How to install and configure Squid Proxy on Alma/Rocky Linux 9

In this guide we will learn how to install and configure Squid Proxy server on a Rocky Linux 9 server. This guide also works on other RHEL 9 based distros like Alma Linux and Oracle Linux.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems.

Squids reverse proxy is a service that sits between the Internet and the webserver (usually within a private network) that redirects inbound client requests to a server where data is stored for easier retrieval. If the caching server (proxy) does not have the cached data, it then forwards the request on to the web server where the data is actually stored. This type of caching allows for the collection of data and reproducing the original data values stored in a different location to provide for easier access.

A reverse proxy typically provides an additional layer of control to smooth the flow of inbound network traffic between your clients and the web server.

When selecting a computer system for use as a dedicated Squid caching proxy server, many users ensure it is configured with a large amount of physical memory (RAM) as Squid maintains an in-memory cache for increased performance.

Related posts:

Prerequisites

  • An updated Rocky Linux 9 server with at least 1GB of RAM
  • Root access to the server or user with sudo access
  • Access to the internet from the server

Table of Content

  1. Ensuring that the server is up to date
  2. Installing squid proxy server
  3. Starting and enabling the squid service
  4. Configuring your web browser
  5. Configuring squid
  6. Using squid proxy Access Control List (ACL)
  7. Using Squid to cache web pages

1. Ensuring that the server is up to date

Before proceeding, let us ensure that our server has updated packages. Use this command to achieve that:

sudo dnf update -y

2. Installing Squid proxy server

The packages providing squid proxy server are available in the default Rocky Linux repositories. Install it using this command:

sudo dnf install -y squid

Confirm that the package was installed as expected

$ rpm -qi squid
Name        : squid
Epoch       : 7
Version     : 5.2
Release     : 1.el9_0.2
Architecture: x86_64
Install Date: Sat 22 Oct 2022 02:22:19 PM UTC
Group       : Unspecified
Size        : 12244053
License     : GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
Signature   : RSA/SHA256, Thu 06 Oct 2022 10:04:43 PM UTC, Key ID 702d426d350d275d
Source RPM  : squid-5.2-1.el9_0.2.src.rpm
Build Date  : Thu 06 Oct 2022 09:45:27 PM UTC
Build Host  : pb-61839d8e-2aed-452a-afdd-d0586f7d41c9-b-x86-64
Packager    : Rocky Linux Build System (Peridot) <releng@rockylinux.org>
Vendor      : Rocky Enterprise Software Foundation
URL         : http://www.squid-cache.org
Summary     : The Squid proxy caching server
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

3. Starting and enabling the squid service

The squid proxy server will be not started by default in our Rocky Linux 8 system. Start it with this command:

sudo systemctl start squid

To check the status, issue this command:

$ sudo systemctl status squid
● squid.service - Squid caching proxy
     Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
     Active: active (running) since Sat 2022-10-22 14:22:49 UTC; 7s ago
       Docs: man:squid(8)
    Process: 515998 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
   Main PID: 516000 (squid)
      Tasks: 3 (limit: 21385)
     Memory: 15.1M
        CPU: 221ms
     CGroup: /system.slice/squid.service
             ├─516000 /usr/sbin/squid --foreground -f /etc/squid/squid.conf
             ├─516002 "(squid-1)" --kid squid-1 --foreground -f /etc/squid/squid.conf
             └─516003 "(logfile-daemon)" /var/log/squid/access.log

Oct 22 14:22:49 unstable-rockysrv systemd[1]: Starting Squid caching proxy...
Oct 22 14:22:49 unstable-rockysrv squid[516000]: Squid Parent: will start 1 kids
Oct 22 14:22:49 unstable-rockysrv squid[516000]: Squid Parent: (squid-1) process 516002 started
Oct 22 14:22:49 unstable-rockysrv systemd[1]: Started Squid caching proxy.

We can confirm that the service is running from the above command. To ensure that the service starts on boot, use the enable command:

sudo systemctl enable squid

4. Configuration for Your Web Browser

Before you make any changes to the squid configuration file, you have to change some settings in your web browser. So, open your web browser and open “network settings”, then proceed to “proxy settings”. Click on the “manual proxy” configuration, then write the **IP_Address **of your squid proxy server in the HTTP proxy bar and port no (by default, squid proxy port is 3128). Now, the squid proxy will go through your IP_Address. You can check it by typing any URL in your web browser; it will give you an error saying access denied, and to allow the access, we have to make changes in the squid configuration file.

5. Configuring Squid

The default Squid configuration file is located in the /etc/squid/ directory, and the main configuration file is called squid.conf. This file contains the bulk of the configuration directives that can be modified to change the behaviour of Squid. The lines that begin with a #, are commented out or not read by the file. These comments are provided to explain what the related configuration settings mean.

To edit the configuration file, let’s start by taking a backup of the original file, in case we need to revert any changes if something goes wrong or use it to compare the new file configurations.

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

Now that a copy has been made as a backup file, we can make changes in the “squid.conf” file.

To open “squid.conf” file in vim, type this command:

sudo vim /etc/squid/squid.conf

Go to the line

http_access deny all

Change it to:

http_access allow all

You will have to restart the squid proxy server for the changes to apply. Use this command:

sudo systemctl restart squid

Now, check your web browser again, type any URL, and it should be working.

6. Using squid proxy ACL (Access Control List)

We can also use Squid as to control access to different websites(web traffic) by either allowing or blocking them. To do so, go to the line acl CONNECT method CONNECT.

And below this line, write the ACL (access control list) to block the websites you want.

acl block_websites dstdomain .facebook.com .youtube.com .instagram.com

Then deny the statement.

http_access deny block_websites

Save the changes, and to check whether your blocked websites are blocked or not, restart your squid service and verify the URL in your web browser.

You can also block a user from downloading specific files like audio and video files using ACL.

acl  media_files  urlpath_regex -i  \.(mp3|mp4|FLV|AVI|MKV)

It will prevent the user from downloading audio or video files with extensions like mp3, mp4, FLV, etc. Add any file extension you want to prevent from downloading. Now, below this line, write the deny statement.

http_access deny media_files

The media files will then be blocked from downloading.

7. Using Squid to Cache web pages

Proxy servers are also used for boosting the network performance by loading the web page faster by caching the website’s data. You can also change the directory location where cached data should be stored. Moreover, you can also change the cache file size and no. of directories in which data would be saved.

To make changes, open squid.conf file and go to the following line:

#cache_dir ufs /var/spool/squid 100 16 256

This line will be commented by default, so uncomment this line by removing the # sign.

In the above line, there is a phrase “100 16 256”. The 100 shows the size of the cache file, and you may change it to any size like 300. 16 shows the number of directories in which the cache file is saved. **256 **shows the no. of subdirectories.

cache_dir ufs /var/spool/squid 100 16 256

You can also change the size of the cache file by adding the following line in the “squid.conf” file:

cache_mem 300 MB

If you want to change the path of the cache file directory, create new dir structure using this command:

sudo mkdir -p /path/where/you/want/to/place/file

To change the ownership of the cache directory to squid proxy, you have to execute this command:

sudo chown -R proxy:proxy /path/where/you/want/to/place/file

Now, stop the squid service using this command:

sudo systemctl stop squid

And then run the command with this command to make the missing cache directories in the new cache directory:

sudo squid -z

Now, start the squid service again using the command below:

sudo systemctl start squid

Wrapping up

We have managed to install and configure squid proxy server in this guide. Squid proxy is a very good tool that can be used in organizations or by small internet service providers to control web traffic and internet access. It boosts web browsing speed and provides security mechanisms for web traffic.

Last updated on Oct 14, 2024 11:46 +0300
comments powered by Disqus
Citizix Ltd
Built with Hugo
Theme Stack designed by Jimmy