Infrastructure/Mirroring/ProxyMirror

From FedoraProject

< Infrastructure | Mirroring(Difference between revisions)
Jump to: navigation, search
m (1 revision(s))
(fix link)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
A '''proxy mirror''' is a local mirror that does not sync the entire Fedora install tree.  Instead, it serves files through a reverse caching proxy that connects to a public Fedora mirror and downloads files as needed, then serves them from the local machine once they have been cached.  This is useful in several circumstances:
 
A '''proxy mirror''' is a local mirror that does not sync the entire Fedora install tree.  Instead, it serves files through a reverse caching proxy that connects to a public Fedora mirror and downloads files as needed, then serves them from the local machine once they have been cached.  This is useful in several circumstances:
  
1. You don't have the disk space or bandwidth to set up a full mirror.
+
# You don't have the disk space or bandwidth to set up a full mirror.
1. You are testing functionality of a local mirror environment before fully mirroring the Fedora tree.
+
# You are testing functionality of a local mirror environment before fully mirroring the Fedora tree.
1. You are setting up multiple targeted installations of Fedora (such as Web servers) that will be installing only a small subset of Fedora packages.
+
# You are setting up multiple targeted installations of Fedora (such as Web servers) that will be installing only a small subset of Fedora packages.
  
 
= Installing Squid =
 
= Installing Squid =
  
{{ Template:message/notice | Only squid will work for this! Apache mod_proxy does not work because it will not cache Range requests.
+
{{admon/important|Only squid will work for this!|Apache mod_proxy does not work because it will not cache Range requests.}}
}}
+
  
First, install the '''squid''' package.  Then create a new '''/etc/squid/squid.conf''' with the following:
+
First, install the <code>squid</code> package.  Then create a new <code>/etc/squid/squid.conf</code> with the following:
  
 
<pre>
 
<pre>
http_port 3128 accel defaultsite=''mirror_hostname''
+
http_port 3128 accel defaultsite=$MIRROR_HOSTNAME
cache_peer ''mirror_hostname'' parent 80 0 no-query originserver
+
cache_peer $MIRROR_HOSTNAME parent 80 0 no-query originserver
 
http_access allow all
 
http_access allow all
  
Line 24: Line 23:
 
</pre>
 
</pre>
  
Replace ''mirror_hostname'' with the hostname of your preferred Fedora mirror, such as download.fedora.redhat.com.
+
Replace <code>$MIRROR_HOSTNAME</code> with the hostname of your preferred Fedora mirror, such as <code>dl.fedoraproject.org</code>.
  
Once your configuration is saved, start Squid with '''service squid on'''.
+
Once your configuration is saved, start Squid with <code>service squid start</code>.
  
 
= Installing Apache =
 
= Installing Apache =
  
{| style="message note"
+
{{admon/tip|A Web server is not required for your proxy mirror.|
|-
+
However, you may find a Web server useful for serving local content relevant to your Fedora installations, such as Kickstart files.
|However, you may find a Web server useful for serving local content relevant to your Fedora installations, such as Kickstart files.
+
|-
+
|You will also need a Web server if you later decide to convert to a full local mirror.
+
|-
+
|This guide will assume that you are installing the Apache Web server, to provide you the most flexibility later on.
+
|}
+
  
Install the '''httpd''' package.  Now add the following to /etc/httpd/conf/httpd.conf:
+
You will also need a Web server if you later decide to convert to a full local mirror.
 +
 
 +
This guide will assume that you are installing the Apache Web server, to provide you with the most flexibility later on.}}
 +
 
 +
Install the <code>httpd</code> package.  Then add the following to <code>/etc/httpd/conf/httpd.conf</code>:
  
 
<pre>
 
<pre>
Line 51: Line 48:
 
</pre>
 
</pre>
  
Once your configuration is saved, start Apache with '''service httpd on'''.
+
Once your configuration is saved, start Apache with <code>service httpd start</code>.
  
 
= SELinux =
 
= SELinux =
  
{{ Template:message/note | There's probably an easier way to do this, but the author is not an SELinux expert.
+
If you have SELinux enabled on your mirror server (and don't wish to disable it), you will need to grant Apache access to the Squid port.  You can do this with the command <code>setsebool -P httpd_can_network_connect on</code>.
}}
+
 
+
If you have SELinux enabled on your mirror server (and don't wish to disable it), you will need to grant Apache access to the Squid port.  You can do this with the following policy:
+
 
+
<pre>
+
module httpd_squid 1.0
+
 
+
require {
+
type httpd_t;
+
type http_cache_port_t;
+
class tcp_socket name_connect;
+
}
+
 
+
allow httpd_t http_cache_port_t:tcp_socket name_connect;
+
</pre>
+
 
+
To install this policy, save the above to a file called '''httpd_squid.te''', then run the following commands:
+
 
+
<pre>
+
checkmodule -M -m -o httpd_squid.mod httpd_squid.te
+
semodule_package -m httpd_squid.mod -o httpd_squid.pp
+
semodule -i httpd_squid.pp
+
</pre>
+
  
 
= Using Your Proxy Mirror =
 
= Using Your Proxy Mirror =
  
To test your proxy mirror, point a Web browser to '''http://proxymirror/fedora/''', and you should see the directory index from your selected Fedora mirror.  You can now point local clients to the appropriate subdirectory, such as '''http://proxymirror/fedora/releases/9/Fedora/i386/os'''.  Squid will download files as necessary, and serve local cached copies when available.
+
To test your proxy mirror, point a Web browser to <nowiki>http://proxymirror/fedora/</nowiki> (where ''proxymirror'' is the name or IP of your proxy mirror server), and you should see the directory index from your selected Fedora mirror.  You can now point local clients to the appropriate subdirectory, such as <nowiki>http://proxymirror/fedora/releases/9/Fedora/i386/os</nowiki>.  Squid will download files as necessary, and serve local cached copies when available.
  
 
= Converting To A Full Mirror =
 
= Converting To A Full Mirror =
  
If, at a later point, you decide to create a full local Fedora mirror, simply remove the ProxyPass line from httpd.conf, and place your local mirror in /var/www/html/fedora.  Your clients do not need to be reconfigured.  You can also remove Squid and the SELinux policy.
+
If, at a later point, you decide to create a full local Fedora mirror, simply remove the <code>ProxyPass</code> line from <code>httpd.conf</code>, and either place your local mirror in <code>/var/www/html/fedora</code> or alias another directory to /fedora.  Your clients do not need to be reconfigured.  You can also remove Squid and the SELinux policy.
 +
 
 +
[[Category:Infrastructure]]

Latest revision as of 15:58, 20 February 2012

A proxy mirror is a local mirror that does not sync the entire Fedora install tree. Instead, it serves files through a reverse caching proxy that connects to a public Fedora mirror and downloads files as needed, then serves them from the local machine once they have been cached. This is useful in several circumstances:

  1. You don't have the disk space or bandwidth to set up a full mirror.
  2. You are testing functionality of a local mirror environment before fully mirroring the Fedora tree.
  3. You are setting up multiple targeted installations of Fedora (such as Web servers) that will be installing only a small subset of Fedora packages.

Contents

[edit] Installing Squid

Important.png
Only squid will work for this!
Apache mod_proxy does not work because it will not cache Range requests.

First, install the squid package. Then create a new /etc/squid/squid.conf with the following:

http_port 3128 accel defaultsite=$MIRROR_HOSTNAME
cache_peer $MIRROR_HOSTNAME parent 80 0 no-query originserver
http_access allow all

cache_dir ufs /var/spool/squid 1024 16 256
maximum_object_size 524288 KB
range_offset_limit -1

access_log /var/log/squid/access.log

Replace $MIRROR_HOSTNAME with the hostname of your preferred Fedora mirror, such as dl.fedoraproject.org.

Once your configuration is saved, start Squid with service squid start.

[edit] Installing Apache

Idea.png
A Web server is not required for your proxy mirror.
However, you may find a Web server useful for serving local content relevant to your Fedora installations, such as Kickstart files.

You will also need a Web server if you later decide to convert to a full local mirror.

This guide will assume that you are installing the Apache Web server, to provide you with the most flexibility later on.

Install the httpd package. Then add the following to /etc/httpd/conf/httpd.conf:

ProxyPass /fedora/ http://localhost:3128/fedora

You will need to ensure that the path portion of the URL matches the path of the mirror you are proxying to. So if your chosen mirror keeps its Fedora tree in /pub/fedora, adjust the configuration appropriately:

ProxyPass /fedora/ http://localhost:3128/pub/fedora

Once your configuration is saved, start Apache with service httpd start.

[edit] SELinux

If you have SELinux enabled on your mirror server (and don't wish to disable it), you will need to grant Apache access to the Squid port. You can do this with the command setsebool -P httpd_can_network_connect on.

[edit] Using Your Proxy Mirror

To test your proxy mirror, point a Web browser to http://proxymirror/fedora/ (where proxymirror is the name or IP of your proxy mirror server), and you should see the directory index from your selected Fedora mirror. You can now point local clients to the appropriate subdirectory, such as http://proxymirror/fedora/releases/9/Fedora/i386/os. Squid will download files as necessary, and serve local cached copies when available.

[edit] Converting To A Full Mirror

If, at a later point, you decide to create a full local Fedora mirror, simply remove the ProxyPass line from httpd.conf, and either place your local mirror in /var/www/html/fedora or alias another directory to /fedora. Your clients do not need to be reconfigured. You can also remove Squid and the SELinux policy.