Fedora 27
Sponsored Link

Reverse Proxy Settings
2017/12/19
 
Configure Squid as a Reverse Proxy Server.
[1] Create self-signed Certificates first. If you use official Certificates, it's not necessary to create self-signed one.
[root@www ~]#
cd /etc/pki/tls/certs

[root@www certs]#
openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/squid.pem -out /etc/pki/tls/certs/squid.pem

Generating a 2048 bit RSA private key
......++++++
.......++++++
writing new private key to '/etc/pki/tls/certs/squid.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
JP
   
# country

State or Province Name (full name) [Some-State]:
Hiroshima
   
# state

Locality Name (eg, city) []:
Hiroshima
   
# city

Organization Name (eg, company) [Internet Widgits Pty Ltd]:
GTS
   
# company

Organizational Unit Name (eg, section) []:
Server World
   
# department

Common Name (eg, YOUR name) []:
www.srv.world
   
# server's FQDN

Email Address []:
xxx@srv.world
   
# admin email
[root@www certs]#
chmod 400 squid.pem

[2] Configure Squid.
If you use official Certificates, replace [cert=*** key=***] to your own one.
If you use the Certs from Let's Encrypt, specify [fullchain.pem] for both [cert=*** key=***].
[root@prox ~]#
vi /etc/squid/squid.conf
# line 57: add (allow all http access)

http_access allow all

# And finally deny all other access to this proxy
http_access deny all
# line 63: specify the backend Web server

#
http_port 3128
http_port 80 accel defaultsite=www.srv.world
https_port 443 accel defaultsite=www.srv.world cert=/etc/pki/tls/certs/squid.pem key=/etc/pki/tls/certs/squid.pem
# line 66: uncommnet

# number means ⇒ [disk cache size] [number of directories on top level] [number of directories on 2nd level]

cache_dir ufs /var/spool/squid 100 16 256
# add to the end

cache_peer www.srv.world parent 80 0 no-query originserver
# memory cache size

cache_mem 256 MB
# define hostname

visible_hostname prox.srv.world
[root@prox ~]#
systemctl start squid

[root@prox ~]#
systemctl enable squid

[3] If Firewalld is running, allow HTTP service.
[root@dlp ~]#
firewall-cmd --add-service={http,https} --permanent

success
[root@dlp ~]#
firewall-cmd --reload

success
[4] Change settings of DNS or Routers in your LAN if need to listen HTTPS access on Squid, then try to access to Squid Reverse Proxy Server from a ClientPC with Web browser like follows.
 
Tweet