Configuring a Squid proxy server

As an administrator, set up a forward proxy server in your infrastructure environment so that the PATROL Agent can communicate with BMC Helix Operations Management via the proxy server.

Important

We have used Squid as an example to explain configuring a forward proxy server. BMC does not bundle any forward proxy server with PATROL Agent, and we do not support any issues related to forward proxy servers. Your network administrator is responsible for installing, configuring, and maintaining the forward proxy server.
We have performed a containerized deployment of Squid on Ubuntu. For more information, see Squid documentation.
The commands in the topic apply to Ubuntu and might vary depending on the Linux distribution.

To configure a Squid proxy server as a Docker container without authentication support

Log in to the computer where you want to configure the Squid proxy server.
Update the apt package index by running the following command:
apt-get update
Install the package to enable apt to use a repository over HTTPS by running the following command:
apt-get install apt-transport-https ca-certificates curl software-properties-common
Add the Docker official GPG key by running the following command:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Update the registry by running the following command:
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Install the Docker engine by running the following command:
apt-get update
apt-get install docker-ce
Verify that the Docker CE is installed correctly by running the hello-world image:
docker run hello-world
Extract the Docker image of the Squid proxy server from the Docker repository:
docker pull <Squid docker image name>
Example
docker pull sameersbn/squid:3.5.27-2
Important
sameersbn/squid:3.5.27-2 is a community Docker image used only as an example. Use the Docker image that your organization approves.
Download the squid.conf file and copy it to the /opt/tmp/ directory.
Use a text editor to open the /opt/tmp/squid.conf file, and update the http_access parameter.
http_access allow all
By default, http_access is set to deny all.

Start the Docker container by running the following command:

docker run --name squid -d --restart=always --publish 3129:3128 --volume /opt/tmp/squid.conf:/etc/squid/squid.conf --volume /srv/docker/squid/cache:/var/spool/squid sameersbn/squid:3.5.27-2

Parameter description

Parameter	Description
3129	External proxy server container port that the PATROL Agent will use to talk to BMC Helix Operations Management. You can use any other port number in the command.
3128	Internal container port on which the proxy server is running. This port is a default Squid proxy server port.
/opt/tmp/squid.conf	The configuration file that you updated in Step 5.
/etc/squid/squid.conf	The configuration file created inside the container and linked to the /opt/tmp/squid.conf is outside.
/srv/docker/squid/cache	The Docker pull command creates the cache directory outside the container.
/var/spool/squid	The directory inside the container is linked to /srv/docker/squid/cache outside the container.
sameersbn/squid:3.5.27-2	The Docker image name.

Verify that the Docker container is running by using the following command:
docker ps

Update the PATROL Agent configuration to add the proxy server details, as shown in the following example.
For details, see Configuring-PATROL-Agents-to-support-multiple-forward-proxy-servers.

#Example
PATROL_CONFIG "/AgentSetup/integration/forwardProxyServer" = {REPLACE = "testmachine.bmc.com:3128"}

Parameter description

Parameter	Description
testmachine.bmc.com	FQDN of the computer on which the Squid proxy server is configured.
3128	External proxy server container port number. If you have configured a different port in Step 6, then use the relevant port number.

To configure a Squid proxy server as a Docker container with local authentication support

Log in to the computer where you want to configure the Squid proxy server.
Update the apt package index by running the following command:
apt-get update
Install the package to enable apt to use a repository over HTTPS by running the following command:
apt-get install apt-transport-https ca-certificates curl software-properties-common
Add the Docker official GPG key by running the following command:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Update the registry by running the following command:
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Install the Docker engine by running the following command:
apt-get update
apt-get install docker-ce
Verify that the Docker CE is installed correctly by running the hello-world image:
docker run hello-world
Extract the Docker image of the Squid proxy server from the Docker repository:
docker pull <Squid docker image name>
Example
docker pull sameersbn/squid:3.5.27-2
sameersbn/squid:3.5.27-2 is a community Docker image used only as an example. Use the Docker image approved by your organization.
Install the apache2-utils utility to manage credentials:
sudo apt-get install apache2-utils
Create a directory named squid in the /etc directory.
Create a password file named passwd under /etc/squid, and change the ownership:
sudo touch /etc/squid/passwd
sudo chown proxy: /etc/squid/passwd
Add a new user to the Squid server.
sudo htpasswd /etc/squid/passwd testuser
The command prompts you to enter a password for the new user.
Important
In the example, testuser is the new user added.
Download the squid_auth.conf file and copy it to the /opt/tmp directory.
Rename the squid_auth.conf file to squid.conf.

Start the Docker container by running the following command:

docker run --name squid -d --restart=always --publish 3129:3128 --volume /opt/squid.conf:/etc/squid/squid.conf --volume /srv/docker/squid/cache:/var/spool/squid sameersbn/squid:3.5.27-2

Parameter description

Parameter	Description
3129	External proxy server container port that the PATROL Agent will use to talk to BMC Helix Operations Management. You can use any other port number in the command.
3128	Internal container port on which the proxy server is running. This port is a default Squid proxy server port.
/opt/tmp/squid.conf	The configuration file that you updated in Step 8.
/etc/squid/squid.conf	The configuration file created inside the container and linked to the /opt/tmp/squid.conf is outside.
/srv/docker/squid/cache	The Docker pull command creates the cache directory outside the container.
/var/spool/squid	The directory inside the container is linked to /srv/docker/squid/cache outside the container.
sameersbn/squid:3.5.27-2	The Docker image name.

Verify that the Docker container is running by using the following command:
docker ps
Update the PATROL Agent configuration to add the proxy server, user, and password details, as shown in the following example.
For details, see Configuring-PATROL-Agents-to-support-multiple-forward-proxy-servers.
Example
PATROL_CONFIG "/AgentSetup/integration/forwardProxyServer" = {REPLACE = "testmachine.bmc.com:3128"}
PATROL_CONFIG "/AgentSetup/integration/forwardProxyUser" = {REPLACE = "testuser"}
PATROL_CONFIG "/SecureStore/mca/tenant/forwardProxyPasswd" = {MCA/<forwardProxyPasswd>}

To configure a Squid proxy server with LDAP authentication support

Get the following details from the LDAP administrator:
1. Organizational Unit (OU)
2. Domain Component (DC)
3. Common Name (CN)
Log in to the computer where you want to configure the Squid proxy server.
Download the squid.conf file and copy it to the $SQUID_HOME\etc\squid directory.
To store the password of the LDAP account, create a file named ldap_password.txt under the $SQUID_HOME\etc\squid directory.
Restart the squid proxy service.
To add the proxy server connection details, update the PATROL Agent configuration as shown in the following example.
For details, see Configuring-PATROL-Agents-to-support-multiple-forward-proxy-servers.

Example
PATROL_CONFIG "/AgentSetup/integration/forwardProxyServer" = {REPLACE = "testmachine.bmc.com:3128"}
PATROL_CONFIG "/AgentSetup/integration/forwardProxyUser" = {REPLACE = "testuser"}
PATROL_CONFIG "/SecureStore/mca/tenant/forwardProxyPasswd" = {MCA/<forwardProxyPasswd>}
Restart the PATROL Agent.

To verify that the PATROL Agent is communicating with BMC Helix Operations Management via the squid proxy server, navigate to the PatrolAgent-<hostname>-<port>.errs log file and search for the PATROL Agent GUID.
The log file is present in the following directory:

- (Linux): $PATROL_HOME/../log
- (Windows): %PATROL_HOME%log

To configure a Squid proxy server on Microsoft Windows

Log in to the computer where you want to configure the Squid proxy server.
Navigate to the Squid installation directory and open the <Installation Directory>\etc\squid\squid.conf file.
Insert the following lines at the beginning of the squid.conf file, replacing <Installation Directory> with the actual path name where Squid is installed:
- hosts_file C:\Windows\System32\drivers\etc\hosts
  The location of the host file used by Squid.
- cache_dir aufs <Installation Directory>\var\cache 3000 16 256
  The location of the cached data directory, with parameters that control the cache size and structure.

- coredump_dir <Installation Directory>\var\cache
  The location of the core dump storage path name in case of a crash.

- pid_filename <Installation Directory>\var\log\squid.pid
  The location of the Squid server's process ID file storage path name.
  Example
  If Squid is installed in C:\Squid, your configuration is:
  
  hosts_file C:\Windows\System32\drivers\etc\hosts
  cache_dir aufs C:\Squid\var\cache 3000 16 256
  coredump_dir C:\Squid\var\cache
  pid_filename C:\Squid\var\log\squid.pid
Update the http_access parameter.
http_access allow all

By default http_access is set to deny all.

Troubleshooting Squid cache initialization errors

Symptom

When running Squid, you may encounter errors indicating issues with the swap directories or abnormal termination of the Squid Cache. These errors can prevent Squid from operating correctly.

Resolution

Check the log files located in the following directories:
<Installation Directory>\var\log\squid

The following log files are critical:
Log file
Description
cache.log
Contains detailed information about the activities and errors related to the cache.
access.log
Logs all requests handled by Squid.
The following error messages are common:
Error message 1
2024/07/16 12:35:30| FATAL: Failed to verify one of the swap directories; check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Error message 2
2024/07/16 12:35:30| Squid Cache (Version 4.14): Terminated abnormally.
From the Windows desktop, open the "Squid Terminal".
Run the following command to initialize the swap directories:
squid -z
This command sets up the necessary swap directories for caching operations. Keep the command squid -z running in the terminal, and do not close it.
After running the initialization command, restart the Squid server to apply the changes.

Log file	Description
cache.log	Contains detailed information about the activities and errors related to the cache.
access.log	Logs all requests handled by Squid.

Configuring a Squid proxy server

To configure a Squid proxy server as a Docker container without authentication support

To configure a Squid proxy server as a Docker container with local authentication support

To configure a Squid proxy server with LDAP authentication support

To configure a Squid proxy server on Microsoft Windows

Troubleshooting Squid cache initialization errors

Symptom

Resolution

On this page