How to Enable Squid through SCS with Internet Access
Set SELinux to
permissive
mode in the/etc/selinux/config
file.
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Change SELinux to permissive mode from the command line:
setenforce 0
Create a log directory for Squid:
mkdir /var/log/squid
chmod 777 /var/log/squid
Create the
/etc/squid
and/var/spool/squid
directories:
Create the
/etc/squid/squid.conf
file and configure it as needed.
cache_peer connect to parent proxy server
Update local storage network subnet
Note: If the password contains characters have special meanings in URLs (like ‘#
', '&
', '?
', etc.), ensure the special characters are URL-encoded and must be encoded to be represented correctly.
Run the following command to download the Squid container and run it using Podman:
Update
/etc/firewalld/zones/swarm_site.xml
to allow access Squid on SCS Storage network on port3128
Reload Firewall rules
Test Squid’s internet access by running a curl command:
Offline Installation of Ubuntu/Squid
Export the
ubuntu.squid.4.10.tar
container tarball:
Copy the tarball to SCS (e.g.
/root/dist/ubuntu.squid.4.10.tar
)Set SELinux to permissive mode in
/etc/selinux/config
file (it not already done).
Change SELinux to permissive mode from the command line (if not already done):
Load the ubuntu/squid container image to Podman:
Create the necessary directories on SCS:
Grant permissions for Squid to output logs to
/var/log/squid/access.log
:
Create or update the
/etc/squid/squid.conf
file as needed.Update /etc/squid/squid.conf with Parent Proxy IP, Port and correct storage subnet.
Update
/etc/firewalld/zones/swarm_site.xml
to allow access Squid on SCS Storage network on port3128
Reload Firewall rules
Run the following command to start the Squid container:
Adding Squid Container to systemd to ensure start on system boot
To create a
systemd
service for Squid container (/etc/systemd/system/squid-container.service
), use thepodman generate systemd
command:
Stop Squid container from Podman
Enable and start the service:
Verify the status of the Squid container service:
© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.