Linux Proxy Server - Squid Cache with Authorization via NCSA
Log as root, create user and group
Squid
su
useradd -d /cache -s /dev/null squid
groupadd squid
useradd -d /cache -s /dev/null squid
groupadd squid
Create logs dir and download
Squid with NCSA:
mkdir /var/log/squid
chown -R squid /var/log/squid
cd /tmp
wget ftp://ftp.is.co.za/pub/squid/squid-3/STABLE/squid-3.0.STABLE1.tar.gz
chown -R squid /var/log/squid
cd /tmp
wget ftp://ftp.is.co.za/pub/squid/squid-3/STABLE/squid-3.0.STABLE1.tar.gz
Extract and compile Squid
tar xvf squid-3.0.STABLE1.tar.gz
cd squid-3.0.STABLE1
./configure --prefix=/etc/squid --enable-delay-pools --enable-err-language=English --enable-default-err-language=English --enable-underscores --enable-linux-netfilter --enable-gnuregex
make
make install
cd squid-3.0.STABLE1
./configure --prefix=/etc/squid --enable-delay-pools --enable-err-language=English --enable-default-err-language=English --enable-underscores --enable-linux-netfilter --enable-gnuregex
make
make install
Compile NCSA
cd
/tmp/squid-3.0.STABLE1/helpers/basic_auth/NCSA
make
make install
make clean
make
make install
make clean
Edit Squid config file
mcedit
/etc/squid/etc/squid.conf
Changes:
http_port 3128
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_host virtual
Cache_dir ufs /cache 2500 16 256
cache_mem 128 MB
reference_age 2 week
refresh_pattern -i (.jpg$|.gif$) 0 50% 28800
refresh_pattern -i (.html$|.htm|.*shtml) 0 20% 1440
refresh_pattern (http://.*/$) 0 20% 1440
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/log/squid/squid.pid
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 1025-65535 # pozosta??e porty
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl server src 192.168.0.1
http_access allow server
acl our_networks src 192.168.0.1-192.168.0.255
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.your_domain.com
cache_mgr admin@your_domain.com
coredump_dir /cache
maximum_object_size 61440 KB
logfile_rotate 5
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_host virtual
Cache_dir ufs /cache 2500 16 256
cache_mem 128 MB
reference_age 2 week
refresh_pattern -i (.jpg$|.gif$) 0 50% 28800
refresh_pattern -i (.html$|.htm|.*shtml) 0 20% 1440
refresh_pattern (http://.*/$) 0 20% 1440
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/log/squid/squid.pid
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 1025-65535 # pozosta??e porty
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl server src 192.168.0.1
http_access allow server
acl our_networks src 192.168.0.1-192.168.0.255
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.your_domain.com
cache_mgr admin@your_domain.com
coredump_dir /cache
maximum_object_size 61440 KB
logfile_rotate 5
Delay pools:
acl magic_words1 url_regex -i
192.168
acl magic_words2 url_regex -1 .html .htm .php .cgi .asp
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access magic_words1
# 100 KB -> 100*1024/8 = 12800
delay_class 2 2
delay_parameters 2 12800/25600 -1/-1
delay_access 2 allow magic_words2
acl magic_words2 url_regex -1 .html .htm .php .cgi .asp
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access magic_words1
# 100 KB -> 100*1024/8 = 12800
delay_class 2 2
delay_parameters 2 12800/25600 -1/-1
delay_access 2 allow magic_words2
Squid commands:
This command making cache dirs
squid -z
Refresh changes
squid -k
reconfigure
Run squid (silent)
RunCache &
Redirect port 80 to 3128 (for
Squid)
iptables -t nat -A PREROUTING -s
192.168.0.1/255.255.255.0 -p tcp //
--dport 80 -j REDIRECT --to-port 3128
--dport 80 -j REDIRECT --to-port 3128
Log Rotation - Add to crontab:
crontab -e root
0 0 * /etc/squid/sbin/squid -k rotate
0 0 * /etc/squid/sbin/squid -k rotate
Squid works!
No comments:
Post a Comment