Once you have a Squid proxy setup as described in my article here, the next challenge is configuring your Ubuntu servers so that they use this proxy by default instead of attempting direct internet connections.
There are several entities we want using Squid by default: apt package manager, interactive consoles and wget/curl, and Java applications.
Apt package manager
First try to install some dependent packages. These are already installed in the base install of 14.04, so you should be fine. But you may need to use the Ubuntu install CD if you run into issues later and need these packages.
> sudo apt-get install python-apt apt-transport-https python3-pycurl software-properties-common -y
Then create a file named ‘/etc/apt/apt.conf.d/00proxy’ with the content below. Replace 192.168.1.110 with the IP of your specific Squid host.
Acquire::http::Proxy "http://192.168.1.110:3128"; Acquire::https::Proxy "http://192.168.1.110:3128"; Acquire::ftp::Proxy "http://192.168.1.110:3128";
Then do an apt-get update:
> sudo apt-get update
Login to the squid server and open the ‘/var/log/squid3/access.log’ for evidence that the apt-get call was made through the proxy.
Unattended upgrades will use the proxy as well, if you want to enable unattended upgrades, read my article here.
Interactive console and wget/curl
Append the text below to ‘/etc/bash.bashrc’, ‘/etc/profile’, ‘/etc/environment’, and ‘/etc/wgetrc’. We will pretend that the Squid proxy is located at 192.168.1.110, replace this with your squid server address.
export http_proxy=192.168.1.110:3128 export https_proxy=192.168.1.110:3128 export ftp_proxy=192.168.1.110:3128 export no_proxy=127.0.0.1
In ‘/etc/wgetrc’, also add the line:
use_proxy=on
After logging out and logging back in, you should be able to use wget to retrieve page below if squid has whitelisted the domain:
> wget http://wiki.squid-cache.org
And for curl:
curl http://wiki.squid-cache.org
Login to the squid server and open the ‘/var/log/squid3/access.log’ for evidence that the call was made through the proxy.
If you want to force wget to use a proxy, you can pass the environment variables directly to wget:
wget -e use_proxy=yes -e http_proxy=192.168.1.110:3128\ https_proxy=192.168.1.110:3128 http://wiki.squid-cache.org
If you want to force curl to use a proxy, you can pass the proxy host directly to curl:
curl -x 192.168.1.110:3128 http://wiki.squid-cache.org
Java applications
Java application needs JVM system properties set that refer to the Squid proxy: http.proxyHost, http.proxyPort, https.proxyHost, and https.proxyPort are the most pertinent to our conversation here, but here is a full listing.
Using the Java program below as an example:
import java.io.*; import java.net.*; public class SquidTest { public static void main(String args[]) throws Exception { String urlToRead = "http://wiki.squid-cache.org"; if(args.length>0) { urlToRead = args[0]; } System.err.println("urlToRead: " + urlToRead); StringBuilder result = new StringBuilder(); URL url = new URL(urlToRead); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("GET"); BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream())); String line; while ((line = rd.readLine()) != null) { result.append(line); } rd.close(); System.out.println(result.toString()); } // main } // class
If you compile then run the application with the JVM system properties pointing to the Squid proxy, then you should see the request going through the Squid server access logs.
> javac -classpath . SquidTest.java > java -classpath . \ -Dhttp.proxyHost=192.168.1.110 -Dhttp.proxyPort=3128 \ -Dhttps.proxyHost=192.168.1.110 -Dhttps.proxyPort=3128 \ -Dhttp.agent=jvmtest \ SquidTest http://wiki.squid-cache.org
REFERENCES
http://www.rushiagr.com/blog/2015/06/05/cache-apt-packages-with-squid-proxy/
http://bencane.com/2013/09/16/understanding-a-little-more-about-etcprofile-and-etcbashrc/
http://docs.oracle.com/javase/7/docs/api/java/net/doc-files/net-properties.html
https://www.cyberciti.biz/faq/linux-unix-curl-command-with-proxy-username-password-http-options/