Difference between pages "Package:Squid" and "Entropy"

(Difference between pages)
 
m
 
Line 1: Line 1:
== The Squid Proxy Server ==
+
==Entropy Package Management in Gentoo==
 +
Entropy Package Manager is written by Fabio Erculliani from Sabayon GNU/Linux as an extension to Portage in order to professionally install binary package same as in other binary-based distros. The package manager syncronises itself automatically with Portage once you installed entropy binary packages, but instead Portage must be syncronised with Entropy in order for Entropy to know what packages you have emerged.
 +
Fully written in python, it is a stable application with many binary-oriented features and options, including a complete set of repository creation and entropy server features fully based on Portage ebuild packaging. Henceforth, developers '''must''' ( there is no other way ) emerge packages in order to create entropy packages, the procedure will be detailed in this tutorial.
  
'''This is a quick and dirty howto about getting Squid up und running in 5min...'''
 
  
What benefits one may get from using an anonymous proxy server? Well, I would say many things but the most important one is that you can browse the web anonymously without exposing your IP, location etc.. out there. Anyhow, even though I usually use OpenVPN or PPTP for safe browsing and such things, having a private anonymous proxy server in your toolbox is a nice thing.
+
==Instructions of creating your own Entropy Repository==
Furthermore, a cache is speeding up you daily internet connection with repeating objects getting out of the cache instead of downloading it again. Advanced filtering technics (Antivirus, Content, Ad-Blocks, etc) are also possible.
+
  
Please start always by refreshing your portage tree, like:
+
First of all, you must have package named '''entropy-server''' instaled. It contains a /etc/entropy/server.conf that itself contains the next, most important lines of the configuration:
  
<console>
+
  community-mode = enable < ''if you wish to cope with more than 1 repository in one system''
###i## emerge --sync
+
</console>
+
  community-mode = disable <''if you want to have a self-sustainable dependency repository''
next, we search the portage tree for {{Package|net-proxy/squid}}:
+
 
<console>
+
  ...(descriptions) 
###i## emerge --search squid
+
 
=> net-analyzer/squid-graph
+
  default-repository = yourreponame
=> net-analyzer/squidsites
+
 
=> net-analyzer/squidview
+
  ...(descriptions) 
=> net-proxy/squid
+
=> net-proxy/squidclamav
+
=> net-proxy/squidguard
+
=> sec-policy/selinux-squid
+
</console>
+
  
Next, we emerge ''<code>squid</code>'' using:
+
  #example: #=> repository = myserverrepo|My Server Repository|ftp://user:pass@111.111.111.111/ ssh://username@host:~user/path:port ''just an example of repo mode''
<console>
+
###i## emerge -av net-proxy/squid
+
</console>
+
  
Once it got installed, since this squid proxy setup will be using authentication to authenticate users via the ‘ncsa_auth‘ helper, we need to know the location of this helper so we can use it in our squid.confconfiguration file. To find this I’ll be using a tool named as ‘qfile‘ which is shipped in ‘app-portage/portage-utils‘.
+
  repository = yourreponame|My Server Repository|ftp://user:pass@111.111.111.111/ ssh://username@host:~user/path:port
  
# qfile ncsa_auth
+
The rest of them you don't need necessarily to bother. Of course, as in the example, you of course need either a '''SSH''' server or '''FTP''' server with upload permissions, of course. The structure of the repository should look like this:
net-proxy/squid (/usr/libexec/squid/ncsa_auth)
+
  http://bpr.bluepink.ro/~rogentos/entropy/
  
ok, so the auth helper is located in ‘/usr/libexec/squid/ncsa_auth’ so let’s setup Squid’s configuration file (/etc/squid/squid.conf). Make sure you change ‘XXX.XX.XX.XXX’ with your actual server’s IP address and edit anything else you want to suit your needs.
+
'''P.S.: I considered this step as being the most important one, since everybody firstly installs the package before reading the article/tutorial on how to use :)'''
  
  
<pre># cp /etc/squid/squid.conf{,_orig} && \cat > /etc/squid/squid.conf <<EOF
+
==Installation and package management instructions==
auth_param basic program /usr/libexec/squid/ncsa_auth /etc/squid/passwd
+
Start emerging the following packages:
auth_param basic children 5
+
  emerge sys-apps/entropy equo entropy-server -vp
auth_param basic realm please login?
+
It should produce something like this: http://pastebin.com/cy7X38ia ( public and permanent pastebin ). Notes: these packages have been built on 5 minutes funtoo tar.gz unpacking and chrooting and after, of course, a emerge --sync and a eselect profile set.
auth_param basic credentialsttl 2 hours
+
You should have now a working '''equo''', so run the command: '''equo --help'''. Should show up all the help commands:
auth_param basic casesensitive off
+
acl ncsa_users proxy_auth REQUIRED
+
http_access allow ncsa_users
+
acl manager proto cache_object
+
acl localhost src 127.0.0.1/32 ::1
+
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
+
acl localnet src 10.0.0.0/8   
+
# RFC 1918 possible internal network
+
acl localnet src 172.16.0.0/12 
+
# RFC 1918 possible internal network
+
acl localnet src 192.168.0.0/16
+
# RFC 1918 possible internal network
+
acl localnet src fc00::/7     
+
# RFC 4193 local private network range
+
acl localnet src fe80::/10     
+
# RFC 4291 link-local (directly plugged) machines
+
acl SSL_ports port 443
+
acl Safe_ports port 80          # http
+
acl Safe_ports port 21          # ftp
+
acl Safe_ports port 443        # https
+
acl Safe_ports port 70          # gopher
+
acl Safe_ports port 210        # wais
+
acl Safe_ports port 1025-65535  # unregistered ports
+
acl Safe_ports port 280        # http-mgmt
+
acl Safe_ports port 488        # gss-http
+
acl Safe_ports port 591        # filemaker
+
acl Safe_ports port 777        # multiling http
+
acl Safe_ports port 901        # SWAT
+
acl CONNECT method CONNECT
+
http_access allow manager localhost
+
http_access deny manager
+
http_access deny !Safe_ports
+
http_access deny CONNECT !SSL_ports
+
http_access allow localnet
+
http_access allow localhost
+
http_access allow localhost
+
http_access deny all
+
http_port 2222
+
coredump_dir /var/cache/squid
+
refresh_pattern ^ftp:           1440    20%    10080
+
refresh_pattern ^gopher:        1440    0%      1440
+
refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
+
refresh_pattern .               0      20%    4320
+
icp_access allow localnet
+
icp_access deny all
+
acl ip1 myip XXX.XX.XX.XXX
+
tcp_outgoing_address XXX.XX.XX.XXX ip1
+
cache_mgr mail@maiwald.tk
+
cache_mem 128 MB
+
visible_hostname ViruSzZ
+
maximum_object_size 20 MB
+
cache_dir ufs /var/cache/squid 512 32 512
+
  
forwarded_for off
+
  blacknoxis / # equo --help
request_header_access Allow allow all
+
  usage: equo [-h] [--color]
request_header_access Authorization allow all
+
  (...)
request_header_access WWW-Authenticate allow all
+
request_header_access Proxy-Authorization allow all
+
request_header_access Proxy-Authenticate allow all
+
request_header_access Cache-Control allow all
+
request_header_access Content-Encoding allow all
+
request_header_access Content-Length allow all
+
request_header_access Content-Type allow all
+
request_header_access Date allow all
+
request_header_access Expires allow all
+
request_header_access Host allow all
+
request_header_access If-Modified-Since allow all
+
request_header_access Last-Modified allow all
+
request_header_access Location allow all
+
request_header_access Pragma allow all
+
request_header_access Accept allow all
+
request_header_access Accept-Charset allow all
+
request_header_access Accept-Encoding allow all
+
request_header_access Accept-Language allow all
+
request_header_access Content-Language allow all
+
request_header_access Mime-Version allow all
+
request_header_access Retry-After allow all
+
request_header_access Title allow all
+
request_header_access Connection allow all
+
request_header_access Proxy-Connection allow all
+
request_header_access User-Agent allow all
+
request_header_access Cookie allow all
+
request_header_access All deny all
+
shutdown_lifetime 3 seconds
+
EOF
+
</pre>
+
  
proceed with creating the ‘/etc/squid/passwd’ file and adding your user by executing:
+
In this moment you should have a working repository and '''SSH/FTP''' server with '''/etc/entropy/server.conf''' pointed to it.
# htpasswd -c /etc/squid/passwd your_user
+
(note that you need to omit the ‘-c’ switch when adding another user to the file)
+
  
then do a <code># squid -z</code> to create the cache direcory.
 
Finally, restart your squid server and check if it’s actually listening using:
 
# /etc/init.d/squid restart
 
# netstat -tunlp | grep 2222
 
tcp        0      0 0.0.0.0:2222            0.0.0.0:*              LISTEN      482/(squid)
 
if you like it to start on your system’s start-up, then you can execute:
 
# rc-update add squid default
 
To test it, for example I use Opera for this so I just go to ‘Settings → Preferences → Advanced → Network → Proxy Servers’ and set the browser to use the proxy server we just created.
 
  
 +
==Working with EIT==
 +
EIT is the tool that actually packages already emerged packages and introduces them into your remote repository. First initialize repo ( after configurind your /etc/entropy/server.conf ) with the command:
  
[[Category:HOWTO]]
+
  eit init reponame

Revision as of 23:47, October 7, 2013

Entropy Package Management in Gentoo

Entropy Package Manager is written by Fabio Erculliani from Sabayon GNU/Linux as an extension to Portage in order to professionally install binary package same as in other binary-based distros. The package manager syncronises itself automatically with Portage once you installed entropy binary packages, but instead Portage must be syncronised with Entropy in order for Entropy to know what packages you have emerged. Fully written in python, it is a stable application with many binary-oriented features and options, including a complete set of repository creation and entropy server features fully based on Portage ebuild packaging. Henceforth, developers must ( there is no other way ) emerge packages in order to create entropy packages, the procedure will be detailed in this tutorial.


Instructions of creating your own Entropy Repository

First of all, you must have package named entropy-server instaled. It contains a /etc/entropy/server.conf that itself contains the next, most important lines of the configuration:

 community-mode = enable < if you wish to cope with more than 1 repository in one system

 community-mode = disable <if you want to have a self-sustainable dependency repository 
 
 ...(descriptions)  
 
 default-repository = yourreponame 
 
 ...(descriptions)  
 #example: #=> repository = myserverrepo|My Server Repository|ftp://user:pass@111.111.111.111/ ssh://username@host:~user/path:port just an example of repo mode
 repository = yourreponame|My Server Repository|ftp://user:pass@111.111.111.111/ ssh://username@host:~user/path:port

The rest of them you don't need necessarily to bother. Of course, as in the example, you of course need either a SSH server or FTP server with upload permissions, of course. The structure of the repository should look like this:

 http://bpr.bluepink.ro/~rogentos/entropy/

P.S.: I considered this step as being the most important one, since everybody firstly installs the package before reading the article/tutorial on how to use :)


Installation and package management instructions

Start emerging the following packages:

 emerge sys-apps/entropy equo entropy-server -vp

It should produce something like this: http://pastebin.com/cy7X38ia ( public and permanent pastebin ). Notes: these packages have been built on 5 minutes funtoo tar.gz unpacking and chrooting and after, of course, a emerge --sync and a eselect profile set. You should have now a working equo, so run the command: equo --help. Should show up all the help commands:

 blacknoxis / # equo --help
 usage: equo [-h] [--color]
 (...)

In this moment you should have a working repository and SSH/FTP server with /etc/entropy/server.conf pointed to it.


Working with EIT

EIT is the tool that actually packages already emerged packages and introduces them into your remote repository. First initialize repo ( after configurind your /etc/entropy/server.conf ) with the command:

 eit init reponame