tweet:2015:0826_01
squid on freebsd memo
ちょっとした理由で、ProxyServerを作る羽目になったので、メモ
- pkg install squid
- check /var/squid/cache , /var/log/squid
- vi /boot/loader.conf
kern.ipc.msgmnb=8192 kern.ipc.msgssz=64 kern.ipc.msgtql=2048
- echo 'squid_enable=yes' » /etc/rc.conf.local
- SQUID COnfiguration
- AquidのConfigurationは、上からParseされるので、注意(末尾に書けばいいというものではない)
- 今回はFreeBSDのInstall時のsquid.confの先頭に以下を追加するだけで良い
*** squid.conf.sample Thu Aug 20 19:18:40 2015 --- squid.conf Wed Aug 26 14:03:38 2015 *************** *** 2,7 **** --- 2,15 ---- # Recommended minimum configuration: # + visible_hostname squid1 + + # Auth Param + auth_param basic program /usr/local/libexec/squid/basic_pam_auth + auth_param basic children 2 startup=2 idle=1 + auth_param basic realm Squid proxy-caching web server + auth_param basic credentialsttl 2 hours + # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed *************** *** 24,29 **** --- 32,39 ---- acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT + acl pamauth proxy_auth REQUIRED + # # Recommended minimum Access Permission configuration: # *************** *** 52,64 **** http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 ! http_port 3128 ! # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/squid/cache 100 16 256 # Leave coredumps in the first cache dir --- 62,85 ---- http_access allow localnet http_access allow localhost + http_access allow pamauth + # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 ! #http_port 3128 ! http_port pppp ! icp_port 0 ! ! # NEIGHBOR SELECTION ! # TEST ! cache_peer aaa.aaa.aaa.aaa parent pppp 0 no-query ! acl TEST dst nnn.nnn.nnn.nnn/mm ! cache_peer_access aaa.aaa.aaa.aaa allow TEST ! never_direct allow TEST ! # Uncommen an adjust the following to add a disk cache directory. #cache_dir ufs /var/squid/cache 100 16 256 # Leave coredumps in the first cache dir
- /etc/pam.d/squid
auth required pam_unix.so no_warn try_first_pass account required pam_unix.so
詳しいことは別の記事でまとめる
tweet/2015/0826_01.txt · 最終更新: 2016/06/22 16:55 by 127.0.0.1