl-blacklist 0.4.2 [6337kB]<br /> 4% [1 openssl-blacklist 360983/6337kB 5%] 4770B/s 25min5s<br /></code></td> </tr></table><p>As you can see, squid file is quite big. So the downloading and installation is going to take some times. After the installation is finished, you can begin configuring squid as a caching proxy server.</p> <h2>Configure squid caching proxy server in Ubuntu</h2> <p>Squid configuration file is in /etc/squid directory. So change directory to /etc/squid and see what we have there.</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">cd /etc/squid/</span><br /> luzar@ubuntu:/etc/squid$ ls<br /> squid.conf<br /> luzar@ubuntu:/etc/squid$<br /></code></td> </tr></table><p>We just have one file, squid.conf, which is the main configuration file for squid. For a safety reason, we will make a copy of squid.conf as a backup before we start editing the file. Here is a command to copy squid.conf:</p> <table><tr><td><code>luzar@ubuntu:/etc/squid$ <span style="color:red;">sudo cp squid.conf squid.conf.bac</span><br /> luzar@ubuntu:/etc/squid$ ls -l<br /> total 344<br /> -rw------- 1 root root 168394 2008-12-24 16:20 squid.conf<br /> -rw------- 1 root root 168394 2008-12-24 17:07 squid.conf.bac<br /> luzar@ubuntu:/etc/squid$<br /></code></td> </tr></table><p>Here is a step by step guide on how to configure a basic squid caching proxy server. Open squid.conf with your favorite text editor. Here is an example using vim editor :</p> <table><tr><td><code>luzar@ubuntu:/etc/squid$ <span style="color:red;">sudo vim squid.conf</span><br /> [sudo] password for luzar:<br /></code></td> </tr></table><p>This is an example of squid.conf file when you open it with vim editor:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/squid.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/squid.png" alt="squid.conf screenshot" /></a></p> <p>Go to the line <b>http_port</b>. We are going to set http port for the squid caching proxy server. You can set port as in example below:</p> <p><b>Tips:</b><i> If you are using vim, in command mode, type <b>/term</b> to search for the <i>term</i> you are looking for. Pres <b>n</b> to find the next occurrence of the search term. Squid.conf is quite a big file for you to scroll.</i></p> <table><tr><td><code># Squid normally listens to port 3128<br /><span style="color:red;">http_port 3128</span><br /></code></td> </tr></table><p>Next, we are going to set cache directory for our squid caching proxy server. The cache_dir is disabled by default. You can copy that line and add your preferred cache directory size for your caching proxy server. You can set more than one cache directory if you have many partitions and named the cache directory as cache1, cache2, cache3, so forth.</p> <table><tr><td><code>#Default:<br /> # cache_dir ufs /var/spool/squid 100 16 256<br /><span style="color:red;">cache_dir ufs /var/spool/squid/cache1 1000 16 256</span><br /></code></td> </tr></table><p>The value 100 after cache directory is the size value in MB. Set it according to your need. Remember that the cache directory must be empty. In the example above, I set it to 1000MB. The second and third values (16 256) are sub directory first and second tier.</p> <p>We can set administrator email address in cache_mgr so email can automatically sent to us if squid dies.</p> <table><tr><td><code>#Default:<br /> # cache_mgr webmaster<br /><span style="color:red;">cache_mgr webmaster</span><br /></code></td> </tr></table><p>Another important configuration we need to set is squid log. Squid log can be set in <b>access_log</b> parameter. This is the default path and file used:</p> <table><tr><td><code># And priority could be any of:<br /> # err, warning, notice, info, debug.<br /><span style="color:red;">access_log /var/log/squid/access.log squid</span><br /></code></td> </tr></table><p>Squid automatically create a default user <b>proxy</b> and a group <b>proxy</b> during the installation. Enable those names in the <b>cache_effective_user</b> and <b>cache_effective_group</b> in squid.conf file.</p> <table><tr><td><code>#Default:<br /> # cache_effective_user proxy<br /><span style="color:red;">cache_effective_user proxy</span><br /></code></td> </tr></table><table><tr><td><code>#Default:<br /> # none<br /><span style="color:red;">cache_effective_group proxy</span><br /></code></td> </tr></table><p>Enable ftp anonymous user if you need that.</p> <table><tr><td><code>#Default:<br /> # ftp_user Squid@<br /><span style="color:red;">ftp_user Squid@</span><br /></code></td> </tr></table><p>Now we need to set simple access control (acl) to allow ip address in our local network. Search for the <b>acl localnet</b> line and add your local area network ip addresses.</p> <table><tr><td><code># Example rule allowing access from your local networks.<br /> # Adapt to list your (internal) IP networks from where browsing<br /> # should be allowed<br /> # acl localnet src 10.0.0.0/8 # RFC1918 possible internal network<br /> # acl localnet src 172.16.0.0/12 # RFC1918 possible internal network<br /> # acl localnet src 192.168.0.0/16 # RFC1918 possible internal network<br /><span style="color:red;">acl local_itnet src 192.168.0.0/255.255.255.0 # IT network</span><br /><span style="color:red;">acl local_admnet src 192.168.1.0/255.255.255.0 # Admin network</span><br /></code></td> </tr></table><p>Enable http_access from local network:</p> <table><tr><td><code>#Allow HTTP queries from local networks only<br /> http_access allow acl local_itnet<br /> http_access allow acl local_admnet<br /> http_access deny all<br /></code></td> </tr></table><p><b>Tips:</b> <i>Only allow ip address in your network.</i></p> <table><tr><td><code># Example rule allowing access from your local networks.<br /> # Adapt localnet in the ACL section to list your (internal) IP networks<br /> # from where browsing should be allowed<br /><span style="color:red;">acl local_itnet src 192.168.0.0/255.255.255.0 # It network</span>http_access allow localnet<br /><span style="color:red;">acl local_admnet src 192.168.1.0/255.255.255.0 # Admin network</span>http_access allow localnet<br /></code></td> </tr></table><p>Allow icp from local network:</p> <table><tr><td><code>#Allow ICP queries from local networks only<br /> icp_access allow acl local_itnet<br /> icp_access allow acl local_admnet<br /> icp_access deny all<br /></code></td> </tr></table><p>That covers all the basic squid configurations. Now we can restart squid service:</p> <table><tr><td><code>luzar@ubuntu:/etc/squid$ sudo vim squid.conf<br /> luzar@ubuntu:/etc/squid$ sudo /etc/init.d/squid restart<br /> * Restarting Squid HTTP proxy squid [ OK ]<br /> luzar@ubuntu:/etc/squid$<br /></code></td> </tr></table></div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/21" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">proxy server</a></div></div></div> Wed, 24 Dec 2008 11:56:37 +0000 jinlusuh 127 at http://basicconfig.com http://basicconfig.com/linuxnetwork/setup_ubuntu_squid_proxy_server_beginner_guide#comments