Hi,
I recently migrated my office's server from Slackware64 14.1 to CentOS 7. Right now I'm in the process of configuring the Squid web proxy. I edited the default /etc/squid/squid.conf, and here's what I have so far:
--8<-------------------------------------------------- # /etc/squid/squid.conf
# Nom d'hôte du serveur Squid visible_hostname amandine.microlinux.lan
# Définitions acl localnet src 192.168.2.0/24 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT
# Règles d'accès http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet
# Port du proxy http_port 3128
# Taille du cache dans la RAM cache_mem 256 MB
# Vidage système coredump_dir /var/spool/squid
# Durée de vie des fichiers sans date d'expiration refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|?) 0 0% 0 refresh_pattern . 0 --8<--------------------------------------------------
The proxy is working as expected. I have a few questions for fine-tuning though.
1. Squid's main logs are stored in /var/log/squid/access.log. I'd like to setup logfile rotation for that, since it can become quite big. How do you handle this? With Squid's intern 'logfile_rotate' directive or with logrotate? What I'd like to do is rotate this logfile about once a week.
2. Which user is Squid supposed to run as under CentOS? On my Slackware server I had the following:
cache_effective_user nobody cache_effective_group nobody
What's an orthodox setting for CentOS?
3. The access rules are a bit minimal. Do they seem OK to you for a LAN? Any suggestions?
Cheers,
Niki