Deploy Squid on Server

Deploy squid proxy server on linux server step by step. Modified: 2024-09-29 09:19:03 Created: 2023-03-25 00:34:09 Tags: #proxy #linux #squid

Squid is a popular open-source proxy server that can improve network performance, security, and privacy. It can be used to cache frequently accessed content, filter out unwanted traffic, and anonymize client connections.

Before proceeding with the tutorial, you should have root access to the Linux 9 system with a stable internet connection. And a basic understanding of Linux terminal commands and network protocols is required.

1. Install Squid

Install Squid package with the package manager:

sudo dnf install squid

This will download and install the Squid package along with its dependencies. If the installation is successful, you can move on to the next step.

2. Configure Squid on Server

The default Squid configuration file is located at /etc/squid/squid.conf. To edit this file, use a text editor such as Nano or Vim with root privileges:

sudo vim /etc/squid/squid.conf

You can customize various settings in the configuration file according to your requirements. Here's an example configuration that allows any client to access the proxy server:

http_port 3128
cache_dir ufs /var/spool/squid 100 16 256
acl all src all
http_access allow all
  • http_port specifies the TCP port number that Squid should listen on for incoming requests.
  • cache_dir specifies the directory where Squid should store its cache files.
  • acl all src all defines an access control list that allows any client to access the proxy server.
  • http_access allow all grants permission to the clients in the ACL to use the proxy server.

Start and enable the Squid service using the following command:

sudo systemctl enable --now squid

Verify that Squid is running by checking the status:

sudo systemctl status squid

You should see a message indicating that the service is active and running.

3. Secure Squid

By default, Squid does not have any security mechanisms in place. Therefore, it's important to take some steps to secure your Squid installation. You can set up access controls to restrict who can access the proxy server, monitor Squid logs for suspicious activity, and keep Squid up to date with the latest security patches.

Use access control lists (ACLs) to restrict access to the proxy server. For example, you can create an ACL that only allows requests from specific IP addresses or networks.

Monitor Squid logs for unusual activity, such as requests from unknown clients or large amounts of traffic from a single IP address. You can use tools like Logwatch or Splunk to parse and analyze Squid logs.

In order to use https_proxy, a cert is required: 

sudo openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/squid/ssl/squid.key -out /etc/squid/ssl/squid.crt

4. Troubleshooting Squid

If you encounter issues with Squid, you can use various troubleshooting techniques to diagnose and resolve the problem. Here are some tips to get started:

Check the Squid logs for error messages or warnings. The default log file is located at /var/log/squid/access.log and /var/log/squid/cache.log.

Use the squidclient command to test Squid's connectivity and performance. For example, you can run squidclient -h localhost -p 3128 http://www.google.com to test if Squid is able to retrieve web pages.

Use online resources and community forums to get help from other Squid users. The Squid website, mailing lists, and IRC channels are great places to start.

Install auth tools via: 

sudo dnf install httpd-tools -y
And add new account: 
sudo htpasswd -c /etc/squid/passwords your_accout_name

Edit the configuration vim /etc/squid/squid.conf, add the following lines: 

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic children 5
auth_param basic realm "Squid proxy-caching web server"
auth_param basic credentialsttl 5 hours

acl auth_users proxy_auth REQUIRED
http_access allow auth_users

5. Setting Up on Client

Once you have set up Squid on Linux server, you may want to configure your client devices to use the Squid proxy server to access the Internet. One way to do this is to set up the http_proxy and https_proxy environment variables on your machine.

export http_proxy=http://<squid_server_ip>:3128
export https_proxy=http://<squid_server_ip>:3128

Replace squid_server_ip with the IP address of your Squid server. If you have configured Squid to listen on a different port, replace 3128 with the appropriate port number.

If you add password, auth info should be added to proxy: 

export http_proxy=your_account_name:your_password@<squid_server_ip>:3128
export https_proxy=your_account_name:your_password@<squid_server_ip>:3128

To make these environment variables persistent across terminal sessions, add the above two commands to your shell's startup file (~/.bashrc for bash, ~/.zshrc for zsh, etc.).

You can now use your Squid proxy server to access the internet. Note that not all applications honor these environment variables, so you may need to configure individual applications to use the proxy server.

Summary

In this tutorial, we've shown you how to deploy Squid on Linux and configure it to meet your specific needs.