Do you need to install Squid on your CentOS  server? This guide will help you.

Squid is a simple caching and forwarding HTTP web proxy which can enhance the speed of a web server.

Here at LinuxAPT, as part of our Server Management Services, we regularly help our customers to Perform Software Installation tasks on their Servers.

In this context, we shall look into how to install and configure Squid Proxy on CentOS 7.

Steps to follow to install Squid proxy on CentOS 7?

In a CentOS 7 machine, the squid package is available by default. To install it, Log into your server via an ssh tool such as putty on your system and run the command below;

sudo yum install squid

After the installation is completed, you need to start and enable the Squid service by running the commands below;

sudo systemctl start squid
sudo systemctl enable squid

Now, verify if the installation was properly done, check the status of the squid service by running the command below;

sudo systemctl status squid

If running, you will get an output like this;

squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-10-31 16:47:56 UTC; 12s ago

How to configure Squid on CentOS 7?

In order to configure Squid, you need to modify its configuration file "/etc/squid/squid.conf". To include additional files with configuration options, the directive "include" can be used.

It is important to make a backup of the configuration file before making changes. To do this, run the command below;

sudo cp /etc/squid/squid.conf{,.orginal}

Next, edit the configuration file by running the command below;

sudo nano /etc/squid/squid.conf

Squid Service listens to the port 3128 by default for all network interfaces on the Server.

This port can be changes by setting the listening interface in the line "http_port" where you can specify the interface IP address and the new port as desired. 

To make squid listen on all interfaces, you can do so by not specifying any interface. This is good for most users.

The squid configuration file looks like this;

# Squid normally listens to port 3128
http_port IP_ADDR:PORT

Access to the squid server can be controlled by means of the Access Control Lists (ACLs). By default, Squid permits access only from localnet and localhost.

You can create an ACL to include the allowed IPs if all of the clients that will use the proxy have a static IP address.

You can create a dedicated config file that will regulate IPs communication instead of adding the IP addresses to the main Squid configuration file.

To do this, run the command below;

sudo vi /etc/squid/allowed_ips.txt

Then add the IP address to this file. It will look like this;

IP_addresses_here
# All other allowed IPs

Note that "IP_addresses_here" should be replaced with your actual IP address. After this, open squid configuration file "/etc/squid/squid.conf" and create a new ACL with name "allowed_ips". Now allow access to the ACL with the directive "http_access". It will look like this;

# ...
acl allowed_ips src "/etc/squid/allowed_ips.txt"
# ...
http_access allow localnet
http_access allow localhost
http_access allow allowed_ips
# And finally deny all other access to this proxy
http_access deny all

Just as a firewall rule is important to the Server, in a similar way, the directive "http_access" serves the same purpose to squid.

Squid interprets the rules from top to bottom and once a rule is matched this way, it takes effect and neglect others below.

To make the changes made to squid take effect, you need to restart the squid service. To do this run the command below;

sudo systemctl restart squid

Working with Squid Authentication

To authenticate users, squid can use different back ends such as LDAP, Samba, and HTTP basic auth.

In this instance, we will configure Squid to use basic auth.

Basic Auth is a simple authentication method built into the HTTP protocol.

With openssl, we will generate the passwords and append the username:password pair in the squid htpasswd file "/etc/squid/htpasswd". To do this, run the tee command as shown below;

printf "USERNAME:$(openssl passwd -crypt PASSWORD)\n" | sudo tee -a /etc/squid/htpasswd

For example, to create a user named "john" with password "G@3hPJ96", the run the command below;

printf "john:$(openssl passwd -crypt 'G@3hPJ96')\n" | sudo tee -a /etc/squid/htpasswd
john:2nkgQsTSPCsIo

Next, configure Squid to enable the HTTP basic authentication. Open squid configuration file by running the command below;

sudo vi /etc/squid/squid.conf

The file will look like this;

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# ...
http_access allow localnet
http_access allow localhost
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all

From the above details, the first three lines shows that we are creating a new ACL named "authenticated". The last highlighted line allows access to authenticated users.

After setting up, save file and restart the squid service by running the command below;

sudo systemctl restart squid

How to configure Squid Firewall?

Start by opening port 3128 if you are running a firewall by running the commands below;

sudo firewall-cmd --permanent --add-port=3128/tcp
firewall-cmd --reload

How to configure web Browser to use Proxy?

We can configure Squid to work with Browsers such as Mozilla Firefox and Google Chrome.

In Firefox, follow the steps below which applies to Windows, MacOS and Linux as well;

i. Look out for a hamburger looking icon in the top right-hand corner of the browser and click on it to open Firefox's menu.

ii. Next, click on the Preference link.

iii. Now scroll down to the Network Settings section and click on the Settings button.

iv. Here, a new window will be opened where you should select the Manual Proxy configuration radio button.

v. Next enter the Squid server IP address in the HTTP Host field and the port should be set to "3128".

vi. Now, select the Use this proxy server for all protocols check box.

vii. Finally, click on the OK button to save the settings.

Now Firefox will be configured to use the Squid Server. To confirm, open google,com and type "What is my IP" and you will see that it is now your Squid Server IP address.

To revert back to the original settings, navigate to the Network settings of your browser and select the Use system proxy settings radio button and save the settings to effect changes.

For Google Chrome, you can either use an addon such as "SwitchOmega" or start Chrome web browser from the command line.

To launch Chrome via a new profile, make a connection to the Squid server by running the commands below.

In Linux, run the command below;

/usr/bin/google-chrome \
--user-data-dir="$HOME/proxy-profile" \
--proxy-server="http://SQUID_IP:3128"

In macOS, run the command below;

"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
--user-data-dir="$HOME/proxy-profile" \
--proxy-server="http://SQUID_IP:3128"

In Windows, run the command below;

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
--user-data-dir="%USERPROFILE%\proxy-profile" ^
--proxy-server="http://SQUID_IP:3128"

Now the profile will be created automatically if it does not exist. You can even run multiple instances of Chrome at the same time.

To confirm that the proxy is working properly, test it by opening the URL "google.com" and search the term "what is my IP". Then the Squid IP address should be displayed for you to see.

Need support in installing Squid on CentOS 7? We are available to help you today.