At work I needed access to CentOS's vault site (http://vault.centos.org) from an internal network without outside access. I set a list of requirements for this task:

• Everything should be cached to accelerate subsequent pulls
• I should be able to hit a web server without specifying a port
• I wanted to minimize total caches I had to manage

Since I already had a working Squid & Apache installation, I used those.

Squid Configuration

I wanted to have Squid use a total of 5GB of space and only cache objects < 500MB in size. Season to taste.

cache_dir ufs /var/spool/squid 5120 16 256
maximum_object_size 512000 KB

Now I need to tell Squid to proxy to vault.centos.org on local port 8080

http_port 127.0.0.1:8080 accel defaultsite=vault.centos.org

Now we'll set expiration policies. Keep RPMs around, quickly expire repository data.

# keep RPMs for 7-10 days, keep repository data for 5-30 minutes
refresh_pattern \.rpm$          10080   100%    14400
refresh_pattern repodata        5       50%     30

There's probably a better way to do this involving ACLs, but I just use a blanket statement. Put this at the end of the config file.

always_direct allow all

Now you'll want to restart squid.

Apache Configuration

You'll need to properly configure VirtualHosts in Apache. This is as simple as adding the following to /etc/httpd/conf/httpd.conf

NameVirtualHost *:80

I saved this as /etc/httpd/conf.d/vault.conf since Apache 2 in RHEL has an include against conf.d/*.conf. This a very simple VirtualHost that takes advantage of ProxyPass & ProxyPassReverse. The trailing slash is extremely important.

<VirtualHost *:80>
    ServerName vault.duncanbrown.org
    ServerAlias vault.duncanbrown.org
    ErrorLog /var/www/vault/logs/error_log
    CustomLog /var/www/vault/logs/access_log common

    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
</VirtualHost>

Now you'll want to restart Apache.

Finishing Up

Once your DNS is configured properly & your domain name resolves everything should work.