In this guide we will learn how to install and configure Squid Proxy server on a Rocky Linux 9 server. This guide also works on other RHEL 9 based distros like Alma Linux and Oracle Linux.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems.
Squids reverse proxy is a service that sits between the Internet and the webserver (usually within a private network) that redirects inbound client requests to a server where data is stored for easier retrieval. If the caching server (proxy) does not have the cached data, it then forwards the request on to the web server where the data is actually stored. This type of caching allows for the collection of data and reproducing the original data values stored in a different location to provide for easier access.
A reverse proxy typically provides an additional layer of control to smooth the flow of inbound network traffic between your clients and the web server.
When selecting a computer system for use as a dedicated Squid caching proxy server, many users ensure it is configured with a large amount of physical memory (RAM) as Squid maintains an in-memory cache for increased performance.
- How to install and configure Squid Proxy on Rocky Linux/Alma Linux 8
- How to install and configure Squid Proxy on Ubuntu 20.04
- How to install and configure Squid Proxy on Debian 11
- How to install and configure Squid Proxy on OpenSUSE Leap 11
- An updated Rocky Linux 9 server with at least 1GB of RAM
- Root access to the server or user with sudo access
- Access to the internet from the server
Table of Content
- Ensuring that the server is up to date
- Installing squid proxy server
- Starting and enabling the squid service
- Configuring your web browser
- Configuring squid
- Using squid proxy Access Control List (ACL)
- Using Squid to cache web pages
1. Ensuring that the server is up to date
Before proceeding, let us ensure that our server has updated packages. Use this command to achieve that:
sudo dnf update -y
2. Installing Squid proxy server
The packages providing squid proxy server are available in the default Rocky Linux repositories. Install it using this command:
sudo dnf install -y squid
Confirm that the package was installed as expected
$ rpm -qi squid Name : squid Epoch : 7 Version : 5.2 Release : 1.el9_0.2 Architecture: x86_64 Install Date: Sat 22 Oct 2022 02:22:19 PM UTC Group : Unspecified Size : 12244053 License : GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain) Signature : RSA/SHA256, Thu 06 Oct 2022 10:04:43 PM UTC, Key ID 702d426d350d275d Source RPM : squid-5.2-1.el9_0.2.src.rpm Build Date : Thu 06 Oct 2022 09:45:27 PM UTC Build Host : pb-61839d8e-2aed-452a-afdd-d0586f7d41c9-b-x86-64 Packager : Rocky Linux Build System (Peridot) <[email protected]> Vendor : Rocky Enterprise Software Foundation URL : http://www.squid-cache.org Summary : The Squid proxy caching server Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.
3. Starting and enabling the squid service
The squid proxy server will be not started by default in our Rocky Linux 8 system. Start it with this command:
sudo systemctl start squid
To check the status, issue this command:
$ sudo systemctl status squid ● squid.service - Squid caching proxy Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2022-10-22 14:22:49 UTC; 7s ago Docs: man:squid(8) Process: 515998 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS) Main PID: 516000 (squid) Tasks: 3 (limit: 21385) Memory: 15.1M CPU: 221ms CGroup: /system.slice/squid.service ├─516000 /usr/sbin/squid --foreground -f /etc/squid/squid.conf ├─516002 "(squid-1)" --kid squid-1 --foreground -f /etc/squid/squid.conf └─516003 "(logfile-daemon)" /var/log/squid/access.log Oct 22 14:22:49 unstable-rockysrv systemd: Starting Squid caching proxy... Oct 22 14:22:49 unstable-rockysrv squid: Squid Parent: will start 1 kids Oct 22 14:22:49 unstable-rockysrv squid: Squid Parent: (squid-1) process 516002 started Oct 22 14:22:49 unstable-rockysrv systemd: Started Squid caching proxy.
We can confirm that the service is running from the above command. To ensure that the service starts on boot, use the enable command:
sudo systemctl enable squid
4. Configuration for Your Web Browser
Before you make any changes to the squid configuration file, you have to change some settings in your web browser. So, open your web browser and open “network settings”, then proceed to “proxy settings”. Click on the “manual proxy” configuration, then write the **IP_Address **of your squid proxy server in the HTTP proxy bar and port no (by default, squid proxy port is 3128). Now, the squid proxy will go through your IP_Address. You can check it by typing any URL in your web browser; it will give you an error saying access denied, and to allow the access, we have to make changes in the squid configuration file.
5. Configuring Squid
The default Squid configuration file is located in the
/etc/squid/ directory, and the main configuration file is called
squid.conf. This file contains the bulk of the configuration directives that can be modified to change the behaviour of Squid. The lines that begin with a
#, are commented out or not read by the file. These comments are provided to explain what the related configuration settings mean.
To edit the configuration file, let’s start by taking a backup of the original file, in case we need to revert any changes if something goes wrong or use it to compare the new file configurations.
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
Now that a copy has been made as a backup file, we can make changes in the “squid.conf” file.
To open “squid.conf” file in vim, type this command:
sudo vim /etc/squid/squid.conf
Go to the line
http_access deny all
Change it to:
http_access allow all
You will have to restart the squid proxy server for the changes to apply. Use this command:
sudo systemctl restart squid
Now, check your web browser again, type any URL, and it should be working.
6. Using squid proxy ACL (Access Control List)
We can also use Squid as to control access to different websites(web traffic) by either allowing or blocking them. To do so, go to the line
acl CONNECT method CONNECT.
And below this line, write the ACL (access control list) to block the websites you want.
acl block_websites dstdomain .facebook.com .youtube.com .instagram.com
Then deny the statement.
http_access deny block_websites
Save the changes, and to check whether your blocked websites are blocked or not, restart your squid service and verify the URL in your web browser.
You can also block a user from downloading specific files like audio and video files using ACL.
acl media_files urlpath_regex -i \.(mp3|mp4|FLV|AVI|MKV)
It will prevent the user from downloading audio or video files with extensions like mp3, mp4, FLV, etc. Add any file extension you want to prevent from downloading. Now, below this line, write the deny statement.
http_access deny media_files
The media files will then be blocked from downloading.
7. Using Squid to Cache web pages
Proxy servers are also used for boosting the network performance by loading the web page faster by caching the website’s data. You can also change the directory location where cached data should be stored. Moreover, you can also change the cache file size and no. of directories in which data would be saved.
To make changes, open
squid.conf file and go to the following line:
#cache_dir ufs /var/spool/squid 100 16 256
This line will be commented by default, so uncomment this line by removing the
In the above line, there is a phrase “100 16 256”. The 100 shows the size of the cache file, and you may change it to any size like 300. 16 shows the number of directories in which the cache file is saved. **256 **shows the no. of subdirectories.
cache_dir ufs /var/spool/squid 100 16 256
You can also change the size of the cache file by adding the following line in the “squid.conf” file:
cache_mem 300 MB
If you want to change the path of the cache file directory, create new dir structure using this command:
sudo mkdir -p /path/where/you/want/to/place/file
To change the ownership of the cache directory to squid proxy, you have to execute this command:
sudo chown -R proxy:proxy /path/where/you/want/to/place/file
Now, stop the squid service using this command:
sudo systemctl stop squid
And then run the command with this command to make the missing cache directories in the new cache directory:
sudo squid -z
Now, start the squid service again using the command below:
sudo systemctl start squid
We have managed to install and configure squid proxy server in this guide. Squid proxy is a very good tool that can be used in organizations or by small internet service providers to control web traffic and internet access. It boosts web browsing speed and provides security mechanisms for web traffic.