ちょっとした理由で、ProxyServerを作る羽目になったので、メモ

• pkg install squid
• check /var/squid/cache , /var/log/squid
• vi /boot/loader.conf

  • kern.ipc.msgmnb=8192
    kern.ipc.msgssz=64
    kern.ipc.msgtql=2048

• echo 'squid_enable=yes' » /etc/rc.conf.local

• http://hp.vector.co.jp/authors/VA022911/tec/centos/squid5.htm

• SQUID COnfiguration
  • AquidのConfigurationは、上からParseされるので、注意(末尾に書けばいいというものではない)
  • 今回はFreeBSDのInstall時のsquid.confの先頭に以下を追加するだけで良い

  • *** squid.conf.sample	Thu Aug 20 19:18:40 2015
    --- squid.conf	Wed Aug 26 14:03:38 2015
    ***************
    *** 2,7 ****
    --- 2,15 ----
      # Recommended minimum configuration:
      #
      
    + visible_hostname squid1
    + 
    + # Auth Param
    + auth_param basic program /usr/local/libexec/squid/basic_pam_auth
    + auth_param basic children 2 startup=2 idle=1
    + auth_param basic realm Squid proxy-caching web server
    + auth_param basic credentialsttl 2 hours
    + 
      # Example rule allowing access from your local networks.
      # Adapt to list your (internal) IP networks from where browsing
      # should be allowed
    ***************
    *** 24,29 ****
    --- 32,39 ----
      acl Safe_ports port 777		# multiling http
      acl CONNECT method CONNECT
      
    + acl pamauth proxy_auth REQUIRED
    + 
      #
      # Recommended minimum Access Permission configuration:
      #
    ***************
    *** 52,64 ****
      http_access allow localnet
      http_access allow localhost
      
      # And finally deny all other access to this proxy
      http_access deny all
      
      # Squid normally listens to port 3128
    ! http_port 3128
      
    ! # Uncomment and adjust the following to add a disk cache directory.
      #cache_dir ufs /var/squid/cache 100 16 256
      
      # Leave coredumps in the first cache dir
    --- 62,85 ----
      http_access allow localnet
      http_access allow localhost
      
    + http_access allow pamauth
    + 
      # And finally deny all other access to this proxy
      http_access deny all
      
      # Squid normally listens to port 3128
    ! #http_port 3128
    ! http_port pppp
    ! icp_port 0
    ! 
    ! # NEIGHBOR SELECTION
    ! # TEST
    ! cache_peer  aaa.aaa.aaa.aaa parent pppp 0   no-query
    ! acl         TEST dst nnn.nnn.nnn.nnn/mm
    ! cache_peer_access aaa.aaa.aaa.aaa allow TEST
    ! never_direct allow TEST
      
    ! # Uncommen an adjust the following to add a disk cache directory.
      #cache_dir ufs /var/squid/cache 100 16 256
      
      # Leave coredumps in the first cache dir

• /etc/pam.d/squid

  • auth		required	pam_unix.so		no_warn try_first_pass
    account		required	pam_unix.so

詳しいことは別の記事でまとめる