Step 1 - Setting up Squid Proxy Server
To setup a Squid Proxy Server locally, you can follow the instructions available here.
Step 2 - Configuring Squid Proxy Server - updating the squid.conf file
Add the following line under the acl section
acl squid.proxy.server src appserver.wso2.com
Note: If you will not be able to start the squid server with the above config, you might have to set an /etc/hosts entry for the host appserver.wso2.com.
The following should be added before the http_access TAG
http_access allow squid.proxy.server
Note: We will be referring to this proxy server instance by the name squid.proxy.server. Hence, you need to add this entry to the /etc/hosts file which resides in your local instance as well as to the instance where the Squid server is running.
Add the following port information before the https_port TAG section
http_port 8888
Once the above is added to the squid.conf file, restart the Squid server
sudo service squid3 restart
Step 3 - Enabling the proxy configuration in WSO2 ESB
To do this, add the below configuation to the axis2.xml under the PassThroughHttpSender, PassThroughHttpSSLSender configuration
<parameter name="http.proxyHost" locked="false">squid.proxy.server</parameter> <parameter name="http.proxyPort" locked="false">8888</parameter>
Step 4 - Creating a Proxy Service
Once the above configurations are done and the WSO2 ESB server is restarted, you can create a simple Passthrough Proxy service to test the scenario.
Note that as the endpoint, I am using a backend where I'm referring to from a host name called appserver.wso2.com. This was the hostname which we added to the squid.conf file above under the acl section.
<proxy name="SSLTunnelingProxy"
transports="https http"
startOnLoad="true"
trace="disable">
<description/>
<target>
<inSequence>
<send>
<endpoint>
<address uri="https://appserver.wso2.com/services/SimpleStockQuoteService"/>
</endpoint>
</send>
</inSequence>
<outSequence>
<send/>
</outSequence>
</target>
</proxy>
Step 5 - Setting up the backend
For this scenario, you can take an WSO2 Application Server instance and start it up with ports 443 and 80 as default ports. Then, set the HostName parameter in carbon.xml to appserver.wso2.com. Deploy the SimpleStockQuoteService and you are ready to go.
Step 6 - Invoking the Proxy Service
Using a preferred client of yours you can test the scenario. If the message is sent through the Proxy server, you should see logs as shown below in /var/logs/squid/access.log file.
1493112155.126 49234 127.0.0.1 TCP_MISS/200 2335 CONNECT appserver.wso2.com:443 - HIER_DIRECT/192.168.53.176 -
1493112888.241 0 10.100.7.144 TCP_DENIED_REPLY/403 3429 CONNECT appserver.wso2.com:443 - HIER_NONE/- text/html
Step 7 - Configure authentication in Squid
To enable authentication in Squid, the following configuration needs to be done.
Add the following to the squid.conf profile under TAG: auth_param
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwords
auth_param basic realm proxy
Note: In ubuntu 12 - the file should be ncsa_auth & in ubuntu 14 - the file is basic_ncsa_auth.
Next, under the TAG: acl add the following
acl authenticated proxy_auth REQUIRED
The following should be added under the TAG: http_access.
http_access allow authenticated
Step 8 - Setting up a user
As a pre-requisite Apache2 Utils will have to be installed.
sudo apt-get install apache2-utils
To create a new user, use the following command.
sudo htpasswd -c /etc/squid3/passwords <
When it prompts for the password, specify a password of your choice.
