Chapter 2. Installing the Netscape Proxy Server

This chapter describes how to prepare to install Netscape Proxy Server software on your system, and what the installation does. Your software release notes provide the actual software installation procedure.

Before You Begin Installing

Before you install the Netscape Proxy Server, make sure you have the following items prepared. This makes the installation process much smoother.

Make Sure DNS is Up and Running

When you install the Netscape Proxy Server, some items on the installation forms request either a hostname or an IP address (or multiple entries of the same) as input strings.

  • A hostname is a name for a specific computer in the form system_name.subdomain_name.domain_name, which is translated into a dotted IP address by a Domain Name Service (DNS). For example, www.sgi.com is the system www in the subdomain sgi in the domain com.

  • Internet Protocol (IP) address is a set of numbers, separated by dots, that specifies the actual location of a system on the Internet. For example, the hostname www.sgi.com has the IP address 192.82.208.8.

As you prepare for installation, make sure your Domain Name Service (DNS) is up and running properly. Otherwise, the proxy server can't resolve hostnames and can't connect to any remote hosts.

Create an Alias for the Server

If your server will run on one system among many in a network, you or your system administrator should set up a DNS CNAME record or an alias (such as “proxy”) that points to the actual proxy server system. Later, should the need arise, you can change the actual hostname or IP address of the server host without having all the proxy's clients change their browsers.

Create an IRIX User Account

You need to be logged in as root (or superuser) to install the server. However, you don't necessarily want the server to run as root all the time. You probably want the server to have restricted access to your system resources and run under a non-privileged system user account. In this case, you need to create an IRIX user account for the server. When the server launches, it runs as this user. Likewise, any child processes of the server are created with this server user as the process owner.

You can choose the user ”nobody” if you wish, but this might not work on some systems. Some systems ship with a UID of -2 for the user “nobody”. A UID less than zero generates an error during installation. Check the /etc/passwd file to see if the UID for “nobody” exists and that it is greater than zero.

If you'd prefer to use an account other than nobody, just create and use a regular IRIX user account. (If you don't know how to create a new user on your system, refer to the Personal System Administration Guide.)


Caution: We strongly recommend that you use a dedicated account to further ensure system security.


Choose a Unique Port Number

Port numbers for all network-accessible services are maintained in the file /etc/services. The standard HTTP port number is 80, but currently there isn't a standard port number for proxies. Commonly used ports are 8000 and 8080. If you use the Netscape Proxy Server's built-in SOCKS daemon, you should use the SOCKS port 1080.

Make sure the port you choose isn't in use. Look at the file /etc/services on the server system to make sure you don't assign a port number that is used by another service.

If you choose a port number less than 1024, you'll need to be logged in as root or superuser to start the proxy server. After the proxy is bound to the port, the server changes from root or superuser to the user account you specify. If you choose a port number greater than 1024, you don't have to be root or superuser.

Replace an Existing Proxy Server

If you're already running a proxy server, you should install the Netscape Proxy Server to a different port first. After the Netscape Proxy Server is properly set up, shut down the old proxy and then change the new proxy to use the different port.

If you want to install the proxy server using the same port number as the current proxy server, you must shut down the existing server first.


Caution: The proxy server must be installed in an empty directory. The installation process uses /var/ns-proxy by default.


Root or User Installation

Before you install the server, you should be logged in as the root user unless you meet all of the following conditions:

  • You plan to install the server on a port greater than 1024.

  • The location where you plan to install the server (the server root directory) is writeable with your current login status.

  • The location you plan to use for the cache root is writeable with your current login status.

This means you should be logged in with the user account that the proxy will use. Regardless of your login, make sure the following standard IRIX programs are in your PATH while you run the installation process:

  • cut

  • expr

  • find

  • grep

  • sed

  • sort

  • tee

  • uniq

  • whoami

The installation HTML forms collect data that the installation process later uses to generate the configuration files called magnus.conf and obj.conf (the proxy uses these files when it runs to control how it works). If you don't understand a setting, you can use the default value and later change it via the Administration forms. If you need more information about the options on the installation forms, see Chapter 3.

When you submit the installation forms, you'll get an error if you don't have sufficient rights to the server root directory (the directory where you want to install the server). If this happens, you can go back to the install forms and choose another directory, or you can go to the filesystem and change your user permissions, then resubmit the forms. You can also quit the installation, login as root, and redo the installation.

What the Installation Does

After you fill out all of the installation forms and click the link called Install the Proxy Server, the actual installation takes place. Before that point, no file outside of the installation working directory is modified.

Some temporary files are written to /tmp and removed after installation. No other files or directories are modified in any way.

The installation process places all the files under the server root directory that you specified in the installation forms. If you enabled caching, the cache framework is created under the cache root directory. The following files and directories are created under the server root directory:

  • ns_proxy is the proxy program.

  • ns-gc is the garbage collector program.

  • utils/pstats is the access log analyzer program.

  • ns-icons/ contains icons for FTP listings and Gopher menus.

  • admin/config/magnus.conf is the server's main technical configuration file.

  • admin/config/obj.conf is the server's object configuration file.

  • admin/config/mime.types is the file the server uses to convert filename extensions such as .GIF into a MIME type such as image/gif.

  • admin/config/admpw is the administrative password file.

  • admin/html/ contains the Administration forms used to configure and maintain the proxy after installation.

  • admin/bin/ contains all CGI programs for the Administration forms.

  • admin/userdb/ contains all user databases.

Restart the Server Automatically

Once the Netscape Proxy Server is installed, it and its child processes run constantly, listening for and accepting requests. If your system crashes or is taken offline, the server processes die with it. Make sure your server is configured for automatic restart on reboot with the following procedure

  1. Use the chkconfig command to see if the proxy server is set to “on”:

    # chkconfig | grep ns_proxy
    

  2. If you see:

    ns_proxy off
    

    Enter the following command:

    # chkconfig ns_proxy on
    

and repeat step 1 until you see:

ns_proxy on

When the system is rebooted, the server starts automatically.

Starting and Stopping the Server Manually

If you should ever need to start the server from the command line, you must log in as root or become superuser and type this at the command-line prompt:

# /etc/init.d/ns_proxy start

If you should ever need to stop the server manually, log in as root or become superuser, check the full process load using ps -el to see if other users might be using the server and, if not, type this at the command-line prompt:

# /etc/init.d/ns_proxy stop

Using the Netscape Proxy Manager

After you install the Netscape Proxy Server files, the proxy server should run without problems. However, you might need to change configuration information (by adding security) or perform general maintenance on the server. All of this is done with the Netscape Proxy Server Manager. The proxy manager is a set of forms you use to change options and control your proxy server. You can view the proxy manager immediately after installation (there is a link to the proxy manager).

To view the proxy manager at any time,

  1. Use a forms-capable browser (such as the Netscape Navigator) to point to the URL:

    http://[servername].[yourdomain].[domain]:[port]/admin/
    

  2. You'll be prompted for a user name and password. This is the administration user name and password you specified during the installation process. Figure 2-1 shows the proxy manager form.

The rest of this manual describes the forms and options used to manage and maintain your proxy server.

Figure 2-1. Netscape Proxy Manager Form


Troubleshooting Installation

This section describes the most common installation problems and how to solve them.

  • You accidentally denied all access to the Administration forms.

Log in as root or with the proxy's user account. In the server root directory, edit the magnus.conf file. See “magnus.conf File” for more information on this file.

  • You don't have access to the proxy.

Log in as root or into the proxy's user account. In the server root directory, edit the obj.conf file and remove the following lines:

<Client dns="[wildcardpattern]" ip="[wildcardpattern]">
PathCheck fn=deny-service
</Client>

The wildcard pattern matches your DNS or IP address. You can also edit the wildcard patterns so that your user account information isn't included. To deny service to everyone except a select group, use *~ before the wildcard pattern (for example, *~*sgi.com denies service to everyone not from the sgi.com domain). See “Understanding Wildcard Patterns” for more information on wildcard patterns.

  • Clients can't locate the proxy server.

First, try using the hostname. If that doesn't work, use a fully qualified name (such as proxy.domain.dom). If that doesn't work, use the dotted IP address.

  • Icons don't view properly in client programs.

It's possible the settings in mime.types are wrong. View the source of the documents that have the incorrect icons and look at the URL for the image, then make sure the reference in mime.types is correct.

  • The proxy is slow, and transfers take too long.

If you log files to SYSLOG, you might encounter reduced performance. Switch to using the proxy's error log files instead. The proxy host might need more RAM, or if there are other applications on the proxy host, they might be using CPU cycles, which degrades proxy performance.

You can reduce transfer time by configuring the cache refresh setting. See “Cache Refresh Setting” for more information.