Install and Configure Squid Proxy on AlmaLinux 9

This guide intends to teach you to Install and Configure Squid Proxy on AlmaLinux 9.

A Squid Proxy Cache Server is a caching server that also acts as a forward proxy. Once Squid Proxy Server is installed on a network, the client’s web browsers can be configured to use it as an HTTP proxy server which allows Squid to cache copies of the request results returned to them. When requests are repeated for the same results it is then served to the client from the cached copies and not from the original data source. This results in reduced access time as well as lower bandwidth consumption.

Steps To Install and Configure Squid Proxy on AlmaLinux 9

To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. For this purpose, you can follow our guide on Initial Server Setup with AlmaLinux 9.

Also, you need a domain name that is pointed to your server’s IP address.

Install Squid on AlmaLinux 9

By default, squid is available in the default AlmaLinux repository. First, update your local package index with the following command:

sudo dnf update -y

Then, use the following command to install the Epel repository on your server:

sudo dnf install epel-release -y

Now you can use the following command to install Squid proxy:

sudo dnf install squid -y

Verify your installation by checking the Squid version:

squid --version
Output
Squid Cache: Version 5.5
Service Name: squid

This binary uses OpenSSL 3.0.1 14 Dec 2021. For legal restrictions on distribution see https://www.openssl.org/source/license.html
...

Start and Enable Squid Service

Next, start and enable Squid service to start on boot with the following commands:

# sudo systemctl start squid.service
# sudo systemctl enable squid.service

To check that Squid is active and running on AlmaLinux 9, run the following command:

sudo systemctl status squid.service

In your output you will see:

Output
● squid.service - Squid caching proxy
     Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor pre>
     Active: active (running) since Sun 2023-02-05 03:09:51 EST; 23s ago
       Docs: man:squid(8)
   Main PID: 72837 (squid)
      Tasks: 3 (limit: 23609)
     Memory: 15.9M
        CPU: 293ms
     CGroup: /system.slice/squid.service
...

Configure Squid Proxy for Clients Connection

Now you need to make some configuration changes in the Squid configuration file on your server to allow clients to connect to Squid from outside this server.

Open the file with your favorite text editor, here we use vi:

sudo vi /etc/squid/squid.conf

Find the lines below in the file:

...
http_access allow localhost
... http_access deny all
...

You can change the deny all to allow all and anyone can connect to your proxy server. But it’s not recommended to do that. You can add the line below and define your IP address to connect to the Squid proxy.

You can find your IP address from the What’s My IP?

Then, add the below line above the http_access allow localhost line.

...
acl localnet src your_ip_address
http_access allow localhost
...
http_access deny all
...

When you are done, save and close the file.

Restrict Access To Squid Proxy on AlmaLinux 9

At this point, you need to secure your Squid proxy. Squid allows you to create username-password pairs using built-in Linux functionality, as an additional or an alternative step to restricting access to your proxy by IP address.

First, you need to install some utilities from Apache in order to have access to a password generator that squid likes:

sudo dnf -y install httpd-tools

Then, you can use the htpasswd command to generate a password for your new Squid user on AlmaLinux 9:

sudo htpasswd -c /etc/squid/passwords your_squid_username

You will be asked to enter a password for your Squid user.

Output
New password:
Re-type new password:
Adding password for user orcacore

This command will store your username along with a hash of your new password in /etc/squid/passwords, which will be used as an authentication source by Squid.

You can use the following command to see what that looks like:

sudo cat /etc/squid/passwords
Output
orcacore:$apr1$4BjAnxkU$nUdvL6Pj5lEQc9aCmyAWu.

Now you need to open the Squid configuration file on AlmaLinux 9 again with your favorite text editor, here we use vi:

sudo vi /etc/squid/squid.conf

Add the following directives after the ports’ ACLs:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users

When you are done, save and close the file.

To apply the changes, restart your Squid service on AlmaLinux 9:

sudo systemctl restart squid.service

Configure Firewall For Squid Proxy

We assumed that you have enabled the firewalld. Now you need to open port 3128 through the firewall with the following command:

sudo firewall-cmd --add-service=squid --permanent

Reload the firewall to apply the new rules:

sudo firewall-cmd --reload

Connect through Squid Proxy

To display your Squid server, you can use the curl command on AlmaLinux 9. To do this, run the following command:

curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 http://www.google.com/

In your output you will see:

Output
*   Trying server-ip:3128...
* Connected to server-ip (...) port 3128 (#0)
* Proxy auth using Basic with user 'orcacore'
> GET http://www.google.com/ HTTP/1.1
> Host: www.google.com
> Proxy-Authorization: Basic b3JjYWNvcmU6cWF6aTEyMw==
> User-Agent: curl/7.76.1
> Accept: */*
> Proxy-Connection: Keep-Alive
>
...

Also, you can access HTTPs sites with your Squid proxy without any configuration changes on AlmaLinux 9.

curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 https://www.google.com/

In your output you will see:

Output
*   Trying ...:3128...
* Connected to ... (...) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.google.com:443
* Proxy auth using Basic with user 'orcacore'
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> Proxy-Authorization: Basic b3JjYWNvcmU6cWF6aTEyMw==
> User-Agent: curl/7.76.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 407 Proxy Authentication Required
< Server: squid/5.5
< Mime-Version: 1.0
< Date: Sun, 05 Feb 2023 08:33:27 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 3579
< X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
< Vary: Accept-Language
< Content-Language: en
< Proxy-Authenticate: Basic realm="Squid Basic Authentication"
* Authentication problem. Ignoring this.
< X-Cache: MISS from almalinux
< X-Cache-Lookup: NONE from almalinux:3128
< Via: 1.1 almalinux (squid/5.5)
< Connection: keep-alive
<
* Received HTTP code 407 from proxy after CONNECT
* CONNECT phase completed!
* Closing connection 0
curl: (56) Received HTTP code 407 from proxy after CONNECT

For more information about Squid proxy, you can visit the Squid Documentation page.

Conclusion

At this point, you have learned to Install and Configure Squid Proxy on AlmaLinux 9.

Hope you enjoy it. You may be like these articles on the Orcacore website:

Steps To Install PHP 7.4 on AlmaLinux 9

Install PowerDNS on AlmaLinux 9

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Stay informed and not overwhelmed, subscribe now!