En:HOWTO use transparent Squid in front of for YaCy

Aus YaCyWiki
Wechseln zu: Navigation, Suche

Flag-germany.gif Es existiert keine deutsche Version dieses Artikels, bitte eine anlegen!

This Squid configuration makes Squid listen for connections on port 80 or 443.

The idea

You need root access to run YaCy on lower ports. There are good reasons not to run YaCy as root. A simple solution may be to use Squid in front of it. The requests go to Squid and is then handed on to YaCy.

Requirements

A SSL certificate. You'll need one of those.

And Squid 2.5. This configuration is for 2.5. Squid 2.6 has a configuration which is completely differnet (Fedora Core 6 and 7 use 2.6, most "stable" distributions like Debian, RHEL and CentOS have 2.5).

The configuration

# From the default config

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern .               0       20%     4320
coredump_dir /var/spool/squid

# Where Squid listens
https_port 66.199.236.140:443 cert=/etc/squid/ssl-key.txt

# Some standard ACLs
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0

# You don't really need to send YaCy a host, but...
httpd_accel_host yacysearch.com
httpd_accel_uses_host_header on

# You really do need to provide the port for it.
httpd_accel_port 8090
httpd_accel_with_proxy on

# We'd like people to connect to 127.0.0.1, and port 8090,
# but they really don't need anymore access to your box.

acl HTTP protocol HTTP
acl port8090 port 8090
acl myservers dst 127.0.0.1
http_access allow HTTP port8090 myservers
http_access allow port8090 myservers
http_access allow port8090
http_access allow myservers
http_access deny all

acl manager proto cache_object
http_access allow manager localhost
http_access deny manager

# Allow purge, perhaps YaCy'll support it someday
acl purge method PURGE
http_access allow purge localhost
http_access deny purge

# Memory control. You really don't need more
# than 8 MB RAM for squid and maby 32 MB disc-cache.
# YaCy does all this anyway.

cache_mem 8 MB
cache_dir ufs /var/spool/squid 32 16 128

Port 80

It must be noted that you can just change: 

https_port 22.33.44.55:443 cert=/etc/squid/ssl-key.txt

..to..: 

http_port 22.33.44.55:80

Just SSL

YaCy has support for SSL. See En:HOWTO make YaCy allow SSL connections to learn how you can make YaCy accept SSL at port 8090 (or any other port it grabs).

Abgerufen von „https://wiki.yacy.net/index.php?title=En:HOWTO_use_transparent_Squid_in_front_of_for_YaCy&oldid=22283