Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
rpm -q squid
If Squid is already installed, you will get a response similar to:
squid-2.5.STABLE6-3.4E.12
If Squid isn’t installed, then you can use Yum to install it. Thanks to Yum the installation is quite easy.
Just type at a command line:
yum install squid
If you happen to have downloaded the rpm you can also type something like:
rpm -ivh squid-2.5.STABLE6-3.4E.12.i386.rpm
Configure:-
Squid’s main configuration file lives in /etc/squid/squid.conf. The 3,339 line configuration file is intimidating, but the good news is that it is very simple to setup a proxy server that forward http, https, and ftp requests to Squid on the default port of 3128 and caches the data.
Back up the configuration file:-
It is always good policy to backup a configuration file before you edit it. If you haven’t been burned yet, you haven’t edited enough configuration files. Make a backup from the command line or the gui and rename the original file something meaningful. I personally like to append a bck.datestamp. For example:
cp /etc/squid/squid.conf /etc/squid/squid.conf.bck.02052007
If it is the original configuration file you might choose to do:
cp /etc/squid/squid.conf /etc/squid/squid.conf.org.02052007
Edit the file:-
Open /etc/squid/squid.conf with your favorite text editor. I use vim, but nano is a good beginner’s command line text editor. If you do use nano, make sure you use the nano –nowrap option to turn off line wrapping when editing things like configuration files. A gui editor like Gedit will also work.
Configuration:-
The default squid configuration is almost complete, but a few small changes should be made. You will need to either find and uncomment entries, or modify existing uncommented lines in the squid configuration file. Use your favorite text editor or a text find to quickly locate these lines:
visible_hostname machine-name
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
cache_access_log /var/log/squid/access.log
In the acl section near the bottom add:
acl mynetwork 192.168.0.0/24
http_access allow mynetwork
Let me explain what each of these six lines means:
visible_hostname – Create this entry and set this to the hostname of the machine. To find the hostname, use the command hostname. Not entering a value may cause squid to fail as it may not be able to automatically determine the fully qualified hostname of your machine.
http_port 3128 – Uncomment this line but there is no need to edit it unless you want to change the default port for http connections.
cache_dir ufs /var/spool/squid 1000 15 256 – Uncomment this line. You may want to append a zero to the value 100 which will make the cache size 1000MB instead of 100MB. The last two values stand for the default folder depth the cache will create on the top and subdirectories respectively. They do not need modification.
cache_access_log – Uncomment this line. This is where all requests to the proxy server will get logged.
acl intranet 192.168.0.0/24 – This entry needs to be added. It should correspond to whatever your local network range is. For example, if your Fedora server is 192.168.2.5 then the entry should be acl intranet 192.168.2.0/24
http_access allow intranet – This allows the acl named intranet to use the proxy server. Make sure to put allow directives above the last ‘http_access deny all’ entry, as it will overide any allow directives below it.
Turning on squid
Enable the proper run levels:
chkconfig squid on
Start the service:
service squid start
Verify that squid isrunning:
service squid status
Note, if you have problems starting squid, open a separate shell and run:
tail -f /var/log/messages
Then start the squid service in your original window:
service squid start
The tail command should show an error for squid that can help you solve the problem. One common error is that the swap (cache) directory doesn’t exist. To solve this problem, run squid with the -z option to automatically create the directories:
/usr/sbin/squid -z
Make sure that squid has write permission to the swap directory or this command won’t work.
Configuring the clients
If you are using Firefox or Mozilla you will need to add the proxy server as follows:
Go to Preferences>Network>Settings
Add the name of your new proxy server and port 3128 to the http proxy field (under manual configuration).
Open a shell to your proxy server so you can observe the log file being written to. Use tail, as before:
tail -f /var/log/squid/access.log
Now surf the web through your proxy server. You should see entries flying by in real time as you surf different http addresses. Congratulations, you now have a caching proxy server setup!
0 comments:
Post a Comment