I want to setup Squid transparent proxy on my server. However, I also want to have Apache running. And HTTP/HTTPS should work on Apache as well as on proxy port.
So say:
- Apache serves HTTP requests on port 80, HTTPS on 443
- And I should have a proxy that supports HTTP and HTTPS.
Questions:
- How do I set the above up?
- How do I configure any tools that take in proxy server address and port. Usually tools take only 1 port. Will my proxy be running on 2 different ports for HTTP/HTTPS?
Best Answer
The standard port for squid is 3128. It supports HTTP, HTTPS, and other protocols on this port. It also supports a transparent HTTP proxy mode using a separate port. For a transparent proxy to work, you will need NAT rules to forward web traffic to the proxy. I Setup a Squid Transparent Proxy using both ports.
There is no conflict with your Apache server on 80 and 443. Do review the configuration so that you don't cache your local server. Normally you should exempt connections to your local server from passing though the transparent proxy.
EDIT: To operate as a transparent proxy for your users you will need to configure your firewall to forward all web requests not originating from your squid server to the squid server. In
iptablesthis is done with a DNAT configuration. I use shorewall to build my firewall and have a rule like this. ($SQUID resolves to the IP address of my squid server.)You may also want to forward other ports commonly used for HTTP to squid. I forward the ports 81, 82, and 8080 among other to squid.
You may want to distribute your proxy configuration as I detailed in Setting up Squid Proxy on Ubuntu. This can handle HTTPS as well as HTTP.