# Squid 導入 with Amazon Linux AMI

## Squid Get Started with Amazon Linux AMI

今現在は、Amazon Linux AMIではなく、Amazon Linux 2の利用が推奨されていますのでご注意ください。

* [Amazon Linux AMI のサポート期間終了に関する更新情報](https://aws.amazon.com/jp/blogs/news/update-on-amazon-linux-ami-end-of-life/)

## Proxy (Squid) サーバの設定

```
$ sudo su -
# yum -y install squid
# vim /etc/squid/squid.conf
# squid -z
# service squid start
# chkconfig squid on
# vi /etc/sysconfig/iptables
# vi iptables-restore < /etc/sysconfig/iptables
# service iptables restart
# iptables -L
```

squid.conf

```
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on localhost is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
#http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

visible_hostname hayashier.info

acl myacl src all
http_access allow myacl
http_access deny all

forwarded_for off

request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all
```

iptables

```
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FWINPUT - [0:0]
-A INPUT -j FWINPUT
-A FORWARD -j FWINPUT
-A FWINPUT -i lo -j ACCEPT
-A FWINPUT -p icmp --icmp-type any -j ACCEPT
-A FWINPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FWINPUT -p tcp -m tcp --dport 22 -s 0.0.0.0/0 -j ACCEPT
-A FWINPUT -p tcp -m tcp --dport 3128 -s 0.0.0.0 -j ACCEPT
COMMIT
```

別のインスタンスからプロキシ経由でのアクセス可能なことを確認。

```
$ curl hayashier.com -x 52.41.123.30:3128 -vvv > /dev/null
* Rebuilt URL to: hayashier.com/
*   Trying 52.41.123.30...
* TCP_NODELAY set
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to 52.41.123.30 (52.41.123.30) port 3128 (#0)
> GET http://hayashier.com/ HTTP/1.1
> Host: hayashier.com
> User-Agent: curl/7.51.0
> Accept: */*
> Proxy-Connection: Keep-Alive
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Tue, 04 Jul 2017 14:32:03 GMT
< Server: Apache
< X-Powered-By: PHP/7.0.12
< X-Pingback: http://hayashier.com/xmlrpc.php
< Link: <http://hayashier.com/wp-json/>; rel=https://api.w.org/, <http://wp.me/P8lnQs-2>; rel=shortlink
< X-Frame-Options: SAMEORIGIN
< Vary: Cookie,Accept-Encoding
< X-Mod-Pagespeed: 1.9.32.14-0
< Cache-Control: max-age=0, no-cache
< Content-Length: 17392
< Content-Type: text/html; charset=UTF-8
< X-Cache: MISS from hayashier.info
< X-Cache-Lookup: MISS from hayashier.info:3128
< Via: 1.0 hayashier.info (squid/3.1.23)
* HTTP/1.0 connection set to keep alive!
< Connection: keep-alive
<
{ [11790 bytes data]
* Curl_http_done: called premature == 0
100 17392  100 17392    0     0  38520      0 --:--:-- --:--:-- --:--:-- 38563
* Connection #0 to host 52.41.123.30 left intact
```

```
$ sudo tail -f /var/log/squid/access.log
```

アクセスのログが記録される。 access.log

```
1499178222.199    403 35.162.193.203 TCP_MISS/200 17067 GET http://hayashier.com/ - DIRECT/54.89.215.227 text/html
1499178556.929    379 35.162.193.203 TCP_MISS/200 17009 GET http://hayashier.com/ - DIRECT/54.89.215.227 text/html
1499178768.861    448 35.162.193.203 TCP_MISS/200 17974 GET http://hayashier.com/ - DIRECT/54.89.215.227 text/html
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hayashier.gitbook.io/article/others/squid-get-started.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.