En:HOWTO use transparent Squid in front of for YaCy

Aus YaCyWiki

This Squid configuration makes Squid listen for connections on port 80 or 443.

Inhaltsverzeichnis 1 The idea 2 Requirements 3 The configuration 4 Port 80 5 Just SSL

The idea

You need root access to run YaCy on lower ports. There are good reasons not to run YaCy as root. A simple solution may be to use Squid in front of it. The requests go to Squid and is then handed on to YaCy.

Requirements

A SSL certificate. You'll need one of those.

And Squid 2.5. This configuration is for 2.5. Squid 2.6 has a configuration which is completely differnet (Fedora Core 6 and 7 use 2.6, most "stable" distributions like Debian, RHEL and CentOS have 2.5).

The configuration

# From the default config

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern .               0       20%     4320
coredump_dir /var/spool/squid

# Where Squid listens
https_port 66.199.236.140:443 cert=/etc/squid/ssl-key.txt

# Some standard ACLs
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0

# You don't really need to send YaCy a host, but...
httpd_accel_host yacysearch.com
httpd_accel_uses_host_header on

# You really do need to provide the port for it.
httpd_accel_port 8080
httpd_accel_with_proxy on

# We'd like people to connect to 127.0.0.1, and port 8080,
# but they really don't need anymore access to your box.

acl HTTP protocol HTTP
acl port8080 port 8080
acl myservers dst 127.0.0.1
http_access allow HTTP port8080 myservers
http_access allow port8080 myservers
http_access allow port8080
http_access allow myservers
http_access deny all

acl manager proto cache_object
http_access allow manager localhost
http_access deny manager

# Allow purge, perhaps YaCy'll support it someday
acl purge method PURGE
http_access allow purge localhost
http_access deny purge

# Memory control. You really don't need more
# than 8 MB RAM for squid and maby 32 MB disc-cache.
# YaCy does all this anyway.

cache_mem 8 MB
cache_dir ufs /var/spool/squid 32 16 128

Port 80

It must be noted that you can just change:

https_port 22.33.44.55:443 cert=/etc/squid/ssl-key.txt

..to..:

http_port 22.33.44.55:80

Just SSL

YaCy has support for SSL. See En:HOWTO make YaCy allow SSL connections to learn how you can make YaCy accept SSL at port 8080 (or any other port it grabs).