public:squid_update_proxy
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
public:squid_update_proxy [2020/03/11 18:13] – [Linux Update Proxy Server] jehaverlack | public:squid_update_proxy [2024/01/25 03:31] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 2: | Line 2: | ||
A light weight Squid Proxy can be used to cached RPM and Deb packages for both RedHat (CentOS) and Debian based Linux systems. | A light weight Squid Proxy can be used to cached RPM and Deb packages for both RedHat (CentOS) and Debian based Linux systems. | ||
+ | See: https:// | ||
===== Serverside ===== | ===== Serverside ===== | ||
- | # | + | Add the following |
- | # Recommended minimum configuration: | + | |
- | # | + | |
- | + | ||
- | # Example rule allowing access from your local networks. | + | |
- | # Adapt to list your (internal) IP networks from where browsing | + | |
- | # should be allowed | + | |
- | acl localnet src 10.0.0.0/ | + | |
- | acl localnet src 172.16.0.0/ | + | |
- | acl localnet src 192.168.0.0/ | + | |
- | acl localnet src fc00::/ | + | |
- | acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines | + | |
- | acl SSL_ports port 443 | + | **/ |
- | acl Safe_ports port 80 # http | + | < |
- | acl Safe_ports port 21 # ftp | + | ... |
- | acl Safe_ports port 443 # https | + | |
- | acl Safe_ports port 70 # gopher | + | |
- | acl Safe_ports port 210 # wais | + | |
- | acl Safe_ports port 1025-65535 | + | |
- | acl Safe_ports port 280 # http-mgmt | + | |
- | acl Safe_ports port 488 # gss-http | + | |
- | acl Safe_ports port 591 # filemaker | + | |
- | acl Safe_ports port 777 # multiling http | + | |
- | acl CONNECT method CONNECT | + | |
# Auth | # Auth | ||
Line 44: | Line 25: | ||
http_access deny !Safe_ports | http_access deny !Safe_ports | ||
- | # Deny CONNECT to other than secure SSL ports | + | ... |
- | http_access deny CONNECT !SSL_ports | + | |
- | # Only allow cachemgr access from localhost | + | # Uncomment and adjust the following to add a disk cache directory. |
- | http_access allow localhost manager | + | #cache_dir ufs / |
- | http_access deny manager | + | cache_dir ufs / |
- | # We strongly recommend the following be uncommented to protect innocent | + | </ |
- | # web applications running on the proxy server who think the only | + | |
- | # one who can access services on " | + | |
- | # | + | |
- | # | + | Use htpasswd to create the password file with the **update-user**: |
- | # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | + | < |
- | # | + | sudo htpasswd -c / |
+ | </ | ||
- | # Example rule allowing access from your local networks. | + | ==== Firewall ==== |
- | # Adapt localnet in the ACL section | + | Be sure to open up firewall services for squid on port 3128. |
- | # from where browsing should be allowed | + | |
- | http_access allow localnet | + | |
- | http_access allow localhost | + | |
- | # And finally deny all other access to this proxy | + | e.g. on CentOS 7,8 |
- | http_access deny all | + | < |
+ | firewall-cmd --zone=public --add-service=squid --permanent | ||
+ | </ | ||
- | # Squid normally listens to port 3128 | ||
- | http_port 3128 | ||
- | # Uncomment and adjust the following to add a disk cache directory. | ||
- | #cache_dir ufs / | ||
- | cache_dir ufs / | ||
- | # Leave coredumps in the first cache dir | + | ===== Clientside ===== |
- | coredump_dir / | + | |
- | # | + | ==== RedHat |
- | # Add any of your own refresh_pattern entries above these. | + | On YUM clients append the following lines to |
- | # | + | |
- | refresh_pattern ^ftp: | + | |
- | refresh_pattern ^gopher: | + | |
- | refresh_pattern -i (/cgi-bin/|\?) 0 | + | |
- | refresh_pattern . | + | |
+ | **/ | ||
+ | < | ||
+ | proxy=http:// | ||
+ | proxy_username=update-user | ||
+ | proxy_password=******** | ||
+ | </ | ||
+ | ==== Debian / Ubuntu / Raspbian ==== | ||
+ | On apt-get Clients create the file: | ||
+ | / | ||
+ | < | ||
+ | Acquire:: | ||
+ | </ | ||
- | + | Then run apt-get update or apt-get install a package | |
- | ===== Clientside ===== | + | |
public/squid_update_proxy.1583950398.txt.gz · Last modified: 2024/01/25 03:32 (external edit)