Changes

From SME Server
Jump to navigationJump to search

SME Server:Documentation:FAQ (view source)

Revision as of 19:45, 20 February 2012

2,832 bytes added ,  19:45, 20 February 2012
Break out proxy config options by program
Line 575: Line 575:     
===Upstream proxy server configuration===
 
===Upstream proxy server configuration===
 +
SME Server allows you to proxy internet traffic for various components through an 'upstream' proxy server.
    +
You might need to do this if:
 +
* Your SME server does not have direct access to the Internet
 +
* You have several sites and need centralized internet activity control and reporting
 +
* You are required to impose internet access restrictions on your users (at a school, for example)
 +
 +
====Browser Access from LAN Workstations====
 
*How do I configure a mandatory upstream proxy server, there used to be a panel in earlier versions of sme server, but it's missing in sme7.x
 
*How do I configure a mandatory upstream proxy server, there used to be a panel in earlier versions of sme server, but it's missing in sme7.x
   Line 585: Line 592:  
[The SquidParentPort setting is optional if the upstream proxy is on port 3128.]
 
[The SquidParentPort setting is optional if the upstream proxy is on port 3128.]
   −
From http://forums.contribs.org/index.php?topic=32998.msg140512#msg140512
+
====Yum (system updates)====
 +
How do I get yum updates through a proxy server (in case my SME server does not have direct internet access)
 +
 
 +
Based on [[Bugzilla:2407]]:
 +
<nowiki>mkdir -p /etc/e-smith/templates-custom/etc/yum.conf
 +
cd /etc/e-smith/templates-custom/etc/yum.conf
 +
echo '{
 +
    my $YumProxy = $yum{'Proxy'} || "none";
 +
    $OUT = ($YumProxy eq "none") ? "" : "proxy=$YumProxy";
 +
}' > 10main_proxy
 +
config setprop yum Proxy http://localhost:3128/
 +
expand-template /etc/yum.conf
 +
</nowiki>
 +
 
 +
* The code shown above should work (untested) if you have configured SquidParent for your server.
 +
* You could (alternatively) replace '''<tt><nowiki>http://localhost:3128</nowiki></tt>''' with the address of your upstream proxy.
 +
 
 +
 
 +
====ClamAV / freshclam====
 +
How do I configure freshclam to download updates for ClamAV through a proxy server?
 +
 
 +
Based on examination of '''<tt>/etc/e-smith/templates/etc/freshclam.conf/ProxySettings</tt>''':
 +
<nowiki>config setprop clamav HTTPProxyServer localhost
 +
config setprop clamav HTTPProxyPort 3128
 +
config setprop clamav HTTPProxyUsername ""
 +
config setprop clamav HTTPProxyPassword ""
 +
sv t freshclam
 +
</nowiki>
 +
* The code shown will proxy ClamAV updates through your local squid proxy.
 +
* You could (alternatively) replace the values shown above with the values required for any upstream proxy.
 +
* [[Bugzilla:542]]
 +
 
 +
====Spamassassin====
 +
From http://wiki.apache.org/spamassassin/RuleUpdates:
 +
<blockquote>'''What if I need update requests to go through a proxy server?'''<br />
 +
 
 +
sa-update uses the LWP::UserAgent module, which allows certain environment variables to be set so that requests use defined proxy servers. The main one of interest is "http_proxy", which should be set to an URL defining the proxy. ie: export http_proxy='http://proxy.example.com:8080/'</blockquote>
 +
 
 +
On a sme server, this should work with '''<tt><nowiki>export http_proxy='http://localhost:3128'</nowiki></tt>''', which would need to be added to /etc/cron.daily/sa_update
   −
{{Note box|ssh, ftp and telnet do not work via an http "upstream" proxy. Yum and freshclam may require tweaking if your only internet access is via upstream proxy.}}
+
====curl, wget====
 +
For curl and wget to work correctly on a SME server without direct internet access, you must execute the following command in the same program or shell session beforehand:
   −
To get curl and wget to work correctly on the SME server, execute the following:
+
export http_proxy=localhost:3128
   −
  export HTTP_PROXY=localhost:3128
+
eg:
 +
  <nowiki>export http_proxy=localhost:3128
 +
curl http://www.googl.com</nowiki>
   −
Re yum and freshclam see the following:
+
====ssh, ftp, telnet====
 +
{{Note box|ssh, ftp and telnet do not work via an http "upstream" proxy.}}
   −
http://bugs.contribs.org/show_bug.cgi?id=2407
+
====Testing and Verification====
 +
You can verify that a particular program is being proxied through squid on your local SME server by searching /var/log/squid/access.log for access to the target web address originating from '127.0.0.1'.
   −
http://bugs.contribs.org/show_bug.cgi?id=542
+
That is, after executing these commands:
 +
<nowiki>export http_proxy=localhost:3128
 +
curl http://www.google.com</nowiki>
   −
From Forum post http://forums.contribs.org/index.php/topic,46163.0.html
+
you should see an entry similary to the following <tt>/var/log/squid/access.log:</tt>
 +
1329759611.923    64 '''127.0.0.1''' TCP_MISS/301 726 GET '''<nowiki>http://www.googl.com</nowiki>''' - DIRECT/74.125.113.94 text/html
    
===Memory usage and limits===
 
===Memory usage and limits===
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/16067"

Navigation menu