How to install and configure Squid Proxy on OpenSUSE Leap 11

In this guide we will learn how to install and configure Squid Proxy server on a OpenSUSE Leap server.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems.

Squids reverse proxy is a service that sits between the Internet and the webserver (usually within a private network) that redirects inbound client requests to a server where data is stored for easier retrieval. If the caching server (proxy) does not have the cached data, it then forwards the request on to the web server where the data is actually stored. This type of caching allows for the collection of data and reproducing the original data values stored in a different location to provide for easier access.

A reverse proxy typically provides an additional layer of control to smooth the flow of inbound network traffic between your clients and the web server.

When selecting a computer system for use as a dedicated Squid caching proxy server, many users ensure it is configured with a large amount of physical memory (RAM) as Squid maintains an in-memory cache for increased performance.

Related posts:

Prerequisites

  • An updated OpenSUSE Leap 15.3 server with at least 1GB of RAM
  • Root access to the server or user with sudo access
  • Access to the internet from the server

Table of Content

  1. Ensuring that the server is up to date
  2. Installing squid proxy server
  3. Starting and enabling the squid service
  4. Configuring your web browser
  5. Configuring squid
  6. Using squid proxy Access Control List (ACL)
  7. Using Squid to cache web pages

1. Ensuring that the server is up to date

Before proceeding, let us ensure that our server has updated packages. Use this command to achieve that:

sudo zypper refresh
sudo zypper update -y

2. Installing Squid proxy server

The packages providing squid proxy server are available in the default OpenSUSE repositories. Install it using this command:

sudo zypper install -y squid

Confirm that the package was installed as expected

~> rpm -qi squid
Name        : squid
Version     : 4.17
Release     : 5.29.1
Architecture: x86_64
Install Date: Wed Jan 12 19:42:41 2022
Group       : Productivity/Networking/Web/Proxy
Size        : 12194949
License     : GPL-2.0-or-later
Signature   : RSA/SHA256, Fri Oct  8 12:37:03 2021, Key ID 70af9e8139db7c82
Source RPM  : squid-4.17-5.29.1.src.rpm
Build Date  : Fri Oct  8 12:35:34 2021
Build Host  : goat18
Relocations : (not relocatable)
Packager    : https://www.suse.com/
Vendor      : SUSE LLC <https://www.suse.com/>
URL         : http://www.squid-cache.org
Summary     : Caching and forwarding HTTP web proxy
Description :
Squid is a caching proxy for the Web supporting HTTP(S), FTP, and
some others. It reduces bandwidth and improves response times by
caching and reusing frequently-requested web pages. Squid has
extensive access controls and can also be used as a server
accelerator.
Distribution: SUSE Linux Enterprise 15

3. Starting and enabling the squid service

The squid proxy server will be not started by default in our OpenSUSE system. Start it with this command:

sudo systemctl start squid

To check the status, issue this command:

~> sudo systemctl status squid
● squid.service - Squid caching proxy
     Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
     Active: active (running) since Wed 2022-01-12 19:50:59 UTC; 12s ago
       Docs: man:squid(8)
    Process: 16568 ExecStartPre=/usr/lib/squid/initialize_cache_if_needed.sh (code=exited, status=0/SUCCESS)
    Process: 16572 ExecStart=/usr/sbin/squid -FC (code=exited, status=0/SUCCESS)
   Main PID: 16573 (squid)
      Tasks: 4 (limit: 4587)
     CGroup: /system.slice/squid.service
             ├─16573 /usr/sbin/squid -FC
             ├─16575 (squid-1) --kid squid-1 -FC
             ├─16576 (logfile-daemon) /var/log/squid/access.log
             └─16577 (pinger)

Jan 12 19:50:59 dev-susesrv.inv.re systemd[1]: Starting Squid caching proxy...
Jan 12 19:50:59 dev-susesrv.inv.re squid[16573]: Squid Parent: will start 1 kids
Jan 12 19:50:59 dev-susesrv.inv.re squid[16573]: Squid Parent: (squid-1) process 16575 started
Jan 12 19:50:59 dev-susesrv.inv.re systemd[1]: Started Squid caching proxy.

We can confirm that the service is running from the above command. To ensure that the service starts on boot, use the enable command:

sudo systemctl enable squid

4. Configuration for Your Web Browser

Before you make any changes to the squid configuration file, you have to change some settings in your web browser. So, open your web browser and open “network settings”, then proceed to “proxy settings”. Click on the “manual proxy” configuration, then write the **IP_Address **of your squid proxy server in the HTTP proxy bar and port no (by default, squid proxy port is 3128). Now, the squid proxy will go through your IP_Address. You can check it by typing any URL in your web browser; it will give you an error saying access denied, and to allow the access, we have to make changes in the squid configuration file.

5. Configuring Squid

The default Squid configuration file is located in the /etc/squid/ directory, and the main configuration file is called squid.conf. This file contains the bulk of the configuration directives that can be modified to change the behaviour of Squid. The lines that begin with a #, are commented out or not read by the file. These comments are provided to explain what the related configuration settings mean.

To edit the configuration file, let’s start by taking a backup of the original file, in case we need to revert any changes if something goes wrong or use it to compare the new file configurations.

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

Now that a copy has been made as a backup file, we can make changes in the “squid.conf” file.

To open “squid.conf” file in vim, type this command:

sudo vim /etc/squid/squid.conf

Go to the line

http_access deny all

Change it to:

http_access allow all

You will have to restart the squid proxy server for the changes to apply. Use this command:

sudo systemctl restart squid

Now, check your web browser again, type any URL, and it should be working.

6. Using squid proxy ACL (Access Control List)

We can also use Squid as to control access to different websites(web traffic) by either allowing or blocking them. To do so, go to the line acl CONNECT method CONNECT.

And below this line, write the ACL (access control list) to block the websites you want.

acl block_websites dstdomain .facebook.com .youtube.com .instagram.com

Then deny the statement.

http_access deny block_websites

Save the changes, and to check whether your blocked websites are blocked or not, restart your squid service and verify the URL in your web browser.

You can also block a user from downloading specific files like audio and video files using ACL.

acl  media_files  urlpath_regex -i  \.(mp3|mp4|FLV|AVI|MKV)

It will prevent the user from downloading audio or video files with extensions like mp3, mp4, FLV, etc. Add any file extension you want to prevent from downloading. Now, below this line, write the deny statement.

http_access deny media_files

The media files will then be blocked from downloading.

7. Using Squid to Cache web pages

Proxy servers are also used for boosting the network performance by loading the web page faster by caching the website’s data. You can also change the directory location where cached data should be stored. Moreover, you can also change the cache file size and no. of directories in which data would be saved.

To make changes, open squid.conf file and go to the following line:

#cache_dir ufs /var/cache/squid 100 16 256

This line will be commented by default, so uncomment this line by removing the # sign.

In the above line, there is a phrase “100 16 256”. The 100 shows the size of the cache file, and you may change it to any size like 300. 16 shows the number of directories in which the cache file is saved. **256 **shows the no. of subdirectories.

cache_dir ufs /var/cache/squid 100 16 256

You can also change the size of the cache file by adding the following line in the “squid.conf” file:

cache_mem 300 MB

If you want to change the path of the cache file directory, create new dir structure using this command:

sudo mkdir -p /path/where/you/want/to/place/file

To change the ownership of the cache directory to squid proxy, you have to execute this command:

sudo chown -R proxy:proxy /path/where/you/want/to/place/file

Now, stop the squid service using this command:

sudo systemctl stop squid

And then run the command with this command to make the missing cache directories in the new cache directory:

sudo squid -z

Now, start the squid service again using the command below:

sudo systemctl start squid

Wrapping up

We have managed to install and configure squid proxy server in this guide. Squid proxy is a very good tool that can be used in organizations or by small internet service providers to control web traffic and internet access. It boosts web browsing speed and provides security mechanisms for web traffic.

Last updated on Mar 20, 2024 16:36 +0300
comments powered by Disqus
Built with Hugo
Theme Stack designed by Jimmy