...
Install
...
Squid:
Code Block |
---|
} yum -y install squid {code}\\ \\ In |
In httpd.conf,
...
make
...
sure
...
the
...
Apache
...
server
...
only
...
listens
...
to
...
port
...
80
...
on
...
the
...
localhost
...
interface:
Code Block |
---|
} Listen 127.0.0.1:80 {code}\\ If using |
If using Touchstone,
...
then
...
also
...
add
...
the
...
following
...
to
...
the
...
end
...
of
...
httpd.conf:
Code Block |
---|
} ProxyPass /Shibboleth.sso/ https://idp.mit.edu/Shibboleth.sso/ ProxyPassReverse /Shibboleth.sso/ https://idp.mit.edu/Shibboleth.sso/ ProxyPass /Touchstone/ https://idp.mit.edu/Touchstone/ ProxyPassReverse /Touchstone/ https://idp.mit.edu/Touchstone/ {code}\\ In |
In squid.conf,
...
make
...
sure
...
the
...
following
...
items
...
are
...
set
...
as
...
described:
Code Block |
---|
}
http_port ist-prod-pubs1.mit.edu:80 defaultsite=ist.mit.edu vhost
http_access allow all
cache_peer 127.0.0.1 parent 80 0 no-query originserver name=Accelerator
|
Restart the Apache server:
Code Block |
---|
{code}\\ Restart the Apache server: {code} /etc/init.d/web restart {code}\\ If using |
If using Touchstone,
...
then
...
restart
...
shibd:
Code Block |
---|
\\ {code} /etc/init.d/shibd restart {code}\\ I have an |
I have an "http_access
...
allow
...
all"
...
directive
...
in
...
my
...
configuration,
...
in
...
this
...
instance.
...
In
...
the
...
case
...
of
...
a
...
regular
...
web
...
proxy,
...
for
...
use
...
with
...
clients
...
connecting
...
to
...
a
...
proxy
...
for
...
outbound
...
requests,
...
this
...
would
...
be
...
a
...
very
...
bad
...
idea.
...
However,
...
in
...
this
...
case
...
we
...
are
...
proxying
...
inbound
...
requests
...
to
...
our
...
Apache
...
server
...
only.
...
By
...
specifying
...
the
...
parent
...
server
...
as
...
our
...
Apache
...
server,
...
we
...
have
...
restricted
...
the
...
connections
...
our
...
cache
...
can
...
make,
...
so
...
that
...
it
...
can
...
only
...
connect
...
to
...
our
...
Apache
...
server.
...
Further,
...
we
...
didn't
...
want
...
to
...
restrict
...
inbound
...
traffic,
...
on
...
the
...
premise
...
that
...
our
...
users
...
could
...
be
...
from
...
anywhere.
...
It
...
should
...
be
...
possible
...
to
...
put
...
a
...
restriction
...
in
...
place
...
that
...
restricts,
...
with
...
ACLs,
...
the
...
outbound
...
side
...
of
...
the
...
request.
...
Again,
...
though,
...
it
...
would
...
have
...
no
...
practical
...
effect,
...
as
...
all
...
requests
...
are
...
forced
...
to
...
our
...
Apache
...
server
...
anyhow,
...
through
...
the
...
parent
...
directive.
...
As
...
our
...
Apache
...
server
...
is
...
not
...
configured
...
as
...
an
...
open
...
proxy
...
(or
...
indeed,
...
any
...
form
...
of
...
proxy
...
at
...
all)
...
the
...
only
...
sites
...
users
...
can
...
access
...
through
...
our
...
proxy
...
are
...
those
...
served
...
by
...
our
...
own
...
Apache
...
server,
...
which
...
is
...
exactly
...
the
...
configuration
...
we
...
want.
...