xand

Package manager proxy server

If you have several Linux machines in one location, it can be useful to setup a caching proxy server which they will use to download packages. This both saves bandwidth usage on your Internet connection, and speeds up downloads - each unique package is only requested once.

Here I am running Squid 3 on Debian Jessie. Configuration steps will be similar on other distros.

Install the proxy

$ sudo apt-get install squid3

Configure it to allow LAN access

Adjust the following settings to match your IP addressing scheme. You probably don't want to allow access to your proxy server from the Internet. It is wise to use iptables rules to restrict access similarly.

In /etc/squid3/squid.conf the following lines allow access only from the LAN (IPv4 and IPv6 ranges):

acl localnetV4 src 192.0.2.0/24
acl localnetV6 src 2001:db8:1234:5678::/64
http_access allow localnetV4
http_access allow localnetV6
http_access deny all

Allow caching of large files

These lines do just that:

cache_dir ufs /storage/squid 100000 16 256
maximum_object_size 5000 MB

cache_dir

You will want to ensure that /storage/squid or similar has plenty of available disk space. ufs is not the filesystem of the same name but a caching scheme used by Squid. 100000 i The maximum cache size in MB. Numbers 16 and 256 are the number of first and second level directories created within /storage/squid, and have been left at the defaults.

maximum_object_size

This is maximum size of file to be cached.

Complete config file

When your changes have been made you'll have something like this in /etc/squid3/squid.conf

acl localhost src 127.0.0.1/32 ::1

acl localnetV4 src 192.0.2.0/24
acl localnetV6 src 2001:db8:1234:5678::/64

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost
http_access allow localnetV4
http_access allow localnetV6
http_access deny all

http_port 3128
hierarchy_stoplist cgi-bin ?
cache_replacement_policy heap LFUDA
cache_dir ufs /storage/squid 100000 16 256
cache_mgr xand@xand.co.uk
maximum_object_size 5000 MB
coredump_dir /var/spool/squid3

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern Packages\.bz2$ 0       20%     4320 refresh-ims
refresh_pattern Sources\.bz2$  0       20%     4320 refresh-ims
refresh_pattern Release\.gpg$  0       20%     4320 refresh-ims
refresh_pattern Release$       0       20%     4320 refresh-ims
refresh_pattern .               0       20%     4320

logformat squid %{%Y-%m-%d %H:%M:%S}tl %>a %Ss/%03Hs %<st %rm %ru %[un %Sh/%<a %mt

Restart to apply changes

$ sudo systemctl restart squid3.service

Configuring clients to use the proxy

In these examples, proxyserver.example.com is the name of the server running the proxy.

Debian/Ubuntu - apt

Put the following in /etc/apt/apt.conf (which doesn't exist by default):

Acquire::http::Proxy "http://proxyserver.example.com:3128/";

RHEL/CentOS/Fedora - yum/dnf

Add this line to /etc/yum.conf or /etc/dnf.conf as appropriate:

proxy=http://proxyserver.exmaple.com:3128

You can check that your proxy server is being used by looking at /var/log/squid3/access.log

© 2019 xand