Share your love
Install Squid Proxy on Rocky Linux 8 – Best Proxy Server
This guide will teach you How To Install Squid Proxy on Rocky Linux 8. Squid is a popular Unix-based proxy caching server. It is widely used to improve the speed of the web server by caching frequently requested web pages as well as media files. The response time improves significantly, and the bandwidth congestion decreases massively. It is mostly used for HTTP and FTP. However, it is compatible with other protocols such as HTTPS, SSL, Dopher, and likewise. However, it does not support the SOCKS protocol.
Steps To Install Squid Proxy on Rocky Linux 8
To Install Squid Proxy on Rocky Linux 8, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide on Initial Server Setup with Rocky Linux 8.
Install Squid Proxy on Rocky Linux 8
By default, squid packages are available in the default Rocky Linux repository. First, update your local package index with the following command:
sudo dnf update -y
Then, use the following command to install the Epel repository on your server:
sudo dnf install epel-release -y
Now you can use the following command to Install Squid Proxy on Rocky Linux 8:
sudo dnf install squid -y
Verify your installation by checking the Squid version on Rocky Linux 8:
squid --version
Output
Squid Cache: Version 4.15
Service Name: squid
...
Manage Squid Service
At this point, you need to start and enable your Squid service to start on boot. To do this, you can use the following commands:
# sudo systemctl start squid.service
# sudo systemctl enable squid.service
Verify your Squid service is active and running on your Rocky Linux 8:
sudo systemctl status squid.service
In your output you will see:
Output
● squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor prese>
Active: active (running) since Sun 2022-11-20 08:25:38 EST; 10s ago
Docs: man:squid(8)
Main PID: 91710 (squid)
Tasks: 3 (limit: 23699)
Memory: 14.0M
CGroup: /system.slice/squid.service
├─91710 /usr/sbin/squid --foreground -f /etc/squid/squid.conf
├─91712 (squid-1) --kid squid-1 --foreground -f /etc/squid/squid.conf
└─91713 (logfile-daemon) /var/log/squid/access.log
...
Configure Squid Proxy on Rocky Linux 8
Now you need to make some configuration changes in the Squid configuration file on your server to allow clients to connect to Squid from outside this server.
Open the Squid configuration file on Rocky Linux 8, here we use the vi text editor:
sudo vi /etc/squid/squid.conf
Search for the following lines in the file:
...
http_access allow localhost
...
http_access deny all
...
You can change the deny all to allow all and anyone can connect to your proxy server. But it’s not recommended to do that. You can add the line below and define your IP address to connect to the Squid proxy.
You can find your IP address from the What’s My IP?
Then, add the below line above the http_access allow localhost line.
...
acl localnet src your_ip_address
http_access allow localhost
...
When you are done, save and close the file.
Create Squid username-password pairs
At this point, you need to secure your Squid proxy. Squid allows you to create username-password pairs using built-in Linux functionality, as an additional or an alternative step to restricting access to your proxy by IP address.
First, you need to install some utilities from Apache on Rocky Linux 8 in order to have access to a password generator that squid likes:
sudo dnf -y install httpd-tools
Then, you can use the htpasswd command to generate a password for your new Squid user:
sudo htpasswd -c /etc/squid/passwords your_squid_username
You will be asked to enter a password for your Squid user.
Output
New password:
Re-type new password:
Adding password for user orca
This command will store your username along with a hash of your new password in /etc/squid/passwords
, which will be used as an authentication source by Squid.
You can use the following command to see what that looks like:
sudo cat /etc/squid/passwords
Output
orca:$apr1$DmHJxR8J$K6FZz6p5FaFUlztho1Flw0
Squid Configuration
Now you need to open the Squid configuration file on Rocky Linux 8 again with your favorite text editor, here we use vi:
sudo vi /etc/squid/squid.conf
Add the following directives after the ports’ ACLs.
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
When you are done, save and close the file.
To apply the changes, restart your Squid service on Rocky Linux 8:
sudo systemctl restart squid.service
Configure Firewall for Squid
At this point, we assumed that you have enabled firewalld. Now you need to open the squid port (3128) through the firewall with the following command:
sudo firewall-cmd --add-service=squid --permanent
Reload the firewall to apply the new rules:
sudo firewall-cmd --reload
How To Connect through Squid Proxy
To display your Squid server, you can use the curl command on Rocky Linux 8. To do this, run the following command:
curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 http://www.google.com/
In your output you will see:
Output
* Trying server-ip-address...
* TCP_NODELAY set
* Connected to .... (...) port 3128 (#0)
* Proxy auth using Basic with user 'orca'
> GET http://www.google.com/ HTTP/1.1
> Host: www.google.com
> Proxy-Authorization: Basic b3JjYTpxYXphbGUjMTM3MA==
> User-Agent: curl/7.61.1
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 407 Proxy Authentication Required
< Server: squid/4.15
< Mime-Version: 1.0
< Date: Sun, 20 Nov 2022 13:38:00 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 3590
< X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
< Vary: Accept-Language
< Content-Language: en
* Authentication problem. Ignoring this.
< Proxy-Authenticate: Basic realm="Squid Basic Authentication"
< X-Cache: MISS from rocky.linux
< X-Cache-Lookup: NONE from rocky.linux:3128
< Via: 1.1 rocky.linux (squid/4.15)
< Connection: keep-alive
<
...
Also, you can access HTTPs sites with your Squid proxy without any configuration changes:
curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 https://www.google.com/
In your output you will see:
Output
* Trying ...
* TCP_NODELAY set
* Connected to ... (...) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.google.com:443
* Proxy auth using Basic with user 'orca'
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> Proxy-Authorization: Basic b3JjYTpxYXphbGUjMTM3MA==
> User-Agent: curl/7.61.1
> Proxy-Connection: Keep-Alive
...
For more information about Squid proxy, you can visit the Squid Documentation page.
Conclusion
At this point, you have learned to Install Squid Proxy on Rocky Linux 8. Also, you can easily test your squid proxy and connect to it. Hope you enjoy it.
You may like these articles:
How To Install LibreNMS on Rocky Linux 8