Setting up DansGuardian for Multiple Instances
Jack R. Anderson
Introduction
Multiple copies of Dansguardian may operate on the same server with some minor edits before compiling. This is useful for those that wish to have different filtering rules for different clients, yet use the same database for blocking. For instance, one copy could be running for adults with relatively loose rules, whereas another copy could be for children with the "naughtynesslimit" set low, maybe extra categories of the database used, or for the aggressive maybe just using a whitelist.
The different instances are configured by using separate port numbers for each proxy. They are virtually separate copies including separate blocking pages except they are allowed to utilize the same database if they wish.
One comment, the edits below are the minimal for operation. I did not edit any of the error statements which could be helpful in case of a problem to know which copy had the issue.
Initial Setup
In order to document the procedure, I reloaded a Linux server from scratch and documented the steps. The initial portion might be helpful for anyone setting up Dansguardian for the first time.
The server used has the following configuration:
Processor Celeron 500Mhz Hard Drive 13GB RAM 256MB
Redhat Linux 9 was loaded with the following packages:
X Window System not required Gnome Desktop Environment not required Editors Graphical Internet not required Web Server Development Tools Administration Tools not required All the latest patches were then installed.
Squid
Squid was already loaded (squid-2.5 STABLE1-2). However, I removed this and loaded the current stable version of squid-2.5.STABLE2 from http://www.squid-cache.org.
First I saved the init script /etc/init.d/squid so that I didn't have to recreate it later. The old squid was removed by:
rpm -e squid-2.5.STABLE1-2
After copying the new squid release into the directory /usr/src/squid, the following commands were run from the install directory:
tar -zxpf squid-2.5.STABLE2.tar.gz
cd squid-2.5.STABLE2
./configure --prefix=/usr/local/squid
make all
make install
At this point Squid is now installed in /usr/local/squid. The file /usr/local/squid/etc/squid.conf must be edited before starting. I won't go into the details here, but be certain that the localhost is allowed to access squid.
Create squid init file in /etc/init.d. I copied this from the original squid installation with some edits. In order to enable this at startup you must use:
chkconfig squid on
ln -s /usr/local/squid/sbin/squid /usr/sbin/squid
The initial squid cache must be configured by:
mkdir /usr/local/squid/var/cache (The directory “log” should already be there)
So that the user squid has permission to write to these directories, the owner and group of these two directories (cache and log) must be changed to squid. From /usr/local/squid/var:
chown squid *
chgrp squid *
Now we are almost ready to start up squid, but the initial swap directories must be created by:
/usr/local/squid/sbin/squid -z to create the swap directories
Then finally:
/etc/init.d/squid start
Squid should now be running.
Two last items:
cp /usr/local/squid/libexec/cachemgr.cgi /var/www/cgi-bin/
/etc/init.d/httpd start (to bring up Apache)
DansGuardian
Dansguardian 2.6.1 was chosen for this example, but this has been done on earlier version and also 2.7.0-1 with - if my memory hasn't failed me - no differences. Initially I placed the tar file in /usr/src/dansguardian and ran:
tar -zxpf DansGuardian-2.6.1-0.source.tar.gz
cd DansGuardian-2.6.1
Edit the following lines in these files:
configure
sysconfdir='/etc/dansguardian/' sysconfdir='/usr/dansguardian1/' cgidir='/home/httpd/cgi-bin/' cgidir='/var/www/cgi-bin/' logdir='/var/log/dansguardian/' logdir='/var/log/dansguardian1/' echo "dansguardian.pid" >> dansguardian.sysv echo "dansguardian1.pid" >> dansguardian.sysv echo "filterport = 8080" >>dansguardian.conf echo "filterport = 8081" >>dansguardian.conf ConnectionHandler.cpp
#define __IPC "/tmp/.dguardianipcc"
#define __IPC "/tmp/.dguardian1ipcc" #define __URLIPC "/tmp/.dguardianurlipcc" #define __URLIPC "/tmp/.dguardian1urlipcc" #define __IPC "/tmp/.dguardianipc" #define __IPC "/tmp/.dguardian1ipc" #define __URLIPC "/tmp/.dguardianurlipc" #define __URLIPC "/tmp/.dguardian1urlipc" danguardian.cpp
pidfile += "dansguardian.pid"; pidfile += "dansguardian1.pid"; FatController.cpp
#define __IPC "/tmp/.dguardianipcc" #define __IPC "/tmp/.dguardian1ipcc" #define __URLIPC "/tmp/.dguardianurlipcc" #define __URLIPC "/tmp/.dguardian1urlipcc" #define __IPC "/tmp/.dguardianipc" #define __IPC "/tmp/.dguardian1ipc" #define __URLIPC "/tmp/.dguardianurlipc" #define __URLIPC "/tmp/.dguardian1urlipc" string ipcfilename = "/tmp/.dguardianipc"; // Needs deleting if its there string ipcfilename = "/tmp/.dguardian1ipc"; // Needs deleting if its there ipcfilename = "/tmp/.dguardianurlipc"; // Needs deleting if its there ipcfilename = "/tmp/.dguardian1urlipc"; // Needs deleting if its there SysV.cpp
string ipcfilename = "/tmp/.dguardianipc"; string ipcfilename = "/tmp/.dguardian1ipc"; ipcfilename = "/tmp/.dguardianurlipc"; ipcfilename = "/tmp/.dguardian1urlipc"; Now you want to save what you just did so that it may be used for the other instances of Dansguardian. So back out of this directory to /usr/src/dansguardian and copy this edited directory to a working copy by:
cp -rvp DansGuardian-2.6.1 dg261-1
Go into this working directory and compile Dansguardian copy 1.
cd dg261-1
./configure
make
make install
make clean
Now we have several more edits before turning everything is ready. Go to /etc/init.d and rename dansguardian since each of the instances will need a separate startup script.
cd /etc/init.d
mv dansguardian dansguardian1
Now edit this script:
dansguardian1
# processname: dansguardian # processname: dansguardian1 if [ -f ${BINARYLOCATION}dansguardian ] && if [ -f ${BINARYLOCATION}dansguardian1 ] && if ${BINARYLOCATION}dansguardian </dev/null >& /dev/null; then if ${BINARYLOCATION}dansguardian1 </dev/null >& /dev/null; then [ -d /var/lock/subsys ] && touch /var/lock/subsys/dansguardian [ -d /var/lock/subsys ] && touch /var/lock/subsys/dansguardian1 if ${BINARYLOCATION}dansguardian -q </dev/null >& /dev/null; then if ${BINARYLOCATION}dansguardian1 -q </dev/null >& /dev/null; then /bin/rm -f ${PIDDIR}dansguardian.pid /bin/rm -f ${PIDDIR}dansguardian1.pid /bin/rm -f /tmp/.dguardianipc /bin/rm -f /tmp/.dguardian1ipc [ -d /var/lock/subsys ] && /bin/rm -f /var/lock/subsys/dansguardian [ -d /var/lock/subsys ] && /bin/rm -f /var/lock/subsys/dansguardian1 if [ -f ${BINARYLOCATION}dansguardian ]; then if [ -f ${BINARYLOCATION}dansguardian1 ]; then ${BINARYLOCATION}dansguardian -s ${BINARYLOCATION}dansguardian1 -s Configure the service to start at boot time by:
chkconfig dansguardian1 on
Rename the executable:
cd /usr/sbin
mv dansguardian dansguardian1
Rename the perl blocking file:
cd /var/www/cgi-bin
mv dansguardian.pl dansguardian1.pl
Edit dansguardian.conf:
cd /usr/dansguardian1
dansguardian.conf
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian1.pl' Be certain you enter your real server name or IP so that the blocking page works properly.
NOW:
/etc/init.d/dansguardian1 start
If all went correctly, the first copy of DansGuardian should be running on port 8081. Now let's do it all over again!
Make the second copy by:
cd /usr/src/dansguardian
cp -rvp DansGuardian-2.6.1 dg261-2
cd dg261-2
Reedit all the files by replacing all the 1's with 2's. Then compile and configure as during the first time except for instance 2. You could do this as many times as practical. I have had five copies running in the same server.
If you did change all the 1's to 2's, then this second copy should be operating on port 8082. You can test your installation by putting a test site in the bannedsitelist file of one of the configuration folders and restart that copy. Your test site should be blocked on one port but not on the other.
At this point the configuration files in each of the instances need to be tuned for operation.