Installing a Squid proxy server
As an administrator, you can set up a forward proxy server in your infrastructure environment so that PATROL Agent 20.08 and later can communicate with BMC Helix Operations Management via the proxy server.
For internal testing, BMC has deployed the Squid proxy server in a container on Ubuntu by using the instructions in the following section. Squid also supports other types of installations. For more information, see Squid documentation.
Note
The following commands are applicable to Ubuntu and might vary depending on the Linux distribution. Refer to the relevant operating system documentation for the commands.
To install a Squid proxy server as a Docker container without authentication support
- Log in to the computer on which you plan to install the Squid proxy server.
Update the
apt
package index by running the following command:apt-get update
Install the package to enable
apt
to use a repository over HTTPS by running the following command:apt-get install apt-transport-https ca-certificates curl software-properties-common
Add Docker's official GPG key by running the following command:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Update the registry by running the following command:
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Install the Docker engine by running the following command:
apt-get update
apt-get install docker-ce
Verify that Docker CE is installed correctly by running the
hello-world
image:docker run hello-world
Extract the Docker image of the Squid proxy server from the Docker repository:
#Syntax
docker pull <Squid docker image name>
#Example
docker pull sameersbn/squid:3.5.27-2
Important
sameersbn/squid:3.5.27-2 is a community Docker image and is used only as an example here. Use the Docker image approved by your organization.
Download the squid.conf file and copy it to the /opt/tmp/ directory.
Using a text editor, open the /opt/tmp/squid.conf file, and update the
http_access
parameter. By defaulthttp_access
is set todeny all
. Change it toallow all.
http_access allow allStart the Docker container by running the following command:
docker run --name squid -d --restart=always --publish 3129:3128 --volume /opt/tmp/squid.conf:/etc/squid/squid.conf --volume /srv/docker/squid/cache:/var/spool/squid sameersbn/squid:3.5.27-2
Parameter description
- 3129: External proxy server container port that the PATROL Agent will use to talk to BMC Helix Operations Management. You can use any other port number in the preceding command.
- 3128: Internal container port on which the proxy server is running. This is a default Squid proxy server port.
- /opt/tmp/squid.conf: The configuration file that you updated in the Step 5.
- /etc/squid/squid.conf: The configuration file created inside the container and linked to the /opt/tmp/squid.conf which is outside the container.
- /srv/docker/squid/cache: The cache directory created outside the container by the Docker pull command.
- /var/spool/squid: The directory inside the container and linked to /srv/docker/squid/cache that is outside the container.
sameersbn/squid:3.5.27-2: The Docker image name.
Verify that the Docker container is running by using the following command:
docker ps
Update the PATROL Agent configuration to add the proxy server details as shown in the following example . For details, see Configuring PATROL Agents to support a forward proxy server.
#Example
PATROL_CONFIG "/AgentSetup/integration/forwardProxyServer" = {REPLACE = "testmachine.bmc.com:3129"}
Parameter description
testmachine.bmc.com: FQDN of the computer on which the Squid proxy server is installed.
3129: External proxy server container port number. If you have configured a different port in Step 6, then use the relevant port number.
To install a Squid proxy server as a Docker container with authentication support
- Log in to the computer on which you plan to install the Squid proxy server.
Update the
apt
package index by running the following command:apt-get update
Install the package to enable
apt
to use a repository over HTTPS by running the following command:apt-get install apt-transport-https ca-certificates curl software-properties-common
Add Docker's official GPG key by running the following command:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Update the registry by running the following command:
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Install the Docker engine by running the following command:
apt-get update
apt-get install docker-ce
Verify that Docker CE is installed correctly by running the
hello-world
image:docker run hello-world
Extract the Docker image of the Squid proxy server from the Docker repository:
#Syntax
docker pull <Squid docker image name>
#Example
docker pull sameersbn/squid:3.5.27-2
Important
sameersbn/squid:3.5.27-2 is a community Docker image and is used only as an example here. Use the Docker image that is approved by your organization.
Install the
apache2-utils
utility to manage credentials:sudo apt-get install apache2-utils
Create a directory named squid in the /etc directory.
Create a password file named passwd under /etc/squid, and change the ownership:
sudo touch /etc/squid/passwd
sudo chown proxy: /etc/squid/passwd
Add a new user to the Squid server.
sudo htpasswd /etc/squid/passwd testuser
The command prompts you to enter a password for the new user.
In the preceding example,
testuser
is the new user added.Download the squid_auth.conf file and copy it to the /opt/tmp directory.
Rename the squid_auth.conf file to squid.conf.
Start the Docker container by running the following command:
docker run --name squid -d --restart=always --publish 3129:3128 --volume /opt/squid.conf:/etc/squid/squid.conf --volume /srv/docker/squid/cache:/var/spool/squid sameersbn/squid:3.5.27-2
Parameter description
- 3129: External proxy server container port that the PATROL Agent will use to talk to BMC Helix Operations Management. You can use any other port number in the preceding command.
- 3128: Internal container port on which the proxy server is running. This is a default Squid proxy server port.
- /opt/tmp/squid.conf: The configuration file that you downloaded in the Step 8.
- /etc/squid/squid.conf: The configuration file that is created inside the container and linked to the /opt/tmp/squid.conf file which is outside the container.
- /srv/docker/squid/cache: The cache directory created outside the container by the Docker pull command.
- /var/spool/squid: The directory inside the container and linked to /srv/docker/squid/cache that is outside the container.
- sameersbn/squid:3.5.27-2: The Docker image name.
Verify that the the Docker container is running by using the following command:
docker ps
Update the PATROL Agent configuration to add the proxy server, user and password details as shown in the following example. For details, see Configuring PATROL Agents to support a forward proxy server.
#Example
PATROL_CONFIG "/AgentSetup/integration/forwardProxyServer" = {REPLACE = "testmachine.bmc.com:3129"}
PATROL_CONFIG "/AgentSetup/integration/forwardProxyUser" = {REPLACE = "testuser"}
PATROL_CONFIG "/SecureStore/mca/tenant/forwardProxyPasswd" = {REPLACE = "MCA/<password>"}
Comments
The squid_auth.conf file can not be downloaded.
Hi Peng Li,
Thanks for the feedback. This has been now been fixed. Hence, closing the comment.
Regards,
Shreya
We need detailed instructions on how to set up proxy authentication with LDAP
Hi Jon Brent Fournet,
Thanks for your suggestions. As discussed with our SMEs, the Squid proxy authentication changes do not apply to the PA 20.08 doc space and will be available only in the PA BHOM 21.3 docs. Kindly review the squid proxy changes in my email 'FW: Support review for PA 21.3'.
Sandeep Gaike
Regards,
Shreya
Log in or register to comment.