Thursday 12 January 2012

Setup Ubuntu squid proxy server


Setup Ubuntu squid proxy server - Introduction, installation and basic configuration guide for beginner

Squid is an open source caching proxy server. As a cache proxy server, squid accepts request data from client and passes it to appropriate Internet server. It keeps a copy of the returned data, especially hot objects cached in RAM. Squid also caches DNS lookups and supports non-blocking DNS lookups. Even when a client terminates a request, squid continues to fetch and complete the requested data. When it receives the same request again from other client, it just passes the stored data in its cache. This is the basic concept of how squid works, speeding up the Internet access and saving bandwidth.

Other than http protocol, squid supports FTP, gopher, and HTTP data objects. Squid also supports other caching protocols too, such as:

Internet cache protocol (ICP)
Cache digests
Simple network management protocol (SNMP)
Hyper text caching protocol (HTCP)

A cache proxy server can greatly improve Internet performance and squid cache proxy server is very fast and well known for high performance caching proxy server in Linux world. A normal firewall proxy does not store copy of returned data like squid does. Squid cache proxy server works great with firewall on the upper level and squid in the lower level protecting local network from each other.
Setup squid cache proxy server in Ubuntu

Before setting up a squid cache proxy server, you should consider several things that will influence the performance of the caching server later. The most important things are server hardware.
Basic hardware requirements

As we already know, squid stores meta data especially hot objects cached in RAM. So having a big RAM will improve squid performance and overall server performances. However, cpu power doesn't really effect squid performance.

While keeping all caches in the hard disk, having a fast random-seek-time hard disk would boost squid performances. A high rpm hard disk is good but the price is higher. You would better consider adding extra hard disk with fast random-seek-time because having many hard disk also improve squid performances.
Install squid proxy in Ubuntu

You can check whether squid is already installed by checking squid service with ps command. To simply grab a running squid service with ps command, add | (pipe) and grep option like the example below:

luzar@ubuntu:~$ ps aux | grep squid
luzar 5667 0.0 0.1 3236 796 pts/0 S+ 16:45 0:00 grep squid
luzar@ubuntu:~$

So there is no squid process running in our system. Then we can install squid package using apt-get package management system. Example of squid package installation in Ubuntu using apt-get:

luzar@ubuntu:~$ sudo apt-get install squid
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
openssl-blacklist squid-common ssl-cert
Suggested packages:
squidclient squid-cgi logcheck-database resolvconf smbclient winbind
The following NEW packages will be installed:
openssl-blacklist squid squid-common ssl-cert
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 7542kB of archives.
After this operation, 19.5MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://us.archive.ubuntu.com intrepid/main openssl-blacklist 0.4.2 [6337kB]
4% [1 openssl-blacklist 360983/6337kB 5%] 4770B/s 25min5s

As you can see, squid file is quite big. So the downloading and installation is going to take some times. After the installation is finished, you can begin configuring squid as a caching proxy server.
Configure squid caching proxy server in Ubuntu

Squid configuration file is in /etc/squid directory. So change directory to /etc/squid and see what we have there.

luzar@ubuntu:~$ cd /etc/squid/
luzar@ubuntu:/etc/squid$ ls
squid.conf
luzar@ubuntu:/etc/squid$

We just have one file, squid.conf, which is the main configuration file for squid. For a safety reason, we will make a copy of squid.conf as a backup before we start editing the file. Here is a command to copy squid.conf:

luzar@ubuntu:/etc/squid$ sudo cp squid.conf squid.conf.bac
luzar@ubuntu:/etc/squid$ ls -l
total 344
-rw------- 1 root root 168394 2008-12-24 16:20 squid.conf
-rw------- 1 root root 168394 2008-12-24 17:07 squid.conf.bac
luzar@ubuntu:/etc/squid$

Here is a step by step guide on how to configure a basic squid caching proxy server. Open squid.conf with your favorite text editor. Here is an example using vim editor :

luzar@ubuntu:/etc/squid$ sudo vim squid.conf
[sudo] password for luzar:

This is an example of squid.conf file when you open it with vim editor:
squid.conf screenshot

Go to the line http_port. We are going to set http port for the squid caching proxy server. You can set port as in example below:

Tips: If you are using vim, in command mode, type /term to search for the term you are looking for. Pres n to find the next occurrence of the search term. Squid.conf is quite a big file for you to scroll.

# Squid normally listens to port 3128
http_port 3128

Next, we are going to set cache directory for our squid caching proxy server. The cache_dir is disabled by default. You can copy that line and add your preferred cache directory size for your caching proxy server. You can set more than one cache directory if you have many partitions and named the cache directory as cache1, cache2, cache3, so forth.

#Default:
# cache_dir ufs /var/spool/squid 100 16 256
cache_dir ufs /var/spool/squid/cache1 1000 16 256

The value 100 after cache directory is the size value in MB. Set it according to your need. Remember that the cache directory must be empty. In the example above, I set it to 1000MB. The second and third values (16 256) are sub directory first and second tier.

We can set administrator email address in cache_mgr so email can automatically sent to us if squid dies.

#Default:
# cache_mgr webmaster
cache_mgr webmaster

Another important configuration we need to set is squid log. Squid log can be set in access_log parameter. This is the default path and file used:

# And priority could be any of:
# err, warning, notice, info, debug.
access_log /var/log/squid/access.log squid

Squid automatically create a default user proxy and a group proxy during the installation. Enable those names in the cache_effective_user and cache_effective_group in squid.conf file.

#Default:
# cache_effective_user proxy
cache_effective_user proxy

#Default:
# none
cache_effective_group proxy

Enable ftp anonymous user if you need that.

#Default:
# ftp_user Squid@
ftp_user Squid@

Now we need to set simple access control (acl) to allow ip address in our local network. Search for the acl localnet line and add your local area network ip addresses.

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
# acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
# acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl local_itnet src 192.168.0.0/255.255.255.0 # IT network
acl local_admnet src 192.168.1.0/255.255.255.0 # Admin network

Enable http_access from local network:

#Allow HTTP queries from local networks only
http_access allow acl local_itnet
http_access allow acl local_admnet
http_access deny all

Tips: Only allow ip address in your network.

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
acl local_itnet src 192.168.0.0/255.255.255.0 # It networkhttp_access allow localnet
acl local_admnet src 192.168.1.0/255.255.255.0 # Admin networkhttp_access allow localnet

Allow icp from local network:

#Allow ICP queries from local networks only
icp_access allow acl local_itnet
icp_access allow acl local_admnet
icp_access deny all

That covers all the basic squid configurations. Now we can restart squid service:

lluzar@ubuntu:/etc/squid$ sudo vim squid.conf
luzar@ubuntu:/etc/squid$ sudo /etc/init.d/squid restart
* Restarting Squid HTTP proxy squid [ OK ]
luzar@ubuntu:/etc/squid$

sumber

0 komentar:

Post a Comment

Komentar yang baik akan diterima secara baik juga

 
Design by Aldo Wildan Firdaus | Bloggerized by Aldo Wildan Firdaus - Premium Blogger Themes | Online Project management