Infrastructure/Mirroring/ProxyMirror

From FedoraProject

Jump to: navigation, search

A proxy mirror is a local mirror that does not sync the entire Fedora install tree. Instead, it serves files through a reverse caching proxy that connects to a public Fedora mirror and downloads files as needed, then serves them from the local machine once they have been cached. This is useful in several circumstances:

1. You don't have the disk space or bandwidth to set up a full mirror. 1. You are testing functionality of a local mirror environment before fully mirroring the Fedora tree. 1. You are setting up multiple targeted installations of Fedora (such as Web servers) that will be installing only a small subset of Fedora packages.

Contents

Installing Squid

Idea.png
Only squid will work for this! Apache mod_proxy does not work because it will not cache Range requests.

First, install the squid package. Then create a new /etc/squid/squid.conf with the following:

http_port 3128 accel defaultsite=''mirror_hostname''
cache_peer ''mirror_hostname'' parent 80 0 no-query originserver
http_access allow all

cache_dir ufs /var/spool/squid 1024 16 256
maximum_object_size 524288 KB
range_offset_limit -1

access_log /var/log/squid/access.log

Replace mirror_hostname with the hostname of your preferred Fedora mirror, such as download.fedora.redhat.com.

Once your configuration is saved, start Squid with service squid on.

Installing Apache

However, you may find a Web server useful for serving local content relevant to your Fedora installations, such as Kickstart files.
You will also need a Web server if you later decide to convert to a full local mirror.
This guide will assume that you are installing the Apache Web server, to provide you the most flexibility later on.

Install the httpd package. Now add the following to /etc/httpd/conf/httpd.conf:

ProxyPass /fedora/ http://localhost:3128/fedora

You will need to ensure that the path portion of the URL matches the path of the mirror you are proxying to. So if your chosen mirror keeps its Fedora tree in /pub/fedora, adjust the configuration appropriately:

ProxyPass /fedora/ http://localhost:3128/pub/fedora

Once your configuration is saved, start Apache with service httpd on.

SELinux

Note.png
There's probably an easier way to do this, but the author is not an SELinux expert.

If you have SELinux enabled on your mirror server (and don't wish to disable it), you will need to grant Apache access to the Squid port. You can do this with the following policy:

module httpd_squid 1.0

require {
type httpd_t;
type http_cache_port_t;
class tcp_socket name_connect;
}

allow httpd_t http_cache_port_t:tcp_socket name_connect;

To install this policy, save the above to a file called httpd_squid.te, then run the following commands:

checkmodule -M -m -o httpd_squid.mod httpd_squid.te
semodule_package -m httpd_squid.mod -o httpd_squid.pp
semodule -i httpd_squid.pp

Using Your Proxy Mirror

To test your proxy mirror, point a Web browser to http://proxymirror/fedora/, and you should see the directory index from your selected Fedora mirror. You can now point local clients to the appropriate subdirectory, such as http://proxymirror/fedora/releases/9/Fedora/i386/os. Squid will download files as necessary, and serve local cached copies when available.

Converting To A Full Mirror

If, at a later point, you decide to create a full local Fedora mirror, simply remove the ProxyPass line from httpd.conf, and place your local mirror in /var/www/html/fedora. Your clients do not need to be reconfigured. You can also remove Squid and the SELinux policy.