Installation of Squid proxy server on CentOS/RHEL 7/8

In this article, you will learn Installation of Squid proxy server and configuration on Centos/RHEL 7/8

Squid is a cache proxy server for the web. It supports HTTPS, FTP, HTTPS, and many more. The main feature of the Squid proxy server is that it reduces the bandwidth uses, which improves the response time. And this is happening because it uses caching and reuses the most frequently requested web pages. It works as a medium between the web server and the client node.

For example, if a client is requesting a website, then Squid gets the information from that website and stores it locally. So, if any other client or the same client is asking for the same page, then simply Squid forward that locally stored copy of that website. After a certain period, the Squid server again deletes that locally stored copy of the website.

Internet Service Providers (ISPs) use this Squid proxy server since the beginning of the 1990s. The Squid Proxy server provide faster download speed and reduces latency. The main use of this Squid proxy server is media and video streaming. It removes the extra load from the main web server. It handles large internet traffic

Squid proxy server is available for Linux and also accessible for Windows. It is a free, open-source software package released under the GNU General Public License. It partially supports many other protocols like SSL, TLS, and Gopher.

Squid Features

  • Granular access control mechanisms
  • Monitoring of critical parameters via SNMP
  • Online anonymity
  • Improve loading time
  • Block malicious traffic
  • Circumvent country-wise restrictions
  • Improve online security
  • Reduce bandwidth consumption

Squid Alternatives

  • Pi-hole
  • Privoxy
  • Varnish
  • hBlock
  • Polipo
  • Tiny proxy
  • Apache Traffic Server
  • Exaproxy
  • Artica Proxy
  • 3proxy
  • Gate.js
  • Nuster

Now, we are going to install the Squid proxy server. Follow the below steps.

Preconditions

  • You must log-in with a root user or a user with sudo privilege.
  • You should be familiar with a basic firewall, but not necessary.
  • Some knowledge about SELinux (or you can disable it).

Step 1: Installation of Squid Proxy Server

Before going to install Squid Proxy, we’ll check any pending update of the software package with the below command.

sudo yum update

If it is asking for a user password, enter the password for that user.

* Squid is available in default software repositories, to install it, use the below command.

sudo yum install squid

Once, Installation has been done, start and enable the service of squid with the below command.

sudo systemctl start squid
sudo systemctl enable squid

Check the status of squid service with the below command

sudo systemctl status squid

You can see some of the commands in the picture as well,

Installation of Squid proxy server
Checking Squid service status.

Step 2: Configuration of Squid Proxy Server

Before starting the configuration part, you can find the below details valuable.

Squid configuration file: /etc/squid/squid.conf
The Squid Access log: /var/log/squid/access.log
Squid Cache log: /var/log/squid/cache.log

It is time to configure the squid server. I use vim editor, but you can use any like vi, nano, pico whatever editors are right for you. I always recommend, that if you are editing any configuration file, then take a backup of the original file. So I am going to take the backup of the original file with the help of the below command in different locations and directories, which I have created before i.e., /config-backup.

sudo cp -p /etc/squid/squid.conf /config-backup/squid.conf.bak

To edit,

sudo vim /etc/squid/squid.conf

Note: If you are making any changes in the configuration file, restart the squid service to apply that.

A) Changing the default port of the squid proxy server

Squid listens typically to port 3128 on all the network interfaces on the server. If you want to change the default listening port, and also you want to change the network interface IP, then you can find them http_port and change the port value here and even the IP address for a specific interface.

# Squid normally listens to port 3128
http_port IP_address:Port

For example, If your IP address is 192.168.43.25 and port you want 8012 then it will look like the below. http_port 192.168.43.25:8012.

B) Managing ACLs to allow IPs

All the control of the Squid server can be done using ACLs (Access Control Lists). By default, Squid allows access only from localhost and localnet.

If all of the clients that will use the proxy have an static IP address then it will be easy to create an ACLs file that will include the allowed IPs.

Here, I am going to create a file with the name of allowed_ips.txt and I will save its location /etc/squid.

— using vim editors,

vim /etc/squid/allowed_ips.txt and hit enter, now, you can put all IPs in this text file.

192.168.43.1
# All other allowed IPs

Once you have put all the IPs, you want to allow, then we can create a new ACL named allowed_ips (first highlighted line) and allow access to that ACL using the http_access directive (second highlighted line), which you can see below.

# ...
acl allowed_ips src "/etc/squid/allowed_ips.txt"
# ...
http_access allow localnet
http_access allow localhost
http_access allow allowed_ips
# And finally deny all other access to this proxy
http_access deny all

Note: The order of the http_access rules is important. Make sure you add the line before http_access deny all.

The http_access directive works similarly to the firewall rules. Squid reads the rules from top to bottom, and when a rule matches the rules below are not processed.

As we have made changes, restart the squid service,

sudo systemctl restart squid

C) Squid Authentication

You can use many backend authenticators like LDAP, Samba, HTTP to authenticate a legitimate user.

For example, I am going to configure a very basic authentication that built-in features of the HTTP protocol.

We are going to use the OpenSSL to generate the passwords and append the username:password pair to the /etc/squid/htpasswd file with the tee command as shown below:

printf "USERNAME:$(openssl passwd -crypt PASSWORD)\n" | sudo tee -a /etc/squid/htpasswd

The user, I’m creating named amit and password will be p@ssw0rd

The complete command will be,

printf "amit:$(openssl passwd -crypt p@ssw0rd)\n" | sudo tee -a /etc/squid/htpasswd

You can see in the below picture as well (It maybe ask for user login password)

installation squid proxy server

Configuration of HTTP basic authentication

We have to configure Squid to enable the HTTP basic authentication and use the file. Open the main configuration file of squid i.e. /etc/squid/squid.conf and add the following:

# ...
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# ...
http_access allow localnet
http_access allow localhost
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all

We have created a new ACLs named authenticated with the help of the first three highlighted lines. The last highlighted line is allowing access to authenticated users.

Now, restart the squid service,

sudo systemctl restart squid

Step 3: Configuration of the Firewall

If you are using a firewall and it is running then you have to allow the port of the Squid server. Use the command for that. (If you want to read more about firewall then you can follow the link HOW TO CONFIGURE FIREWALL IN CENTOS 7 AND CENTOS 8),

sudo firewall-cmd --permanent --add-port=3128/tcp

If you are using any other non-standard port, then mention that port instead of 3128. After making changes in the firewall, we have to reload the firewall settings with the below command.

 sudo firewall-cmd --reload

Step 4: Configuration of the Web browser to use Squid proxy

Squid Proxy Configuration for Firefox

The steps below are the same for Windows, macOS, and Linux.
In the upper right-hand corner, click on the hamburger icon to open Firefox’s menu:
Click on the Options link.
Scroll down to the Network Settings section and click on the Settings... button.
A new window will open.

Select the Manual proxy configuration radio button.
Enter your Squid server IP address in the HTTP Proxy Host field and 3128 in the Port field.
Select the Also use this proxy for FTP and HTTPS checkbox.
Click on the OK button to save the settings.

squid setting for firefox

The Firefox has been configured to use the Squid proxy server If you want to verify it. You can go to www.google.com and ask what my IP address is, and it will give your Squid server IP.

Squid Proxy configuration for Google Chrome,

Google chrome uses the system default proxy. To launch Chrome using a new profile, and connect to the Squid server, use the following command:

For Windows

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
--user-data-dir="%USERPROFILE%\proxy-profile" ^
--proxy-server="http://SQUID_IP:3128"

This is for Mac

"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
--user-data-dir="$HOME/proxy-profile" \
--proxy-server="http://SQUID_IP:3128"

For Linux

/usr/bin/google-chrome \
--user-data-dir="$HOME/proxy-profile" \
--proxy-server="http://SQUID_IP:3128"

The above command will create a profile if any profile does not exist with this, so if you want to verify this setting. You can go to www.google.com and ask what my IP address is, and it will give your Squid server IP.

Here, we installed and configured Squid Proxy Server. We also implemented in the client system and verified with what is my IP address.

Conclusion

In this tutorial, you learn the installation and configuration of the Squid Proxy server on Centos/RHEL 7/8. You have to follow the steps, and you can complete the installation and configuration of the Squid proxy server. I hope you understand, but if you have any questions, you can ask in the comment section.

Installation of Squid proxy server on centos 7 | Installation of Squid proxy server and configuration on centos 8 | Installation of Squid proxy server on RHEL | Installation of Squid proxy server on RHEL 7 | Installation of Squid proxy server on RHEL 8 | Installation of Squid proxy server on Centos 9 | Installation of Squid proxy server on RHEL 9 | Installation of Squid proxy server | Installation of Squid proxy server | Installation of Squid proxy server

Leave a Reply

Your email address will not be published.