RHN Proxy Server 2.1: Installation Guide
Previous Appendix G. Manual Installation and Configuration Next

G.3. HTTP Proxy Caching Server Configuration

RHN Proxy Server requires a HTTP/1.1 compliant proxy. Your corporate HTTP proxy caching server should be sufficient if it has the disk space requirements as discussed in Section 2.2.1 Disk Space Requirements.

This section will describe how to configure Squid, which is part of the Red Hat Enterprise Linux AS distribution, as the HTTP proxy caching server.

The Red Hat Update Agent uses HTTP for all its requests. To fine-tune the configuration of the Apache server used by the RHN Proxy Server as a back-end and of the HTTP proxy caching server, a better understanding of the Spacewalk internals is required. We will briefly describe the transactions between the Red Hat Update Agent and the RHN Proxy Server.

The requests from the client to the Apache Web Server generally have the following pattern:

https://somemachine.domain.com/XMLRPC (for POST requests)
https://somemachine.domain.com/XMLRPC/$RHN/channel-name (for GET requests).

Replace https with http if you do not plan to use SSL connections from the proxy to the server. somemachine.domain.com points at the next proxy or server in the chain toward the Spacewalk Servers, and channel-name specifies the channel from which to retrieve the package.

For example, a request for the latest Red Hat Linux version 7.2 kernel for the i386 distribution is as follows:

https://xmlrpc.rhn.redhat.com/XMLRPC/$RHN/redhat-linux-i386-7.2/getPackage/kernel-2.4.2-2.i686.rpm

Note Note
 

The Apache Web Server for the RHN Proxy SSL Redirect Server will mirror the same requests, but XMLRPC will be replaced by XMLRPC_REDIRECT.

As shown in this example, the GET URL contains the channel (redhat-linux-i386-7.2) that the package (kernel-2.4.2-2.i686.rpm) is in. Because of this, one can easily write ACLs for the caching server to limit the required storage.

G.3.1. Configuring Squid

The Squid configuration file is located at /etc/squid/squid.conf. Refer to the Squid website available at http://www.squid-cache.org for instructions on configuring Squid. Appendix A Sample Squid Configuration File contains a very minimal Squid configuration file.

For example, if you never want to cache Red Hat Linux 7.2 packages for the Alpha architecture, you can add the following two lines to /etc/squid/squid.conf (replace XMLRPC with XMLRPC_REDIRECT if using an RHN Proxy SSL Redirect Server):

acl rhn-locations urlpath_regex ^/XMLRPC/\$RHN/redhat-linux-alpha-7\.2
no_cache deny rhn-locations

To limit the hosts that can connect to this Squid proxy, add the following two lines to squid.conf:

acl rhn-proxies src 10.10.10.0/255.255.255.0 172.22.100.0/255.255.255.0
http_access deny !rhn-proxies rhn-locations

If Squid is configured for optimal performance, the speed of the Spacewalk updates from the RHN Proxy Server are more optimal because the updates will be retrieved from the cache instead of being downloaded only when they are requested from the clients. Here are a few tips for speeding up your updates:

  • Set the value of the maximum object size maximum_object_size to an appropriate value. The bigger this value is, the more packages Squid will cache. The largest size of a package in the Red Hat Linux distribution is approximately 30 MB. The average size of a package for Red Hat Linux version 7.2 is well below 1 MB.

  • Limit the IP addresses that can connect to the Squid server to the ones of the RHN Proxy Broker Servers. Allowing anybody else could result in clients "stealing" packages they are not authorized to download.

  • Reserve plenty of disk space for optimal caching.

  • Carefully read the Squid documentation available at http://www.squid-cache.org.

After configuring Squid, start the service with the command

/sbin/service squid restart

Tip Tip
 

It is also recommended that you add the daemon to your list of automatically started services with ntsysv or chkconfig.

By default, the access log for the Squid server is located at /var/log/squid/access.log, and the cached files are located in /var/spool/squid/ directory.

Previous Home Next
Apache Web Server Up RHN Proxy Broker Server