Line 575: |
Line 575: |
| | | |
| ===Upstream proxy server configuration=== | | ===Upstream proxy server configuration=== |
| + | SME Server allows you to proxy internet traffic for various components through an 'upstream' proxy server. |
| | | |
| + | You might need to do this if: |
| + | * Your SME server does not have direct access to the Internet |
| + | * You have several sites and need centralized internet activity control and reporting |
| + | * You are required to impose internet access restrictions on your users (at a school, for example) |
| + | |
| + | ====Browser Access from LAN Workstations==== |
| *How do I configure a mandatory upstream proxy server, there used to be a panel in earlier versions of sme server, but it's missing in sme7.x | | *How do I configure a mandatory upstream proxy server, there used to be a panel in earlier versions of sme server, but it's missing in sme7.x |
| | | |
Line 585: |
Line 592: |
| [The SquidParentPort setting is optional if the upstream proxy is on port 3128.] | | [The SquidParentPort setting is optional if the upstream proxy is on port 3128.] |
| | | |
− | From http://forums.contribs.org/index.php?topic=32998.msg140512#msg140512 | + | ====Yum (system updates)==== |
| + | How do I get yum updates through a proxy server (in case my SME server does not have direct internet access) |
| + | |
| + | Based on [[Bugzilla:2407]]: |
| + | <nowiki>mkdir -p /etc/e-smith/templates-custom/etc/yum.conf |
| + | cd /etc/e-smith/templates-custom/etc/yum.conf |
| + | echo '{ |
| + | my $YumProxy = $yum{'Proxy'} || "none"; |
| + | $OUT = ($YumProxy eq "none") ? "" : "proxy=$YumProxy"; |
| + | }' > 10main_proxy |
| + | config setprop yum Proxy http://localhost:3128/ |
| + | expand-template /etc/yum.conf |
| + | </nowiki> |
| + | |
| + | * The code shown above should work (untested) if you have configured SquidParent for your server. |
| + | * You could (alternatively) replace '''<tt><nowiki>http://localhost:3128</nowiki></tt>''' with the address of your upstream proxy. |
| + | |
| + | |
| + | ====ClamAV / freshclam==== |
| + | How do I configure freshclam to download updates for ClamAV through a proxy server? |
| + | |
| + | Based on examination of '''<tt>/etc/e-smith/templates/etc/freshclam.conf/ProxySettings</tt>''': |
| + | <nowiki>config setprop clamav HTTPProxyServer localhost |
| + | config setprop clamav HTTPProxyPort 3128 |
| + | config setprop clamav HTTPProxyUsername "" |
| + | config setprop clamav HTTPProxyPassword "" |
| + | sv t freshclam |
| + | </nowiki> |
| + | * The code shown will proxy ClamAV updates through your local squid proxy. |
| + | * You could (alternatively) replace the values shown above with the values required for any upstream proxy. |
| + | * [[Bugzilla:542]] |
| + | |
| + | ====Spamassassin==== |
| + | From http://wiki.apache.org/spamassassin/RuleUpdates: |
| + | <blockquote>'''What if I need update requests to go through a proxy server?'''<br /> |
| + | |
| + | sa-update uses the LWP::UserAgent module, which allows certain environment variables to be set so that requests use defined proxy servers. The main one of interest is "http_proxy", which should be set to an URL defining the proxy. ie: export http_proxy='http://proxy.example.com:8080/'</blockquote> |
| + | |
| + | On a sme server, this should work with '''<tt><nowiki>export http_proxy='http://localhost:3128'</nowiki></tt>''', which would need to be added to /etc/cron.daily/sa_update |
| | | |
− | {{Note box|ssh, ftp and telnet do not work via an http "upstream" proxy. Yum and freshclam may require tweaking if your only internet access is via upstream proxy.}}
| + | ====curl, wget==== |
| + | For curl and wget to work correctly on a SME server without direct internet access, you must execute the following command in the same program or shell session beforehand: |
| | | |
− | To get curl and wget to work correctly on the SME server, execute the following:
| + | export http_proxy=localhost:3128 |
| | | |
− | export HTTP_PROXY=localhost:3128 | + | eg: |
| + | <nowiki>export http_proxy=localhost:3128 |
| + | curl http://www.googl.com</nowiki> |
| | | |
− | Re yum and freshclam see the following:
| + | ====ssh, ftp, telnet==== |
| + | {{Note box|ssh, ftp and telnet do not work via an http "upstream" proxy.}} |
| | | |
− | http://bugs.contribs.org/show_bug.cgi?id=2407
| + | ====Testing and Verification==== |
| + | You can verify that a particular program is being proxied through squid on your local SME server by searching /var/log/squid/access.log for access to the target web address originating from '127.0.0.1'. |
| | | |
− | http://bugs.contribs.org/show_bug.cgi?id=542 | + | That is, after executing these commands: |
| + | <nowiki>export http_proxy=localhost:3128 |
| + | curl http://www.google.com</nowiki> |
| | | |
− | From Forum post http://forums.contribs.org/index.php/topic,46163.0.html
| + | you should see an entry similary to the following <tt>/var/log/squid/access.log:</tt> |
| + | 1329759611.923 64 '''127.0.0.1''' TCP_MISS/301 726 GET '''<nowiki>http://www.googl.com</nowiki>''' - DIRECT/74.125.113.94 text/html |
| | | |
| ===Memory usage and limits=== | | ===Memory usage and limits=== |