How to install Apache Traffic Server as forward proxy

   December 25, 2013  Leave a comment

There are nice open source proxy servers out there. After quick researching, picked Apache Traffic Server as my proxy server projects, forward proxy and reverse proxy.

This documentation will be provided basic installation steps, tips and troubleshooting.

 

1. Required packages

Ubuntu 13.10

  • pkgconfig(For apt installer : pkg-config)
  • libtool
  • gcc (>= 4.3 or clang > 3.0)
  • make (GNU Make!)
  • openssl
  • tcl
  • expat
  • pcre (libpcre3-dev)
  • libcap (libcap-dev)
  • flex (for TPROXY)
  • bison
  • hwloc
  • lua (lua5.2)
  • curses
  • curl
  • libhwloc-dev
  • libboost-all-dev

ex) sudo apt-get install pkg-config

 

CentOS 6.5

  • gcc
  • gcc-c++
  • pkgconfig
  • pcre-devel
  • tcl-devel
  • expat-devel
  • openssl-devel
  • libcap
  • libcap-devel
  • hwloc
  • hwloc-devel
  • perl-ExtUtils-MakeMaker
  • libunwind
  • libunwind-devel
  • autoconf
  • automake
  • libtool

ex) yum install pkgconfig

 

 

2. If you want git clone, you need below packages. 

  • git and git-core
  • autoconf
  • automake

git clone https://git-wip-us.apache.org/repos/asf/trafficserver.git

 

3. Download Apache Traffic Server 4.1.2

wget http://apache.claz.org/trafficserver/trafficserver-4.1.2.tar.bz2

 

4. Extract

tar xf trafficserver-4.1.2.tar.bz2

 

5. Relocate directory

cd /trafficserver-4.1.2

 

6. Install

./configure

make check

sudo make install

 

7. Modify configuration file

open /etc/ld.so.conf file and add below line

include /usr/local/libexec/trafficserver

 

7-1. For  the "Forward Proxy", modify /usr/local/etc/trafficserver/records.config file

 

CONFIG proxy.config.url_remap.remap_required INT 1 to 0

If your proxy is serving as pure forward proxy, you will also want to set

CONFIG proxy.config.reverse_proxy.enabled INT 1 to 0

Etc.)
CONFIG proxy.config.http.no_dns_just_forward_to_parent INT 0
CONFIG proxy.config.http.forward.proxy_auth_to_parent INT 0
CONFIG proxy.config.http.insert_squid_x_forwarded_for INT1

 

7-2. For  the "Reverse Proxy", modify records.config and  remap.config files

7-2-1. /usr/local/etc/trafficserver/records.config

CONFIG proxy.config.http.server_port INT 80
CONFIG proxy.config.proxy_name STRING svr1.tecadmin.net
CONFIG proxy.config.url_remap.pristine_host_hdr INT 1

7-2-2. /etc/trafficserver/remap.config
map http://svr1.tecadmin.net:80/  http://localhost:82/
reverse_map http://localhost:82/ http://svr1.tecadmin.net/

 

7-3. Caching file setup

Modify file "Storage.config" (in this case /usr/local/etc/trafficserver)

Add below statement for 5GB caching file size. cache.db file will be created under the directory.

/usr/local/etc/trafficserver 5000M

 

8. Reset the configuration file

sudo ldconfig

 

9. Start and stop.

 

sudo trafficserver start \ stop \ restart 

or

service trafficserver start \ stop \ restart 

traffic_line -x <– soft reset.

 Ex) Once Apache Traffic Server is running correctly, you would see below output.

 

[root@TS-Srv-CentOS trafficserver]# service trafficserver restart
Stopping traffic_cop:                                      [  OK  ]
Stopping traffic_manager:                            [  OK  ]
Stopping traffic_server:                                 [  OK  ]
Starting Apache Traffic Server:                    [  OK  ]

 

9-1. Traffic Server to start at boot:.

chkconfig trafficserver on

 

10. Statistics

[root@TS-Srv-CentOS trafficserver]# traffic_logstats -s | more

:

:

                        Totals (all Origins combined)

Request Result                         Count    Percent       Bytes    Percent
——————————————————————————
Cache hit                                 34      3.53%    739.67KB      0.30%
Cache hit IMS                              0      0.00%      0.00KB      0.00%
Cache hit refresh                        254     26.35%    231.60KB      0.09%
Cache hit other                            0      0.00%      0.00KB      0.00%
Cache hit total                          288     29.88%    971.27KB      0.39%

Cache miss                               461     47.82%     11.52MB      4.76%
Cache miss IMS                            96      9.96%    186.89KB      0.08%
Cache miss refresh                         1      0.10%      7.25KB      0.00%
Cache miss other                           0      0.00%      0.00KB      0.00%
Cache miss total                         558     57.88%     11.71MB      4.84%

Client aborted                            66      6.85%    229.23MB     94.76%
Connect failed                            14      1.45%      2.27KB      0.00%
Invalid request                           22      2.28%      2.41KB      0.00%
Unknown error(99)                         16      1.66%      0.00KB      0.00%
Other errors                               0      0.00%      0.00KB      0.00%
Errors total                             118     12.24%    229.23MB     94.77%
……………………………………………………………………
Total requests                           964    100.00%    241.89MB    100.00%
 

:

 

[root@TS-Srv-CentOS trafficserver]# traffic_logstats -h ; for help

 

* Above command will bring stats from file on /usr/local/var/log/trafficserver/squid.blog
 

 

11. Tips

> All configuration files : /usr/local/etc/trafficserver

> All executable files : /usr/local/libexec/trafficserver

> Monitoring traffic & log files : var/log/trafficserver 

> Install with Yum on CentOS.


CentOS/RHEL 6, 32 Bit:
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

CentOS/RHEL 6, 64 Bit:
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 

Yum install trafficserver (it will install Traffic Server ver.3.0.4)

 

12. Stats and verifying

To see host database statistics, try
# traffic_line -r proxy.process.hostdb.total_lookups
# traffic_line -r proxy.process.hostdb.total_hits

To see a DNS total lookups
# traffic_line -r proxy.process.dns.total_dns_lookups

To see average lookup time (msec)
# traffic_line -r proxy.process.dns.lookup_avg_time

To see DNS successes
# traffic_line -r proxy.process.dns.lookup_successes

To see total DB lookups
# traffic_line -r proxy.process.hostdb.total_lookups

To see total DB hits
# traffic_line -r proxy.process.hostdb.total_hits

To see Time TTL (min)
# traffic_line -r proxy.process.hostdb.ttl

To see cache hit just from disk and not ram:
# traffic_line -r proxy.process.cache.ram_cache.hits

To see live log
# traffic_logcat -f /usr/local/var/log/trafficserver/squid.blog
 
To purge entire cache
# traffic_server -Cclear

 

More……

# traffic_line -r proxy.process.http.cache_hit_fresh
# traffic_line -r proxy.process.http.cache_hit_revalidated
# traffic_line -r proxy.process.http.cache_hit_ims
# traffic_line -r proxy.process.http.cache_hit_stale_served
# traffic_line -r proxy.process.http.cache_miss_cold
# traffic_line -r proxy.process.http.cache_miss_changed
# traffic_line -r proxy.process.http.cache_miss_not_cacheable
# traffic_line -r proxy.process.http.cache_miss_client_no_cache
# traffic_line -r proxy.process.http.cache_miss_ims

>Events of Log::error()
# traffic_line -r proxy.process.log.event_log_error_ok
# traffic_line -r proxy.process.log.event_log_error_skip
# traffic_line -r proxy.process.log.event_log_error_aggr
# traffic_line -r proxy.process.log.event_log_error_full
# traffic_line -r proxy.process.log.event_log_error_fail
 

>Events for Log::access()
# traffic_line -r proxy.process.log.event_log_access_ok
# traffic_line -r proxy.process.log.event_log_access_skip
# traffic_line -r proxy.process.log.event_log_access_aggr
# traffic_line -r proxy.process.log.event_log_access_full
# traffic_line -r proxy.process.log.event_log_access_fail

>Logging Data to/from network/disk
# traffic_line -r proxy.process.log.num_sent_to_network
# traffic_line -r proxy.process.log.num_received_from_network
# traffic_line -r proxy.process.log.num_flush_to_disk
# traffic_line -r proxy.process.log.bytes_sent_to_network
# traffic_line -r proxy.process.log.bytes_received_from_network
# traffic_line -r proxy.process.log.bytes_flush_to_disk
# traffic_line -r proxy.process.log.bytes_written_to_disk
# traffic_line -r proxy.process.log.log_files_open
# traffic_line -r proxy.process.log.log_files_space_used

> Error & ignore mismatch
# traffic_line -r proxy.config.http.cache.ignore_accept_mismatch
# traffic_line -r proxy.config.http.cache.ignore_accept_language_mismatch
# traffic_line -r proxy.config.http.cache.ignore_accept_encoding_mismatch
# traffic_line -r proxy.config.http.cache.ignore_accept_charset_mismatch

 

 

13. Troubleshooting

13-1. If you can browse your Apache Traffic Server from local, but outside.  Check firewall setting, /etc/sysconfig/iptable.

 

CentoOS 6.5 default setting of iptable is

 

> Firewall configuration written by system-config-firewall
> Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT

 

add below with below statements.

– A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
– A INPUT -p tcp -m tcp –dport 8080 -j ACCEPT
– A INPUT -p tcp -m tcp –dport 443 -j ACCEPT

You could block icmp with below statement.
– A INPUT -j REJECT –reject-with icmp-host-prohibited
 

Dont’ forget restart service

service iptables restart

service iptables restart

 

 

13-2. Does httpd/Apache service require for Apache Traffic Server(ATS)?

Not necessarily, but it helps when you test a connectivity and ports.

 

Leave a Reply