LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-04-2009, 09:20 AM   #1
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,006

Rep: Reputation: 30
WHich squid for CentOS?


Which version of squid should I use for CentOS5?
DO I use a RHL binary?
 
Old 08-04-2009, 09:57 AM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,950
Blog Entries: 5

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
There is a a Squid in the CentOS repositories.

Type "yum list squid" - you may already have it installed.

If not then typing "yum install squid" ought to install it.
 
Old 08-04-2009, 10:00 AM   #3
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,006

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by jlightner View Post
There is a a Squid in the CentOS repositories.

Type "yum list squid" - you may already have it installed.

If not then typing "yum install squid" ought to install it.
Oh...yes.
It appears to be 7:2.6.STABLE21-3.el5

Sound like the latest?
 
Old 08-04-2009, 10:03 AM   #4
fpmurphy
Member
 
Registered: Jan 2009
Location: /dev/ph
Distribution: Fedora, Ubuntu, Redhat, Centos
Posts: 285

Rep: Reputation: 61
Any version of Squid later than 2.5 will do.
 
Old 08-04-2009, 10:08 AM   #5
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,950
Blog Entries: 5

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
That's the one I have on my CentOS5 install.

In short the answer is:
1) Yes it is is the latest supported by the CentOS project.
2) There may be a newer unsupported version upstream (e.g. at Squid's project site).

However, "latest" is a broad question. Since the "yum list" didn't show any other versions it is certainly the "latest" from CentOS project. But CentOS typically lags behind RedHat (RHEL) which is where they get their source for the compile so it is possible there is a RHEL squid newer that hasn't made it to CentOS yet but should soon. Also RHEL tends to go with specific builds of some packages (BIND for example) then backport security fixes into those rather than going to the newest version of the original source tree. To use that you'd have to download the source from the Squid project itself and compile your own. Unless there is a specific feature you're looking for there's probably no reason to do that.
 
Old 08-04-2009, 10:11 AM   #6
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 18 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Hi,

The latest stable release from Squid is 3.0STABLE18 (released today) and can be very usefull if you will be proxy-ing https sites since it has some bugs fixed and clearly offers all the 'new' parameters. You can download it here Squid versions. Also keep in mind that if you want to proxy https sites you'll have to download the source code and compile it yourself because the standard package comes without ssl enabled.

Kind regards,

Eric
 
Old 08-04-2009, 10:13 AM   #7
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,006

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by EricTRA View Post
Hi,

The latest stable release from Squid is 3.0STABLE18 (released today) and can be very usefull if you will be proxy-ing https sites since it has some bugs fixed and clearly offers all the 'new' parameters. You can download it here Squid versions. Also keep in mind that if you want to proxy https sites you'll have to download the source code and compile it yourself because the standard package comes without ssl enabled.

Kind regards,

Eric
Does that involve using wget with a web address?
 
Old 08-04-2009, 10:20 AM   #8
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 18 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Hello,

With wget you can surely download it. Here's the url Squid 3.0STABLE18 source.I don't know if there is an option in yum that lets you download source. In Debian I got STABLE16 about two weeks ago using 'apt-get source'. Perhaps someone with more knowledge about CentOS can indicate if yum has an equivalent.

Kind regards,

Eric
 
Old 08-04-2009, 10:24 AM   #9
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,006

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by EricTRA View Post
Hello,

With wget you can surely download it. Here's the url Squid 3.0STABLE18 source.I don't know if there is an option in yum that lets you download source. In Debian I got STABLE16 about two weeks ago using 'apt-get source'. Perhaps someone with more knowledge about CentOS can indicate if yum has an equivalent.

Kind regards,

Eric
Does the current CentOS have https?
Seems strange that you can't just turn on an option somewhere
If it does, can I turn it off and recompile it or dies it have to be uninstalled?
 
Old 08-04-2009, 10:41 AM   #10
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 18 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Hi,

I'm not familiar with CentOS but if you mean by 'having https' that if it supports https, I'm sure it will . HTTPS is just a protocol that gives you more security in communicating through secured tunnels and authenticating using certificates.

Standard Squid doesn't come with ssl enabled. SSL is SecureSocketLayer and you need that to get https to work with certificates (Sorry for not giving more detail, this is very basic, Google can help out more).

So if you're planning on putting your webserver online with https, you'll need OpenSSL or something like that, Squid compiled with ssl enabled and a webserver that supports https (which most do to my knowledge).

If you're not sure on if you would need it, but in doubt, I'd download the source and compile it with ssl support. When not configured it's not used but it saves you time and effort in compiling again after some time.

Practical example which I'm testing right now:

8 web applications, almost all of them running on Tomcat in our intranet needed to be accessible from the internet to our users.

I compiled Squid with ssl enabled, created a self signed certificate, configured squid to use LDAP authentication and got it up and running for 95%, meaning that https frontend with http backend is a bit tricky (still a work in progress with the help of the Squid guys through the Squid Users Mailing list).

So in my test environment a user has to connect to https. If he connects to http, a url_rewrite program redirects him permanently after which he has to accept the certificate and install it (accept a security exception). After that they get a popup to login with their domain credentials and after authentication they get the site login. In addition to that on the same server I plan to configure IPTABLES and Snort for security and intrusion detection.

Kind regards,

Eric
 
Old 08-04-2009, 10:43 AM   #11
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,950
Blog Entries: 5

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
The httpd (apache) package has config files under /etc/httpd including /etc/httpd/conf.d/ssl.conf which deals with https.

I'm no web expert and don't use squid but as I noted earlier you can use the ones you get from CentOS repositories or you can go to the original source and roll your own. If you do the latter then you can't use yum to update things.

There are some extra yum repositories from CentOS that might provide things you don't have but they eliminate binary compatibility with RHEL. If that compatibility isn't important you can check those.

Also Dag Wieers keeps repositories for many RPMs so you may be able to add a repository by checking his site and see if it has newer httpd and squid than the ones CentOS provides.
 
Old 08-04-2009, 10:44 AM   #12
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,006

Original Poster
Rep: Reputation: 30
I was planning on having my users connect to the proxy with just an IP address.
If they want to connect using https, will I also need to set up a web domain on the server?
Can't it just accept connections on the HTTPS port and the proxy then forwards the request?
 
Old 08-04-2009, 10:52 AM   #13
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 18 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Quote:
Can't it just accept connections on the HTTPS port and the proxy then forwards the request?
If you have Squid configured with SSL enabled, have your certificate, then you can accept HTTPS request. You don't need a webserver on the same server. Squid is a proxy server which means that you can redirect any traffic to any backend webserver desired, be it IIS, Apache, Tomcat, ...

With Squid you basically only need one IP, and have multiple domains behind it. You only need your base domain.com, access to the DNS to create subdomains, and link all the subdomains in DNS to the same IP which, probably after being redirected by your firewall, should be offered to Squid. Squid 'reads' the HTTP header and redirects to the backend server listed in its configuration, reading static files from his cache first if so configured.

If you don't have access to the DNS then of course you could give your WAN IP to your users in order to let them connect but that way Squid will not now where to redirect traffic to if you have more than one server. If you only have one backend server of course then that's no problem, just redirect all traffic to that one and use Squid as cache proxy with or without acceleration to 'hide' your real backend server from the internet.

Kind regards,

Eric

Last edited by EricTRA; 08-04-2009 at 10:54 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Anonymous Proxy Using Squid 3 On CentOS 5.x LXer Syndicated Linux News 0 11-21-2008 06:30 PM
Running squid (w/ dansguardian) on centos 5.2 blocking all google searches bsd13 Linux - Software 0 07-31-2008 11:45 AM
CentOS 4.1 hosting squid and advanced routing freezing mysteriously dougbourne Linux - Networking 1 07-01-2008 08:21 AM
squid error on centos 5 ssilayaraja Linux - Networking 1 03-26-2008 04:13 AM
[CentOS] Squid, iptables, dhcp server ? prixone Linux - Newbie 0 01-18-2008 12:37 AM


All times are GMT -5. The time now is 10:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration