Server

Web Server Upgrade

Posted on by Tyrone

Its been 1 year since I began using a HP ProLiant DL360 G3 as my web server to host this web site. The last server upgrade was talked about in this post. During that time I have had two fan kit fail which caused a around a week of down time. I knew it was time to decommission the aging server. The HP ProLiant DL360 G3 server  had caused me issues long before it started to fail such as it doesn’t support a 64 bit operating system, limited ram slots, only supports two hard disks and the lack of processing power meant that a reverse proxy (Varnish) was a must.

My replacement server is a HP ProLiant DL380 G4. The specs for this server are as:

  • 64 bit support
  • 6 GB of RAM
  • Two  Intel Xeon CPUs clocked at 3.60GHz with hyperthreading
  • Two 72 GB SCSI 15,000 RPM hard disks in a RAID 1 for the root file system
  • Four 146 GB SCSI 15,000 RPM hard disks in a RAID 10 for the www and mysql data

Just like the old server I am running Ubuntu Linux 12.04 LTS as my operating system but this time I can install the 64 bit version. Due to the upgrade in performance I have chosen to not install varnish or any reverse proxy but simply use PHP caching.  I went with APC (Alternative PHP Cache) as is maintained by PHP.  I have done some basic performance testing and found that my router is more likely to freeze due to high load than my web server.

Filter YouTube with YouTube For Schools and squidGuard

Posted on by Tyrone

Before we start

Your LAN must already run a production instance of squid running on a Linux operating system such as Ubuntu.

For this guide, I was using Ubuntu Server 12.04 LTS which ships with squid/3.1.19. The guide has been tested on both 32 & 64 bit builds.

Ensure the following top-level domains are not blocked

youtube.com
ytimg.com

Sign up for a YouTube for school account

Go to http://www.youtube.com/account_school and sign up for a YouTube For school Account. The sign up process should only take minutes.

Once you account is created go to http://www.youtube.com/account_school and under the Instrucations heading, Step 1, search for the following string X-YouTube-Edu-Filter: the random numbers and letters after that string are your account ID. The account ID is required for the redirection to work correctly. Please document your account ID.

ABCD1234567890abcdef

Install squidGuard

squidGuard is the URL rewrite program. To install use the following command

proxy:~$ sudo apt-get install squidguard

Edit squidGuard configuration

Lets backup the default squidGuard configuration as it has examples which as useful but none of which we require.
proxy:~$ sudo cp -v /etc/squid/squidGuard.conf /etc/squid/squidGuard.conf.original

So time to edit the squidGuard configuration and make it work for you.

proxy:~$ sudo vim /etc/squid/squidGuard.conf

Remove all the examples and paste in the new configuration from below. Please replace ABCD1234567890abcdef with your YouTube for Schools Account ID. Save and exit

#
# CONFIG FILE FOR SQUIDGUARD
#
# Caution: do NOT use comments inside { }
#
dbhome /var/lib/squidguard/db
logdir /var/log/squid
# ACL RULES:
#
rew youtube {
 s@(http://www.youtube.com/watch\?v=.*)@\1\&edufilter=ABCD1234567890abcdef@i
}
acl {
 default {
 pass any
 rewrite youtube
 }
}

Add squidGuard into your squid configuration

proxy:~$ sudo vim /etc/squid3/squid.conf

Search for url_rewrite_program and insert the following line. Save and exit.

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

Restart squid to enable squidGuard

To enable the config changes to the squid service.

proxy:~$ sudo service squid3 restart

YouTube for schools in now enabled

When you load http://www.youtube.com you be able to see all videos listed on the main page but when you attempt to watch these videos you will only be able to view content classified as educational by youtube or content that the has been added to the schools youtube account’s playlists.

While you can add staff into a list of teachers that can view all content, only the administrator (schools youtube account) can add content to be viewed by all students.

You may want to block access to youtube.com via HTTPS as squidGuard rewrite is unable to intercept SSL connections.

References

http://www.youtube.com/account_school

http://support.google.com/youtube/bin/static.py?hl=en&page=guide.cs&guide=2592683&topic=2592688

http://support.google.com/youtube/bin/static.py?hl=en&guide=2592683&topic=2592688&page=guide.cs&answer=2695317

http://squidguard.shalla.de/config/#Rewritegroups

https://help.ubuntu.com/community/SquidGuard