How to cache Fedora RPM’s with Squid Proxy, an easy solution

Often there are many computers on your LAN that need to be updated when a new Fedora is released or just for the usual DNF UPDATE — you don’t want to re-download all the patches and you don’t want to wait for them to be downloaded.

This is where Squid comes to the rescue — with some tweaking, it can help us cache the files, EVEN if each client decides to fetch from a different mirror.

The first thing to do is to configure Squid..
add these into /etc/squid/squid.conf :

url_rewrite_program /etc/squid/squid-urlrewrite
url_rewrite_children 20 startup=1 idle=1 concurrency=10000

This tells squid to consult with the above program whenever a request is made, and change the request to another URL if necessary.

Now download and install ,
putting the resulting binary to /etc/squid

Now create a file called /etc/squid-urlrewrite.conf and put these in it

# loglevel
# info: default
# debug: more detail info
# log messages are write to syslog
loglevel debug

# rewrite  <regexp> <target>
# redirect <regexp> [301;]<target>

# mirror template:
# rewrite ^http://somesite/somedir/fedora/linux/(.*)$$1

# Change many common mirrors to :
rewrite ^http://fedora\.mirror\.garr\.it/fedora/linux/(.*)$$1
rewrite ^http://fedora\.mirror\.root\.lu/(.*)$$1
rewrite ^http://www\.nic\.funet\.fi/pub/mirrors/*)$$1
rewrite ^http://ftp\.halifax\.rwth-aachen\.de/fedora/linux/(.*)$$1
rewrite ^http://fedora\.uib\.no/fedora/linux/(.*)$$1
rewrite ^http://mirrors\.uni-ruse\.bg/fedora/linux/(.*)$$1

# rpmfusion
rewrite ^ftp://mirror\.proserve\.nl/rpmfusion/(.*)$$1

The above file contains some mirrors that are commonly accessed by my computers. You will need to add more if your computers decide to use mirrors other than garr, root, funet or halifax. The template is simple:
rewrite ^somehost/somedir/fedora/linux/(.*)$$1

replace somehost/somedir with what you see in squid logs. The right side always stays the same.

Why plusline? Since plusline was the first one that my server picked on, I resulted using it for ALL my computers – since I did not want multiple copies of each file stored in squid.

Now that squid is ready, you can tell DNF to start using it.. On each computer on your LAN, add this to the /etc/dnf/dnf.conf file:


This assumes that your squid lives on and is listening to port 3300.

Thats it.. when you do a dnf update or dnf system-upgrade, it should use the squid.. In the squid logs, you should see an access to the ftp.plusline site.. if you see other sites, STOP the dnf, edit /etc/squid-urlrewrite.conf and add that mirror to that file as well.. restart squid, restart dnf..

Suddenly no boot manager? Windows just boots?

If your system that used to dual-boot fine, one day just boots into Windows, with Linux nowhere to be found, you just need to add the Linux entry into the EFI boot manager.. No need to grub2-install, etc.

First find out which is the partition for linux with: fdisk -l /dev/sda

Then issue something like this from a rescue disk/flash drive..
Hint: -p is for partition number. Use the number you found above:

For centos:
# efibootmgr -c -d /dev/sda -g -p 2 -L “centos” -l ‘\EFI\centos\shim.efi’

or, for Fedora:
# efibootmgr -c -d /dev/sda -p 2 -L “fedora” -l ‘\EFI\fedora\grubx64.efi’

OPENVPN VERIFY ERROR: depth=0, error=certificate signature failure: /CN=blabla/C=DE/L=blabla/ST=blabla

If you start receiving the above error in the openvpn server logs, you need to add these two lines
to /etc/init.d/openvpn :

…towards the beginning of that file..

apparently Openvpn has changed something again without telling us.. It stopped supporting MD5 — unless enabled. This caused me much grief, and I hope I can prevent yours.