Setting Up Squid Proxy Server on Mac OS X Leopard

My goal is to set up a very basic proxy server on my Mac box on campus, so that I can have full access to subscription-based academic journals via the proxy on my laptop even when I am off campus.  Some schools provide such (library) proxies but my school unfortunately does not.  I want to set it up such that the proxy requires a password authentication in order not to make it wide open to the public.

Getting and Installing Squid

Download a tarball for a stable version from the repository.  The version that I use here is 2.7.  I assume the file is downloaded to /usr/local/src/squid.

$ cd /usr/local/src/squid
$ gunzip -c squid-2.7.STABLE6.tar.gz | tar xvf -
$ cd squid-2.7.STABLE6
$ ./configure
$ make
$ sudo make install
$ cd helpers/basic_auth/NCSA
$ make
$ sudo make install
$ sudo /usr/local/squid/sbin/squid -z
$ sudo chown -R nobody var

Squid will be installed at /usr/local/squid.  (The last command is necessary to run a daemon as user “nobody.”)

Configure Squid

First, prepare a NCSA-compliant encrypted password file as follows for a user (here with username johndoe).

$ cd /usr/local/squid/etc
$ sudo touch squid_passwd
$ sudo chmod o+r squid_passwd
$ sudo htpasswd squid_passwd johndoe
New password:
Re-type new passwod:
Adding passwod for user johndoe

Now, edit /usr/local/squid/etc/squid.conf. The following lines need to be added:

# Add this to the auth_param section
auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/squid_passwd

# Add this to the bottom of the ACL section
acl ncsa_users proxy_auth REQUIRED

# Add this at the top of the http_access section
http_access allow ncsa_users

Finally, run the server:

$ sudo /usr/local/squid/sbin/squid -N -d 1 -D

With firewall, I allow squid to be open to incoming connections.

The IP address or host name of your Mac box at the port 3128 will be available as a proxy server now.

Launch Squid on Startup with launchd

Under the directory /Library/LaunchDaemons, create a file squid.plist with the following content:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>tssquid</string>
    <key>OnDemand</key>
    <false/>
    <key>ProgramArguments</key>
    <array>
      <string>/usr/local/squid/sbin/squid</string>
      <string>-N</string>
      <string>-d 1</string>
      <string>-D</string>
    </array>
    <key>ServiceIPC</key>
    <false/>
  </dict>
</plist>

Then issuing

$ sudo launchctl load -w /Library/LaunchDaemons/squid.plist

will launch squid.  On reboot, the proxy should also be working automatically.

Launch Squid on Startup with SystemStarter

This method should be ignored in favor of the method with launchd described above. This one is incomplete anyways…

This is a server so it would be convenient if the proxy starts up upon reboot automatically.  Here is a Mac way to do it:

$ sudo mkdir /Library/StartupItems/squid
$ sudo touch /Library/StartupItems/squid/squid
$ sudo touch /Library/StartupItems/squid/StartupParameters.plist
$ sudo chmod +x /Library/StartupItems/squid/squid

The newly created files should have contents as follows.

squid:

#!/bin/sh

. /etc/rc.common

StartService()
{
 ConsoleMessage "Starting squid"
 /usr/local/squid/bin/RunCache &
}

StopService()
{
 ConsoleMessage "Stopping squid"
 # TODO: add a command to stop squid
}

RestartService()
{
 ConsoleMessage "Restarting squid"
 # TODO: add a command to restart squid
 StopService
 StartService
}

RunService "$1"

StartupParameters.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist
 SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
<plist version="0.9">
 <dict>
 <key>Description</key>
 <string>squid</string>
 <key>Provides</key>
 <array>
 <string>squid</string>
 </array>
 <key>Requires</key>
 <array>
 <string>Network</string>
 </array>
 <key>OrderPreference</key>
 <string>Last</string>
 </dict>
</plist>

References

Quick HOWTO: Ch32 : Controlling Web Access with Squid – Linux Home Networking

most (a pager application) Binary for Mac OS X Leopard

My favorite pager is most, not more or less, so I build a binary. Simply gunzip and put it in your bin directory.

Download MOST version 5.0.0 (S-Lang version pre2.2.0-121) for Mac OS X Leopard.

No warranty of any kind though.

Logitech MX Revolution in Mac OS X Leopard

I want to use this mouse as if it is a 3-button mouse, such that within X a middle click pastes the content in the clipboard.

I find the Logitech Control Center (LCC) for Mac OS X to work just fine.  After installation, it will show up under System Preferences under the category labeled “Other”.

First, in order to make One-Touch Search button (that’s a button right below the vertical scroll wheel) as the third button, plug in your Apple Mighty Mouse, go to System Preferences -> Keyboard & Mouse -> Mouse, and select the middle button to act as “Button 3″.  Then unplug the Mighty Mouse and plug in your MX Revolution again.  Awkward, but it works…

Miscellaneous Mac OS X Leopard Tips

Here is a list of miscellaneous tips when configuring my new iMac to my liking.

Disable Automatic Login & Password Protect the System

Apple Menu -> System Preferences -> Security -> General

Check the following: “Require password to wake this computer from sleep or screen saver” and “Disable automatic login.”

Firefall

Apple Menu -> System Preferences -> Security -> Firewall

and choose “Allow only essential services” for the maximum protection.  Use by-application/service option for more flexibility, when allowing remote login via ssh, for example.

Remote Login with SSH

Apple Menu -> System Preferences -> Sharing

Check “Remote Login.”  Don’t forget to reconfigure the firewall to allow ssh (see above).

Right Clicking with Apple Mouse

Apple Menu -> System Preferences -> Keyboard & Mouse -> Mouse

and specify “Secondary Button” for the right side of your Apple Mouse.

Japanese Input Method

Apple Menu -> System Preferences -> International -> Input Menu

and check the box for Kotoeri.  You can change the input method by clicking on a country-flag icon in the menu bar.

Setting Up Astro Research Environment on Mac OS X Leopard

In my new research environment I have an iMac.  My preferred solution is Linux, but I figured that sometimes learning new things is a good thing (though I have to sacrifice my efficiency which I developed over the years using a Debian-based Linux box).

There are nice existing resources, like

• OS X for Astronomers
• Setup a New Mac for Astronomy

so what I leave here is a quickie for myself based on the above sites.

X11

X11 comes with Leopard.  Just drag the X11 icon at /Applications/Utilities/X11 to your dock, so that clicking on it you have an X11 environment in which you can open up a shell terminal (Applications -> Terminal).

Xcode Tools

This one includes all the necessary development applications.  Install these from the Mac OS X installation DVD.  Xcode Tools can be found under the Optional Installs directory.

Fink

As an apt-get afficionado, I like the way I can use the APT-based packaging system on Mac OS X.  Basically you can use the apt-get command the way you do on Debian.  Go to the Fink project web site and download and install the software.  You can browse all the available packages as well.  Nice.

Software for Astrophysics

Use Scisoft for Mac OS X to install a bunch at once.  People are lazy but that’s how innovations arise, I suppose.  The package will be installed at /Applications/scisoft.

IRAF

As of this writing, the version of IRAF is 2.14.  Applying 2.14.1 patch is actually easy by overwriting:

1. Download IRAF binaries from ftp://iraf.noao.edu/iraf/v214/PCIX/ib.macx.x86.gz to /Applications/scisoft/all/Packages/iraf/irafbin/bin.macintel and just extract the archive with gzip and tar.
2. Download NOAO binaries from ftp://iraf.noao.edu/iraf/v214/PCIX/nb.macx.x86.gz to /Applications/scisoft/all/Packages/iraf/irafbin/noao.bin.macintel and extract the archive with gzip and tar.
3. Download the patch from ftp://iraf.noao.edu/iraf/v214/PCIX/patch1.tar.gz to /Applications/scisoft/all/Packages/iraf/iraf and extract the archive with gzip and tar.

It is also recommended to check the versions of external packages.  If outdated, you can simply install them under /Applications/scisoft/all/Packages/iraf/extern.

If you are reusing login.cl file from a Linux installation, make sure to update your home environmental variable:

set home = “/Users/username”

(in Linux, it would be “/home/username” of course.)

IMPORTANT: Also, do not forget to do this:

$ cp /Applications/scisoft/all/Packages/iraf/iraf/dev/imtoolrc ~/.imtoolrc

Otherwise you may see DS9 not behaving well…

DS9

Download from here and install the Leopard X11 version.

Others

• OpenOffice.org
• GIMP

TO BE CONTINUED.  Still need to install quite a few packages via apt-get.

sudo apt-get install wget emacs22 gv less

Microsoft Natural Ergonomic Keyboard 4000 on Mac OS X Leopard

I just wish the keyboard to work fairly close to iMac keyboard.  Windows (labeled Start) and Alt keys are “flipped,” which is annoying.  Following this article, I set up the keyboard.  Basically

Apple -> System Preferences -> Keyboard & Mouse (under Hardware submenu) -> Keyboard tab -> Modifier Keys

Select keyboard should be “Natural Ergonomic Keyboard 4000″ and you just need to swap the Option and Command modifier key bindings.  That’s it.

However, the above change makes the key locations resemble that of Mac.  I am too used to the PC culture of using Ctrl + some key, and my productivity suffers when I cannot position my left hand that way.  Roughly speaking, the Command key on Mac corresponds to the Ctrl key on PC, so I decided to swap them as well:

This works much better for me.

There are quite a few special keys that do not work the ways they do on Windows, but I don’t use them much anyways so it’s good for now.  I’ll keep adding instructions as I find them on the web.