Diff for "Squid"

Differences between revisions 10 and 11
Revision 10 as of 2009-09-05 18:40:02
Size: 3766
Editor: 140
Comment: Added a (rather verbose) paragraph explaining netmasks, because I didn't really understand what the /24 meant. Feel free to revise.
Revision 11 as of 2009-11-06 20:20:54
Size: 3513
Editor: anonymisierungsdienst
Comment:
Deletions are marked like this. Additions are marked like this.
Line 66: Line 66:
== Service administration == == Service Administration ==
Line 83: Line 83:
== Customize Squid Error pages == == Customize Squid Error Pages ==
Line 88: Line 88:

A see also section can be used to point users towards other trusted Ubuntu resources. For example, if a page exists in the official documentation on http://help.ubuntu.com, you can link to such a page. This section is optional.
Line 96: Line 94:
== External Links ==

Introduction

Squid is a Proxy server

This howto describes the process of setting up Squid as a Proxy Server

Squid is a proxy server, HTTP requests are sent to Squid instead of being sent directly to the internet.

Installation

Install Apache 

# apt-get install apache2

Install Squid 

# apt-get install squid

Key File Locations

File

Purpose

/etc/squid/squid.conf

Squid configuration file

/var/log/squid/access.log

Squid access log file

Configurations

Squid Configuration

The squid.conf file is huge, with hundreds of options. In this howto we will only be changing a few settings.

Open the squid.conf file for editing 

gksudo gedit /etc/squid/squid.conf

Turn on line numbers in gedit (Edit > Preferences)

Find the http_port tag (should be on or around line 53, its currently Line 89 in 7.10 release) By default it reads # http_port 3128 This is the default port that Squid will listen on for requests. If you want to change it, uncomment the line and set the correct port. If you want Squid to listen only on one specific NIC, you can also change the IP address – for example 192.168.1.5:3128

Now we'll setup who is allowed access to the proxy. Find the http_access section (should start around line 1860,line 2589 in 7.04 and line 2608 in 7.10 release) Uncomment these 2 lines: 

#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks

You'll need to change 192.168.1.0/24 to match your network. Unless you have a second subnet you can delete 192.168.2.0/24

Above, the first four sets of numbers, separated by periods ("."), form the IP address of your local area network. The last number, after the slash ("/"), is the netmask of your network and depends on your router settings. This is usually 24, meaning that the first three sets of numbers in the IP address only correspond to computers in your network while all others exist outside of it. Other netmasks are explained here.

if you get a startup error :- 'FATAL: Could not determine fully qualified hostname. Please set visible_hostname' you will also need to modify the visible_hostname tag (around line 2909 in 7.10) to:-

NOTE: this needs to be added as a new line in 7.10 (not sure about other releases) as there is no commented out line re-introduce. 

visible_hostname localhost

Save the file and close gedit

Service Administration

Fire up Squid

If it is not running you can use :- 

sudo /etc/init.d/squid start|restart|stop

then this will work 

squid -k reconfigure

Customize Squid Error Pages

Squid can be customized. Learn how to do this here.

See Also

External Links

CategoryNetworking CategorySecurity

Squid (last edited 2017-09-06 20:08:06 by ckimes)