LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-12-2017, 08:34 PM   #1
JohnVinson
LQ Newbie
 
Registered: Aug 2017
Posts: 5

Rep: Reputation: Disabled
Smile Newbie - Squid Proxy


Hi Everyone,

Im a newbie for linux OS.

Im currently working on a non-profit organization that runs a charity school, the current situation: internet is pretty slow and limited bandwidth only the following describe the connection type:
connection type: DSL 10mbps on copper with a modem
load: about 250 users at one time (both staff and students)
issues: it choke up the bandwidth
internet provider: no plan for any upgrade of the facility

Squid Proxy would help resolved this problem, so I setup a Ubuntu server with squid running on it, Id like to seek help from you guys on how to (the following):
1. make the proxy server transparent (client (direct and sub-router/s) -> squid -> main router -> internet)
2. only main router and sub-router is providing ip for all clients;
(student access: desktop (about 150 users) -> sub-router/s -> squid -> main router -> internet)
(staff access: staff (about 100users)direct -> squid -> main router -> internet)
3. transparent: so i dont need to configure each computers and mobile device to point to the squid proxy
4. caching both pages and downloaded files
5. block some sites including ads on web pages
6. renew or refresh (content, gif, jpg, jpeg, png, ico) as often as possible
7. using squid 24x7 (no exception)

This is the specs of the Squid Server:
OS - Ubuntu 17.04 Server
Squid - 3.5 version
processor - i3 quad core 3.3ghz (dell optiflex)
memory - 12 gig (option to increase as needed)
hard drive - SATA 1tera
power supply 500 watts

Seeking for your advise and configuration method for the required config (mention above). Highly appreciated if instruction given are for newbies category.

Thank you very much.

Last edited by JohnVinson; 08-12-2017 at 08:35 PM.
 
Old 08-13-2017, 08:35 PM   #2
khouji
LQ Newbie
 
Registered: Jul 2017
Posts: 8

Rep: Reputation: Disabled
Cool

Welcome!
 
1 members found this post helpful.
Old 08-13-2017, 09:47 PM   #3
jmgibson1981
Member
 
Registered: Jun 2015
Location: Tucson, AZ USA
Distribution: Ubuntu LTS
Posts: 163

Rep: Reputation: Disabled
Using 17.04 is a mistake. Should use an LTS or Debian.

Last edited by jmgibson1981; 08-13-2017 at 09:49 PM.
 
1 members found this post helpful.
Old 08-13-2017, 10:04 PM   #4
JohnVinson
LQ Newbie
 
Registered: Aug 2017
Posts: 5

Original Poster
Rep: Reputation: Disabled
Hi jmgibson,

Thanks for the info, may I know why is the 17.04 is a mistake for the squid proxy? any recommendation of version of such OS?

Last edited by JohnVinson; 08-14-2017 at 06:36 AM.
 
Old 08-14-2017, 07:13 AM   #5
linustalman
Senior Member
 
Registered: Mar 2010
Location: Ireland
Distribution: Debian 9 Stable (Stretch) x64
Posts: 1,700

Rep: Reputation: 258Reputation: 258Reputation: 258
Greetings.
 
Old 08-14-2017, 07:36 AM   #6
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,995

Rep: Reputation: 4327Reputation: 4327Reputation: 4327Reputation: 4327Reputation: 4327Reputation: 4327Reputation: 4327Reputation: 4327Reputation: 4327Reputation: 4327Reputation: 4327
Quote:
Originally Posted by JohnVinson View Post
Hi Everyone,
Im a newbie for linux OS. Im currently working on a non-profit organization that runs a charity school, the current situation:

internet is pretty slow and limited bandwidth only the following describe the connection type:
connection type: DSL 10mbps on copper with a modem
load: about 250 users at one time (both staff and students)
issues: it choke up the bandwidth
internet provider: no plan for any upgrade of the facility

Squid Proxy would help resolved this problem,
Interested in how you came to this conclusion, especially if you're a brand-new user to Linux and Squid.
Quote:
so I setup a Ubuntu server with squid running on it, Id like to seek help from you guys on how to (the following):
1. make the proxy server transparent (client (direct and sub-router/s) -> squid -> main router -> internet)
2. only main router and sub-router is providing ip for all clients;
(student access: desktop (about 150 users) -> sub-router/s -> squid -> main router -> internet)
(staff access: staff (about 100users)direct -> squid -> main router -> internet)
3. transparent: so i dont need to configure each computers and mobile device to point to the squid proxy
4. caching both pages and downloaded files
5. block some sites including ads on web pages
6. renew or refresh (content, gif, jpg, jpeg, png, ico) as often as possible
7. using squid 24x7 (no exception)

This is the specs of the Squid Server:
OS - Ubuntu 17.04 Server
Squid - 3.5 version
processor - i3 quad core 3.3ghz (dell optiflex)
memory - 12 gig (option to increase as needed)
hard drive - SATA 1tera
power supply 500 watts

Seeking for your advise and configuration method for the required config (mention above). Highly appreciated if instruction given are for newbies category.
Again, this is curious; you are asking for advice on how to configure your Linux system and squid...but start out by saying that you've already DONE IT? jmgibson1981 makes a good point...a 'regular' Ubuntu release will get a LOT of updates frequently, and be end-of-life quickly as well. Using a server-class distro (like LTS, meaning Long Term Support), or something like CentOS is far better.

After that, if you'd like to set up Squid, there are many, MANY how-to guides you can find. One of the first hits in Google for "how to configure squid on ubuntu lts" is from the official Ubuntu pages:
https://help.ubuntu.com/lts/serverguide/squid.html

We are happy to assist you with problems should they arise, but please try to follow any of the abudnant preexisting how-to guides first.
 
1 members found this post helpful.
Old 08-14-2017, 07:43 AM   #7
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 2,218
Blog Entries: 3

Rep: Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005
Quote:
Originally Posted by JohnVinson View Post
Hi jmgibson,

Thanks for the info, may I know why is the 17.04 is a mistake for the squid proxy? any recommendation of version of such OS?
The best version at the moment would be 16.04 LTS. It is good until April 2021, so you get a good return on your efforts and the choice to move to 18.04 LTS remains up to you. With 17.04, there's a little more experimental action, which is fine for some people, but might not be the happiest of choices with a lot of people depending on things staying the same in a production environment. Also with 17.04 the clock runs out after only 9 months instead of 5 years like for LTS, so you'd have no choice but to upgrade from 17.04 to 18.04. So the general recommendation would be for 16.04 LTS.

Transparent Squid is easy to set up for HTTP. Go for that first.

Later, for HTTPS you will need to decrypt the connections and to do that you'd have to innoculate all the browsers that will use your Squid setup with your own TLS certificate to be able to do what ammounts to a MitM attack. It complicates things, not just on technical level.
 
2 members found this post helpful.
Old 08-14-2017, 12:51 PM   #8
AwesomeMachine
Senior Member
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 2,991

Rep: Reputation: 514Reputation: 514Reputation: 514Reputation: 514Reputation: 514Reputation: 514
10 Mb/s for 250 users is a bit slow for todays Internet. Squid should help a bit. But it takes time to build the cache. And, you want to slow down the refresh interval of the cached objects, or the server will download them too often.

To cache downloaded files you need to set the maximum object size to the maximum size of the files that will be downloaded.

You make your configuration in squid.conf.

Transparent: https://www.cyberciti.biz/tips/linux...uid-howto.html

Squid refresh patterns: https://www.linux.com/news/speed-you...fresh-patterns

Squid FAQ: https://wiki.squid-cache.org/SquidFaq/CompleteFaq

The firewall can be on the same server as squid. This will allow you to block popups and other unwanted traffic.
Firewall: https://www.digitalocean.com/communi...firewall-works
 
2 members found this post helpful.
Old 08-14-2017, 02:50 PM   #9
jefro
Moderator
 
Registered: Mar 2008
Posts: 16,681

Rep: Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455
Alternate ideas.

You may wish to eliminate a lot of useless traffic. Consider incorporating things that may reduce traffic. Consider a layer 7+ firewall of some kind. Although you have an OK computer it may not work under the massive load the kids would be hitting on it. You need to secure the heck out of it. There are web page lists on hosts files that have many of the linked advertisement sites. Many of those could be limited.

Untangle linux may be a consideration. It has many tools that you might use to limited web access and help secure your site.

You may actually need a dedicated hardware solution if you can't get a local software based solution to work.

There may be ways to monitor what you have now and improve it if you wish to stay with what you have.
 
1 members found this post helpful.
Old 08-15-2017, 07:30 AM   #10
JohnVinson
LQ Newbie
 
Registered: Aug 2017
Posts: 5

Original Poster
Rep: Reputation: Disabled
Smile

Quote:
Originally Posted by TB0ne View Post
Interested in how you came to this conclusion, especially if you're a brand-new user to Linux and Squid.

Again, this is curious; you are asking for advice on how to configure your Linux system and squid...but start out by saying that you've already DONE IT? jmgibson1981 makes a good point...a 'regular' Ubuntu release will get a LOT of updates frequently, and be end-of-life quickly as well. Using a server-class distro (like LTS, meaning Long Term Support), or something like CentOS is far better.

After that, if you'd like to set up Squid, there are many, MANY how-to guides you can find. One of the first hits in Google for "how to configure squid on ubuntu lts" is from the official Ubuntu pages:
https://help.ubuntu.com/lts/serverguide/squid.html

We are happy to assist you with problems should they arise, but please try to follow any of the abudnant preexisting how-to guides first.
Hi TBOne,

Thank you for assisting will try to work on it, i will change the OS to debian os.
 
Old 08-15-2017, 07:44 AM   #11
JohnVinson
LQ Newbie
 
Registered: Aug 2017
Posts: 5

Original Poster
Rep: Reputation: Disabled
Smile

Quote:
Originally Posted by Turbocapitalist View Post
The best version at the moment would be 16.04 LTS. It is good until April 2021, so you get a good return on your efforts and the choice to move to 18.04 LTS remains up to you. With 17.04, there's a little more experimental action, which is fine for some people, but might not be the happiest of choices with a lot of people depending on things staying the same in a production environment. Also with 17.04 the clock runs out after only 9 months instead of 5 years like for LTS, so you'd have no choice but to upgrade from 17.04 to 18.04. So the general recommendation would be for 16.04 LTS.

Transparent Squid is easy to set up for HTTP. Go for that first.

Later, for HTTPS you will need to decrypt the connections and to do that you'd have to innoculate all the browsers that will use your Squid setup with your own TLS certificate to be able to do what ammounts to a MitM attack. It complicates things, not just on technical level.
Hi,

thank you for your suggestion and explanation
 
Old 08-15-2017, 07:45 AM   #12
JohnVinson
LQ Newbie
 
Registered: Aug 2017
Posts: 5

Original Poster
Rep: Reputation: Disabled
Smile

Quote:
Originally Posted by jefro View Post
Alternate ideas.

You may wish to eliminate a lot of useless traffic. Consider incorporating things that may reduce traffic. Consider a layer 7+ firewall of some kind. Although you have an OK computer it may not work under the massive load the kids would be hitting on it. You need to secure the heck out of it. There are web page lists on hosts files that have many of the linked advertisement sites. Many of those could be limited.

Untangle linux may be a consideration. It has many tools that you might use to limited web access and help secure your site.

You may actually need a dedicated hardware solution if you can't get a local software based solution to work.

There may be ways to monitor what you have now and improve it if you wish to stay with what you have.
Hi,

Thank you for your suggestion and will apply that idea.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Newbie: Configured the squid cache transparent proxy server! indikasl LinuxQuestions.org Member Intro 1 08-02-2010 02:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration