How to Enable Squid through SCS with Internet Access

  1. Set SELinux to permissive mode in the /etc/selinux/config file.

# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
  1. Change SELinux to permissive mode from the command line:

setenforce 0
  1. Create a log directory for Squid:

mkdir /var/log/squid chmod 777 /var/log/squid
  1. Create the /etc/squid and /var/spool/squid directories:

  1. Create the /etc/squid/squid.conf file and configure it as needed.

  • cache_peer connect to parent proxy server

  • Update local storage network subnet

Note: If the password contains characters have special meanings in URLs (like ‘#', '&', '?', etc.), ensure the special characters are URL-encoded and must be encoded to be represented correctly.

  1. Run the following command to download the Squid container and run it using Podman:

  1. Update /etc/firewalld/zones/swarm_site.xml to allow access Squid on SCS Storage network on port 3128

  1. Reload Firewall rules

  1. Test Squid’s internet access by running a curl command:

 

Offline Installation of Ubuntu/Squid

  1. Export the ubuntu.squid.4.10.tar container tarball:

  1. Copy the tarball to SCS (e.g. /root/dist/ubuntu.squid.4.10.tar)

  2. Set SELinux to permissive mode in /etc/selinux/config file (it not already done).

  1. Change SELinux to permissive mode from the command line (if not already done):

  1. Load the ubuntu/squid container image to Podman:

  1. Create the necessary directories on SCS:

  1. Grant permissions for Squid to output logs to /var/log/squid/access.log:

  1. Create or update the /etc/squid/squid.conf file as needed.

  2. Update /etc/squid/squid.conf with Parent Proxy IP, Port and correct storage subnet.

  3. Update /etc/firewalld/zones/swarm_site.xml to allow access Squid on SCS Storage network on port 3128

  1. Reload Firewall rules

  1. Run the following command to start the Squid container:

 

Adding Squid Container to systemd to ensure start on system boot

  1. To create a systemd service for Squid container (/etc/systemd/system/squid-container.service), use the podman generate systemd command:

  1. Stop Squid container from Podman

  1. Enable and start the service:

  1. Verify the status of the Squid container service:

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.