Install Squid Proxy Server on Rocky Linux 8 and AlmaLinux 8

Install Squid Proxy Server on Rocky Linux 8 and AlmaLinux 8

Squid is a caching and forwarding HTTP web proxy. Squid has a lot of features, and it is used in variety of situations such as speeding up web server by caching repeated requests, caching web and dns lookups, filtering traffic, blocking websites, etc. It is written in C++ and distributed under GNU GPL license.

Squid is considered as the most reliable content control software and has been used by many organizations since last 2 decades.

In this article, we are installing Squid proxy server on Rocky Linux 8 or AlmaLinux 8. Although, there are too many similar articles already available on the web. But we write this article to include the minor (but important) steps, that are usually overlooked by the other writers.

This article is strongly emphasizes on the installation and initial configuration of the Squid proxy server on Rocky Linux 8 or AlmaLinux 8. Therefore, if you are willing to configure some advance settings in Squid proxy then we strongly recommend you to purchase Squid Proxy Server 3.1: Beginner’s Guide by Packt Publishing.

Environment Specification:

We have provisioned a Rocky Linux 8 or AlmaLinux 8 virtual machine with following specification.

  • CPU – 3.4 Ghz (1 Core)
  • Memory – 1 GB
  • Storage – 20 GB
  • Operating System – Rocky Linux 8, AlmaLinux 8
  • Hostname – squid-proxy-01.example.com
  • IP Address – 192.168.116.214/24

Installing Squid Web Proxy on Rocky Linux 8 or AlmaLinux 8 :

Connect with squid-proxy-01.example.com using ssh as root user.

Squid software package is available in standard yum repositories, therefore, we are installing Squid proxy using yum command.

[root@squid-proxy-01 ~]# yum install -y squid
...
Installed:
  squid.x86_64 7:3.5.20-12.el7_6.1

Dependency Installed:
  libecap.x86_64 0:1.0.0-1.el7
  perl.x86_64 4:5.16.3-294.el7_6
  perl-Carp.noarch 0:1.26-244.el7
  perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
  perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7
  perl-DBI.x86_64 0:1.627-4.el7
  perl-Data-Dumper.x86_64 0:2.145-3.el7
  perl-Digest.noarch 0:1.17-245.el7
  perl-Digest-MD5.x86_64 0:2.52-3.el7
  perl-Encode.x86_64 0:2.51-7.el7
  perl-Exporter.noarch 0:5.68-3.el7
  perl-File-Path.noarch 0:2.09-2.el7
  perl-File-Temp.noarch 0:0.23.01-3.el7
  perl-Filter.x86_64 0:1.49-3.el7
  perl-Getopt-Long.noarch 0:2.40-3.el7
  perl-HTTP-Tiny.noarch 0:0.033-3.el7
  perl-IO-Compress.noarch 0:2.061-2.el7
  perl-Net-Daemon.noarch 0:0.48-5.el7
  perl-PathTools.x86_64 0:3.40-5.el7
  perl-PlRPC.noarch 0:0.2020-14.el7
  perl-Pod-Escapes.noarch 1:1.04-294.el7_6
  perl-Pod-Perldoc.noarch 0:3.20-4.el7
  perl-Pod-Simple.noarch 1:3.28-4.el7
  perl-Pod-Usage.noarch 0:1.63-3.el7
  perl-Scalar-List-Utils.x86_64 0:1.27-248.el7
  perl-Socket.x86_64 0:2.010-4.el7
  perl-Storable.x86_64 0:2.45-3.el7
  perl-Text-ParseWords.noarch 0:3.29-4.el7
  perl-Time-HiRes.x86_64 4:1.9725-3.el7
  perl-Time-Local.noarch 0:1.2300-2.el7
  perl-constant.noarch 0:1.27-2.el7
  perl-libs.x86_64 4:5.16.3-294.el7_6
  perl-macros.x86_64 4:5.16.3-294.el7_6
  perl-parent.noarch 1:0.225-244.el7
  perl-podlators.noarch 0:2.5.1-3.el7
  perl-threads.x86_64 0:1.87-4.el7
  perl-threads-shared.x86_64 0:1.43-6.el7
  squid-migration-script.x86_64 7:3.5.20-12.el7_6.1

Complete!

Enable and start Squid proxy service.

[root@squid-proxy-01 ~]# systemctl enable --now squid.service
Created symlink from /etc/systemd/system/multi-user.target.wants/squid.service to /usr/lib/systemd/system/squid.service.

Allow Squid proxy service in Rocky Linux 8 or AlmaLinux 8 firewall.

[root@squid-proxy-01 ~]# firewall-cmd --permanent --add-service=squid
success
[root@squid-proxy-01 ~]# firewall-cmd --reload
success

Configure Squid Web Proxy on Rocky Linux 8 or AlmaLinux 8 :

Global configuration file for Squid web proxy is /etc/squid/squid.conf. We can customize it according to our requirement.

[root@squid-proxy-01 ~]# vi /etc/squid/squid.conf

Add following directives therein.

dns_v4_first on

Restart Squid proxy service to load changes.

[root@squid-proxy-01 ~]# systemctl restart squid

Configure Client’s Browser to use Squid Proxy:

Start the client browser and add our Squid proxy in its settings.

To do this, open Internet Explorer and go to Internet Options.

01-install-squid-proxy-client-settings

Go to Connections Tab and click on LAN settings.

Install Squid Proxy Server on Rocky Linux 8 and AlmaLinux 8

Enter Squid Proxy IP Address and Port in the above dialog box.

Click on OK to exit from Internet options.

Browse https://ahmermansoor.blogspot.com in Internet Explorer.

03-install-squid-proxy-browse-website

The above website has been served through our Squid proxy server.

Configure Squid Client Authentication:

We can use HTTP basic authentication to configure user based authentication for Squid proxy server.

Install httpd-tools package using yum command.

[root@squid-proxy-01 ~]# yum install -y httpd-tools
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.ges.net.pk
 * extras: mirrors.ges.net.pk
 * updates: mirrors.ges.net.pk
Resolving Dependencies
--> Running transaction check
---> Package httpd-tools.x86_64 0:2.4.6-90.el7.centos will be installed
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-tools-2.4.6-90.el7.centos.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-tools-2.4.6-90.el7.centos.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-5.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package            Arch          Version                     Repository   Size
================================================================================
Installing:
 httpd-tools        x86_64        2.4.6-90.el7.centos         base         91 k
Installing for dependencies:
 apr                x86_64        1.4.8-5.el7                 base        103 k
 apr-util           x86_64        1.5.2-6.el7                 base         92 k

Transaction Summary
================================================================================
Install  1 Package (+2 Dependent packages)

Total download size: 286 k
Installed size: 584 k
Downloading packages:
(1/3): httpd-tools-2.4.6-90.el7.centos.x86_64.rpm          |  91 kB   00:00
(2/3): apr-util-1.5.2-6.el7.x86_64.rpm                     |  92 kB   00:01
(3/3): apr-1.4.8-5.el7.x86_64.rpm                          | 103 kB   00:02
--------------------------------------------------------------------------------
Total                                               96 kB/s | 286 kB  00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : apr-1.4.8-5.el7.x86_64                                       1/3
  Installing : apr-util-1.5.2-6.el7.x86_64                                  2/3
  Installing : httpd-tools-2.4.6-90.el7.centos.x86_64                       3/3
  Verifying  : apr-1.4.8-5.el7.x86_64                                       1/3
  Verifying  : httpd-tools-2.4.6-90.el7.centos.x86_64                       2/3
  Verifying  : apr-util-1.5.2-6.el7.x86_64                                  3/3

Installed:
  httpd-tools.x86_64 0:2.4.6-90.el7.centos

Dependency Installed:
  apr.x86_64 0:1.4.8-5.el7             apr-util.x86_64 0:1.5.2-6.el7

Complete!

Create the password file and add squiduser user therein.

[root@squid-proxy-01 ~]# htpasswd -c /etc/squid/passwd squiduser
New password:
Re-type new password:
Adding password for user squiduser

Change owner of the passwd file.

[root@squid-proxy-01 ~]# chown squid.squid /etc/squid/passwd

Now, edit Squid configuration file and add Client authentication settings.

[root@squid-proxy-01 ~]# vi /etc/squid/squid.conf

Add following directives after the ports’ ACLs.

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users

Restart Squid proxy service to take changes into effect.

[root@squid-proxy-01 ~]# systemctl restart squid

Open the URL https://ahmermansoor.blogspot.com in the client’s browser.

04-install-squid-proxy-client-authentication-login

This time, it is prompting for the authentication.

Tutorial on Using the Timeout Command on Linux

Creating a custom Blacklist to block websites thru Squid Proxy:

Create a blacklist file to block websites.

[root@squid-proxy-01 ~]# vi /etc/squid/blacklist

and add following URLs therein.

.yahoo.com
.facebook.com

Edit Squid proxy configuration file to add blacklist settings.

[root@squid-proxy-01 ~]# vi /etc/squid/squid.conf

add following directives after the ports’ ACLs.

acl bad_urls dstdomain "/etc/squid/blacklist"
http_access deny bad_urls

Restart Squid proxy service to load changes.

[root@squid-proxy-01 ~]# systemctl restart squid

Browse URL http://www.yahoo.com in client’s browser.

05-install-squid-proxy-blacklisted-website

You can see that the http://www.yahoo.com has been blocked by our Squid proxy server.

We have successfully installed Squid proxy server on Rocky Linux 8 or AlmaLinux 8

Be the first to comment

Leave a Reply

Your email address will not be published.


*