Embed Size (px)
Citation preview
tep by Step Install Squid Proxy Server on Fedora 11.
The step by step below show how to install squid proxy server on Fedora 11 system. The example on step by step install squid proxy server below use the Fedora 11 DVD (Fedora 11 installation DVD) as source of installation package. If your Fedora 11 system connected to internet, you may skip step no 3 and step no 4. Please note that these squid proxy server installation on Fedora 11 is done for educational purpose only and its done in step by step manner... so some of step just for informational purpose only and if you wish... you may skip these step..
Install Squid Fedora 11. 1. Open Fedora 11 x terminal, (Applications -> System Tools -> Terminal)
2. Execute the su command as show on example below to and enter root user password to become as root user. [fedora11@localhost ~]$ su -Password: <-- key in root user password here and hit Enter key[root@localhost ~]# 3. To install squid using Fedora 11 DVD, you must edit the Fedora11 yum configuration file so that yum will use the Fedora 11 DVD as software package installation source. Make sure that you mount the Fedora 11 DVD on Fedora 11 system before you proceed to next step. 4. If you do not have internet connection to your Fedora 11 system, you must disable all other Fedora 11 software package repository... if you got good internet connection just proceed with step 5 5. Check if squid proxy server already install on your Fedora 11 system.
[root@localhost ~]# yum list installed *squid*Loaded plugins: refresh-packagekitError: No matching Packages to list[root@localhost ~]# 6. List available squid proxy server package that comes with your Fedora 11 DVD, or if you connected to internet... the yum command below going to list available squid proxy server software package for your Fedora 11 system.
[root@localhost ~]# yum list *squid*Loaded plugins: refresh-packagekitAvailable Packagessquid.i386 7:3.0.STABLE13-1.fc11 fedora-dvd[root@localhost ~]# 7. You can use yum info squid command if you want to get more information about squid package for Fedora 11 that we are going to install on these step by step example. The command example below show the output from yum info squid command... you can proceed to the squid installation process on step 8 without executing the yum info squid command... the yum info squid just for informational purpose only...
[root@localhost ~]# yum info squidLoaded plugins: refresh-packagekitAvailable PackagesName : squidArch : i386
Epoch : 7Version : 3.0.STABLE13Release : 1.fc11Size : 1.6 MRepo : fedora-dvdSummary : The Squid proxy caching serverURL : http://www.squid-cache.orgLicense : GPLv2+Description: Squid is a high-performance proxy caching server for Web clients, : supporting FTP, gopher, and HTTP data objects. Unlike traditional : caching software, Squid handles all requests in a single, : non-blocking, I/O-driven process. Squid keeps meta data and especially : hot objects cached in RAM, caches DNS lookups, supports non-blocking : DNS lookups, and implements negative caching of failed requests. : : Squid consists of a main server program squid, a Domain Name System : lookup program (dnsserver), a program for retrieving FTP data : (ftpget), and some management and client tools. [root@localhost ~]# 8. Execute yum install command below to start install squid on Fedora 11 system... your squid proxy server version may vary than show on the output of the command example below, but not to worry because you may got the latest version of squid proxy server available for your Fedora 11 system.
[root@localhost ~]# yum install squid*Loaded plugins: refresh-packagekitfedora-dvd | 3.7 kB 00:00fedora-dvd/primary_db | 1.7 MB 00:00Setting up Install ProcessResolving Dependencies--> Running transaction check---> Package squid.i386 7:3.0.STABLE13-1.fc11 set to be updated--> Finished Dependency Resolution Dependencies Resolved ======================================================================== Package Arch Version Repository Size========================================================================Installing: squid i386 7:3.0.STABLE13-1.fc11 fedora-dvd 1.6 M Transaction Summary========================================================================Install 1 Package(s)Update 0 Package(s)Remove 0 Package(s) Total download size: 1.6 M
Is this ok [y/N]: y <-- type in 'y' to agree and hit Enter keyDownloading Packages:warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 signature: NOKEY, key ID d22e77f2fedora-dvd/gpgkey | 1.6 kB 00:00Importing GPG key 0xD22E77F2 "Fedora (11) <[email protected]>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-i386Is this ok [y/N]: y <-- type in 'y' to agree and hit Enter keyRunning rpm_check_debugRunning Transaction TestFinished Transaction TestTransaction Test SucceededRunning Transaction Installing : squid 1/1 Installed: squid.i386 7:3.0.STABLE13-1.fc11 Complete![root@localhost ~]# 9. Verify that squid proxy server successfully installed on your Fedora 11 by executing yum list squid command as show on example below...
[root@localhost ~]# yum list squidLoaded plugins: refresh-packagekitInstalled Packagessquid.i386 7:3.0.STABLE13-1.fc11 installed[root@localhost ~]# 10. Now you can start configure squid proxy server on Fedora 11 by edit and configuring squid.conf configuration file. Use cd command as show on example below to go to /etc/squid/ directory where the default squid configuration file (squid.conf) located and start configure squid :-).
[root@localhost ~]# cd /etc/squid/cachemgr.conf mime.conf.defaultcachemgr.conf.default msntauth.conferrors/ msntauth.conf.defaulticons/ squid.confmib.txt squid.conf.defaultmime.conf[root@localhost ~]# Keywords: install squid fedora 11, install squid fedora 11 dvd, install squid proxy fedora 11, install squid proxy server fedora 11, install proxy fedora 11, install proxy server fedora 11, squid fedora 11
Configure and Setup Squid Cache Proxy Server on Fedora Core.
Linux Network
Step by step Setup and Configure Squid Proxy Server on Fedora Core. The main purpose of proxy server is to sharing one internet connection and maintains a cache for web browsing performance. Squid cache proxy server is free proxy server that comes with bundle with the Fedora Core operating system, you can configure your Linux Fedora Core PC to be a Cache proxy server and share the connection to the internet only by a simple configuration setup. The article below show the step by step to setup and configure SQUID proxy serve on Fedora core with screenshot and SQUID configuration example. Network configuration scenario:
To configure squid proxy server for local network client to access the internet.
This server have two network card using internal IP address and external IP addressConfigure the Squid Cache Proxy to listen for proxy request from different network client on internal IP address.Configure Squid cache proxy server to listen request only from specific IP address 10.2.0.5 (internal IP card) on Port 8080.
The step to setup/configure Squid Cache Proxy on Linux Fedora Core: 1. Backup Squid configuration files.2. Open and start edit the Squid configuration file.3. Configure internal address and port where Squid will listen for HTTP client requests.4. Improve Proxy performances.5. Set Proxy to find DNS servers.6. Adding aux Port to ACL.7. Adding Internal network to ACL. 8. Start and using Squid Proxy for first time.9. Procedure to start, stop and automatic start Squid Proxy on Fedora core system.10. Configure Squid client browser to use Squid Proxy.
Backup Squid configuration files: The Squid configuration files usually located in /etc/squid/ directory. To configure the Squid you need to edit and change these configuration files, it's better to make backup of these file before you start the configuration process. The command below show the example of simple backup process. To backup the Squid configuration directory: [root@cempakasari ~]# cp -pr /etc/squid/ /etc/squid.bak[root@cempakasari ~]# Backup the squid.conf file: [root@cempakasari ~]# cp -pr /etc/squid/squid.conf /etc/squid/squid.conf.bak[root@cempakasari ~]# Best Practice: before edit or make any changes to any config file, it's recommended that you backup the file first.
Edit the squid.conf, the Squid Cache Proxy configuration file. 1. Open the squid config file (squid.conf) that is located on the /etc/squid directory with your own choice of text editor. [root@linux fedora]# vi /etc/squid/squid.conf or you can use the gedit program... [root@linux fedora]# gedit /etc/squid/squid.conf Warning: If you don't need to change the default configuration on squid.conf file, you shouldn't uncomment the line and leave it like it is. 2. Fist of all, we need to setup on which port Squid should listen for client proxy request. By default Squid will listen on port 3128 on all IP address on the machine On this project, we setup (configure) our Squid proxy to bind with the internal Ethernet card which is using internal IP 10.2.0.5 and listen on port 8080 on that internal IP address. With this configuration, Squid should only visible and listen to our internal address only. Configuration example on squid.conf file: Customize the socket address where your Squid proxy should listen for HTTP client request: Change the address to fit your network layout. # NETWORK OPTIONS........................#Default:# http_port 3128http_port 10.2.0.5:8080
Improve Squid performances. To improve Squid proxy performance edit the default configuration file to utilize system hardware capability. The configuration below show the process of increasing the size of cache memory and the size of cache directory of squid proxy. 3. Scroll down the page and find # TAG: cache_mem (bytes), To increase the Squid cache memory capacity, edit the default setting and put the appropriate memory size base on your system capabilities. The example below show that the Squid cache memory setting increase up to
256 MB. Take note that, before you change this setting make sure your hardware can support the size of memory that you specify here. # OPTIONS WHICH AFFECT THE CACHE SIZE# -----------------------------------# TAG: cache_mem (bytes)# NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS SIZE.# IT ONLY PLACES A LIMIT ON HOW MUCH ADDITIONAL MEMORY SQUID WILL# USE AS A MEMORY CACHE OF OBJECTS. SQUID USES MEMORY FOR OTHER# THINGS AS WELL. SEE THE SQUID FAQ SECTION 8 FOR DETAILS.## 'cache_mem' specifies the ideal amount of memory to be used# for:# * In-Transit objects# * Hot Objects# * Negative-Cached objects------- +++++ ---------------------------#Default:# cache_mem 8 MBcache_mem 256 MB 4. Then find tag # TAG: cache_dir, then increase the size of cache directory to 2000 MB, also make sure that you have enough disk space before you change the size value.# LOGFILE PATHNAMES AND CACHE DIRECTORIES# ----------------------------------------------------------------------------- # TAG: cache_dir# Usage:## cache_dir Type Directory-Name Fs-specific-data [options]#------- +++++ ---------------------------##Default:# cache_dir ufs /var/spool/squid 100 16 256cache_dir ufs /var/spool/squid 2000 16 256
Set Proxy to find DNS servers: 5. Adjust the list of DNS name servers. Squid cache proxy used this list of DNS servers to query domain name. # TAG: dns_nameservers# Use this if you want to specify a list of DNS name servers# (IP addresses) to use instead of those given in your
# /etc/resolv.conf file.# On Windows platforms, if no value is specified here or in# the /etc/resolv.conf file, the list of DNS name servers are# taken from the Windows registry, both static and dynamic DHCP# configurations are supported.## Example: dns_nameservers 10.0.0.1 192.172.0.4##Default:# nonedns_nameservers 203.106.93.91 161.142.227.17 192.228.128.16 201.188.0.16
Adding aux port: 6. Add required port to "Acess Control List". This example show that the port number 2083 port is add to safe_ports list. # ACCESS CONTROLS# -------------------------------------- **** +++++#Examples:#acl macaddress arp 09:00:2b:23:45:67#acl myexample dst_as 1241#acl password proxy_auth REQUIRED#acl fileupload req_mime_type -i ^multipart/form-data$#acl javascript rep_mime_type -i ^application/x-javascript$##Recommended minimum configuration:acl all src 0.0.0.0/0.0.0.0acl manager proto cache_objectacl localhost src 127.0.0.1/255.255.255.255acl to_localhost dst 127.0.0.0/8acl SSL_ports port 2083 443 563acl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 2083 443 563 # https, snewsacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 1025-65535 # unregistered portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl CONNECT method CONNECT
Adding Internal network to ACL: 7. To control access to the Squid proxy or who can use your Squid proxy, find and add the list of your Squid clients. The example of Access Control List rules below only allow only the internal IP network to access and use the Squid proxy. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt# to list your (internal) IP networks from where browsing should# be allowed#acl our_networks src 192.168.1.0/24 192.168.2.0/24#http_access allow our_networksacl FE_networks src 10.2.0.0/255.255.0.0acl LABS_networks src 10.3.0.0/255.255.0.0acl GENSUB_networks src 10.4.0.0/255.255.0.0acl ADM_networks src 10.5.0.0/255.255.0.0acl LABS_networks src 10.6.0.0/255.255.0.0acl TKM_networks src 10.7.0.0/255.255.0.0acl TKP_networks src 10.8.0.0/255.255.0.0acl TKE_networks src 10.9.0.0/255.255.0.0acl TKK_networks src 10.10.0.0/255.255.0.0http_access allow FE_networkshttp_access allow LABS_networkshttp_access allow GENSUB_networkshttp_access allow ADM_networkshttp_access allow LIB_networkshttp_access allow TKM_networkshttp_access allow TKP_networkshttp_access allow TKE_networkshttp_access allow TKK_networks # And finally deny all other access to this proxyhttp_access allow localhosthttp_access deny all ==========================================other example for Squid acl: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt# to list your (internal) IP networks from where browsing should# be allowed#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networksacl our_networks src 172.16.160.0/24 172.16.161.0/24 172.16.162.0/24 172.16.163.0/24 172.16.164.0/24 172.16.165.0/24 172.16.166.0/24 172.16.167.0/24 172.16.168.0/24 172.16.169.0/24 172.16.170.0/24acl bad_url dstdomain "/etc/squid/bad-sites.squid"http_access allow our_networkshttp_access deny bad_url 8. To allow FTP request from client. # TAG: always_direct# Usage: always_direct allow|deny [!]aclname ...## Here you can use ACL elements to specify requests which should# ALWAYS be forwarded by Squid to the origin servers without using# any peers. For example, to always directly forward requests for# local servers ignoring any parents or siblings you may have use# something like:## acl local-servers dstdomain my.domain.net# always_direct allow local-servers## To always forward FTP requests directly, use## acl FTP proto FTP# always_direct allow FTP+++++++++++++++++++++##Default:# noneacl FTP proto FTPalways_direct allow FTP DONERECHECK THE CONFIGURATION SETTING.SAVE THE SQUID CONFIGURATION FILE (squid.conf)
Step-by-step how to start and using Squid for the first time. In order to make sure that the configuration and your Squid proxy server running smoothly, test to start Squid proxy server in debugging mode; The command example below show the step by step to create the Squid cache directory and then running Squid proxy server in debugging mode.
1. Create squid cache directory by issuing this command: [root@linux fedora]# /usr/sbin/squid -z2006/03/16 10:33:00| Creating Swap Directories 2. Then test run your Squid cache proxy by running Squid in debug-mode [root@linux fedora]# /usr/sbin/squid -NCd1Output example:2006/03/16 10:33:02| Starting Squid Cache version 2.5.STABLE9 for i386-redhat-linux-gnu...2006/03/16 10:33:02| Process ID 51922006/03/16 10:33:02| With 1024 file descriptors available2006/03/16 10:33:02| Performing DNS Tests...2006/03/16 10:33:02| Successful DNS name lookup tests...2006/03/16 10:33:02| DNS Socket created at 0.0.0.0, port 32778, FD 42006/03/16 10:33:02| Adding nameserver 203.106.93.91 from squid.conf2006/03/16 10:33:02| Adding nameserver 161.142.227.17 from squid.conf2006/03/16 10:33:02| Adding nameserver 192.228.128.16 from squid.conf2006/03/16 10:33:02| Adding nameserver 201.188.0.16 from squid.conf2006/03/16 10:33:02| User-Agent logging is disabled.2006/03/16 10:33:02| Referer logging is disabled.2006/03/16 10:33:02| Unlinkd pipe opened on FD 92006/03/16 10:33:02| Swap maxSize 102400 KB, estimated 7876 objects2006/03/16 10:33:02| Target number of buckets: 3932006/03/16 10:33:02| Using 8192 Store buckets2006/03/16 10:33:02| Max Mem size: 18432 KB2006/03/16 10:33:02| Max Swap size: 102400 KB2006/03/16 10:33:02| Rebuilding storage in /var/spool/squid (CLEAN)2006/03/16 10:33:02| Using Least Load store dir selection2006/03/16 10:33:02| Set Current Directory to /var/spool/squid2006/03/16 10:33:02| Loaded Icons.2006/03/16 10:33:47| Accepting HTTP connections at 172.16.160.55, port 8080, FD 11.2006/03/16 10:33:47| Accepting HTTP connections at 172.16.160.55, port 80, FD 12.2006/03/16 10:33:47| Accepting ICP messages at 0.0.0.0, port 3130, FD 13.2006/03/16 10:33:47| WCCP Disabled.2006/03/16 10:33:47| Ready to serve requests.2006/03/16 10:33:47| Store rebuilding is 52.5% complete2006/03/16 10:33:47| Done reading /var/spool/squid swaplog (7796 entries)2006/03/16 10:33:47| Finished rebuilding storage from disk.2006/03/16 10:33:47| 7796 Entries scanned2006/03/16 10:33:47| 0 Invalid entries.2006/03/16 10:33:47| 0 With invalid flags.2006/03/16 10:33:47| 7796 Objects loaded.2006/03/16 10:33:47| 0 Objects expired.2006/03/16 10:33:47| 0 Objects cancelled.
2006/03/16 10:33:47| 0 Duplicate URLs purged.2006/03/16 10:33:47| 0 Swapfile clashes avoided.2006/03/16 10:33:47| Took 44.8 seconds ( 174.1 objects/sec).2006/03/16 10:33:47| Beginning Validation Procedure2006/03/16 10:33:47| Completed Validation Procedure2006/03/16 10:33:47| Validated 7796 Entries2006/03/16 10:33:47| store_swap_size = 92144k2006/03/16 10:33:48| storeLateRelease: released 0 objects Try access any web page trough the debug mode squid proxyPress Ctrl+c key to end the debug mode testing 2006/03/16 10:43:22| Preparing for shutdown after 39 requests2006/03/16 10:43:22| Waiting 0 seconds for active connections to finish2006/03/16 10:43:22| FD 11 Closing HTTP connection2006/03/16 10:43:22| FD 12 Closing HTTP connection2006/03/16 10:43:24| Shutting down...2006/03/16 10:43:24| FD 13 Closing ICP connection2006/03/16 10:43:24| Closing unlinkd pipe on FD 92006/03/16 10:43:24| storeDirWriteCleanLogs: Starting...2006/03/16 10:43:25| Finished. Wrote 7796 entries.2006/03/16 10:43:25| Took 0.1 seconds (89056.4 entries/sec).[root@linux fedora]# 3. In case of a problem of starting your Squid cache proxy try read the Squid log file in these following directory: [root@linux fedora]# /var/logs/squid/access.logand [root@linux fedora]# /var/logs/squid/cache.log
Step by step example, start, stop and automatic restart Squid proxy server. Use the following command to start and stop Squid. [root@linux fedora]# /sbin/service squid start[root@linux fedora]# /sbin/service squid stop To make sure Squid automatic start after the system reboot, use the chkconfig command to On Squid on runlevel 3 and 5. (Setting of automatic start on runlevel 3 and 5) [root@linux fedora]# /sbin/chkconfig --level 35 squid on
(Confirmation of automatic start) [root@linux fedora]# /sbin/chkconfig --list squidsquid 0:off 1: off 2: off 3: on 4: off 5:on 6: off
Step-by-step configure client browser to use Squid Cache Proxy. 1. Open Web Browser on client machine.2. On connection setting, click on manual proxy configuration.3. On Http Proxy text box, key in IP 10.2.0.5 and Port to 80804. Click on the checkbox to use the same proxy for all protocols and click the OK button.
Note: The IP 10.2.0.5 using Port 8080 is the IP address used in this Squid cache proxy project. Adjust that IP address and Port to fits your Proxy configuration. The example of the squid configuration on this project aim to make Squid cache proxy working to support the internal client with the most basic configuration, you can customize and adding more option to squid by edit the config file /etc/squid/squid.conf . Step-by-step how to procedure above tested on:Operating System: GNU/Linux Fedora Core 4, Fedora Core 5, Fedora Core 6Kernel Name: LinuxMachine Hardware: i686Machine Processor: i686Hardware Platform: i386Shell: GNU bash
Installation Type: Full Installation (Custom)SELinux: Disable Good Luck... Related article: Configure Squid proxy to Block client to access specific web URL. Check hard disk size. Keywords: how to configure squid, proxy server, configure squid proxy, setup squid, setup proxy, setup proxy server, fedora core proxy, free proxy server, Squid cache proxy server, Linux Fedora Core, step by step proxy setup, setup squid proxy, squid, browser proxy, using squid proxy server.
