|< Day Day Up >|| |
Squid is a high-performance HTTP and FTP caching proxy server. It is also known as a Web proxy cache. It can make your network connections more efficient. As it stores data from frequently used Web pages and files, it can often give your users the data they need without having to look to the Internet.
Studies on very busy networks suggest that a Squid server can reduce the size, or bandwidth, of your Internet connection by 10-20 percent. That can lead to considerable savings for larger offices.
Squid conforms to the original Harvest Cache architecture and uses the Inter-Cache Protocol (ICP) for transfers between participating peer and parent/child cache servers. It can be used either as a traditional caching proxy or as a front-end accelerator for a traditional Web server. Squid accepts only HTTP requests, but speaks FTP on the server side when FTP objects are requested. You can join the worldwide hierarchy of Harvest Cache sites; see www.ircache.net for more information.
There is one Squid RPM package, squid-2.5.STABLE3-3.3E. It is installed by default when you install the Web Server package group. So if you've installed Apache and have not tinkered with the defaults, the Squid RPM should also be installed on your computer. This RPM package installs a substantial number of files and scripts; some of the key files include the following:
/etc/rc.d/init.d/squid Start/stop script
/etc/squid/ Configuration directory
/usr/share/doc/squid-2.5.STABLE3 Documentation, mostly in HTML format
/usr/lib/squid/ Support files and internationalized error messages
/usr/sbin/squid Main Squid daemon
/var/log/squid/ Log directory
/var/spool/squid/ Cache directory (Hundreds of MB and maybe more in many hashed directories)
There are minor differences between the versions of Squid on RHEL 3 and Red Hat Linux 9. The changes that you'll make are identical; however, the locations of each command that you'll change or add vary slightly.
The Squid Web Proxy is not started by default on RHEL 3. To do so, you'll want to activate it using a command such as chkconfig or the Service Configuration utility described in Chapter 4. The easiest way to set Squid to start the next time you boot Linux is with the following command:
# chkconfig --level 35 squid on
When the Squid Proxy Server starts for the first time, the /etc/rc.d/init.d/squid start script starts the Squid daemon. Squid runs as a caching proxy server on port 3128. You can then set up Web browsers on your LAN to point your computer to Squid on port 3128 instead of an external network such as the Internet. In that way, Squid would get the first chance at serving the needs of users on your network.
You can configure and customize the way Squid operates through its configuration file, /etc/squid/squid.conf. The default version of this file includes a large number of comments that can help you tune and secure Squid. Since it has more than 3,000 lines, this isn't the easiest file to review. However, you only need to add three lines to this file before you activate Squid. For example, if the name of the local computer is Enterprise, you'd add the following line:
Next, to support regular Web (HTTP) access, you'll need to set the http_access variable to allow some arbitrary name:
http_access allow local_net
Next, you'll need to add your local network to the Squid Access Control List. This particular command line uses the local_net setting that you just created, and adds the IP addresses of a private network that I've used:
acl local_net src 192.168.30.0/255.255.255.0
Now you can save your changes and exit from the squid.conf configuration file. You can then create the basic cache directories in /var/spool/squid with the following command:
# squid -z
Finally, start the Squid service for the first time with the appropriate service command:
# service squid start
While you're unlikely to have a chance to configure more than one computer with Squid during the RHCE exam, its power is in connecting the cache from multiple servers. You can configure this with the cache_peer lines, which specify parent and sibling Squid cache servers. If your Linux computer is part of a group of Squid servers in a Harvest Cache, these lines allow your Squid servers to check these other Squid servers before going to the Internet.
Squid first checks its own cache and then queries its siblings and parents for the desired object such as a Web page. If neither the cache host nor its siblings have the object, it asks one of its parents to fetch it from the source. If no parent servers are available, it fetches the object itself.
|On The Job|| |
Squid can greatly improve the performance of a corporate intranet. If your company has many employees who surf the Net, a Squid server can reduce your network connection costs by decreasing the bandwidth you need for your Internet connection.
Exercise 7-4: Configuring Squid to Act as a Proxy Server
This exercise assumes you have a LAN. One of the computers on the LAN is also a server that is connected to the Internet. It also assumes that you've already installed the Squid RPM. Then you can configure Squid to act as a proxy for Web and FTP service for your LAN.
Open the Squid configuration file, /etc/squid/squid.conf, in a text editor.
Add the name of your computer to this file. Add the following command near the comments associated with visible_hostname:
Add an http_access command to allow access from your local network. You can set an arbitrary name of your choice for the network, but you'll need to use it in the command afterwards. Locate the command near the other http_access commands in this file.
http_access allow lan_net
Configure access from your LAN to Squid with an appropriate acl command. The following command allows access from your lan_net with an IP network address of 126.96.36.199:
acl local_net src 188.8.131.52/255.255.255.0
Save your changes and exit.
Stop the Squid service if it isn't already running with the service squid stop command.
Create Squid swap directories with the squid -z command.
Start the Squid service with the service squid start command.
Configure a test client such as a Web browser to use your Squid service.
Test your client by using both HTTP and FTP addresses in the browser address. Use it to retrieve files from various sites on the Internet, such as www.redhat.com and ftp.kernel.org.
|< Day Day Up >|| |