Install and Configure Squid Proxy on CentOS 7 & 8

Last modified on May 20, 2020 2 min read

Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic.

In this article, I’m going to show how to install & configure Squid proxy on CentOS 7 and 8. Let’s begin:

Table of Contents

  1. Install Squid
  2. Configure Squid
  3. Set Authentication
  4. Config Firewall
  5. Test Our Proxy

Install Squid

Squid package is available on CentOS repository. Run this command to install Squid:

# CentOS/RHEL 8
sudo dnf install squid

# CentOS/RHEL 7
sudo yum install squid

Once the installation is completed, we have start and enable Squid service:

# Enable
sudo systemctl enable squid

# Start
sudo systemctl start squid

Now check the status:

sudo systemctl status squid

Configure Squid

The config file located on /etc/squid/squid.conf. Let’s take a backup before modifying:

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bkp

Now open the file with your favorite text editor:

sudo nano /etc/squid/squid.conf

The default Squid port is 3128. We can easily change the port:

# Default
http_port 3128

# Change to 4141
http_port 4141

By default, Squid allows access only from localnet & localhost. We can allow specific IPs to access Squid. To do this, create this file:

sudo nano /etc/squid/allowed_ips.txt

Then enter IP address:

# Allowed IPs
192.168.45.1
192.168.21.2
# more...

Now we need to add 2 lines in the main config file:

/etc/squid/squid.conf
# ...
acl allowed_ips  src "/etc/squid/allowed_ips.txt" # add this line
# ...
http_access allow localnet
http_access allow localhost
http_access allow allowed_ips # add this line

If you want to access Squid from any IP, then just change this:

# Change
http_access deny all

# To
http_access allow all

Then restart Squid service:

sudo systemctl restart squid

Set Authentication

We’re able to set authentication in Squid. We’ll use the openssl to generate the password. The login details will be stored in /etc/squid/htpasswd file.

The structure of adding user:

printf "THE_USERNAME:$(openssl passwd -crypt THE_PASSWORD)\n" | sudo tee -a /etc/squid/htpasswd

Let’s add a demo user called “user1” with password “123456”:

printf "user1:$(openssl passwd -crypt 123456)\n" | sudo tee -a /etc/squid/htpasswd

After that, we have to enable the HTTP basic authentication in Squid config file:

/etc/squid/squid.conf
# # add these 3 lines
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# ...
http_access allow localnet
http_access allow localhost
http_access allow authenticated # add this line

Done. Restart the Squid service:

sudo systemctl restart squid

Config Firewall

If you are running a firewall, you’ll need to open port 3128. To do so run the following commands:

# Add port
sudo firewall-cmd --permanent --add-port=3128/tcp

# Reload
sudo firewall-cmd --reload

Test Our Proxy

Our proxy server is ready to use. We can try to connect our proxy from any proxy client. I’m testing on Windows 10 proxy settings.

After enabling the proxy, visit http://ip-api.com/json to check location information.

You can test from browser’s proxy settings too.

Google Chrome: Chrome uses default system proxy settings. Such as on Windows, chrome uses Windows proxy settings.

Firefox: Options > Network Settings > Select “Manual proxy configuration & Use this proxy server for all protocols”.

Done. Our proxy server is ready to use. Thanks for reading. 🙂

Author

Hey, I'm Md Obydullah. I build open-source projects and write about Laravel, Linux server, modern JavaScript and more on web development. If you enjoy my content, please consider supporting what I do!

Follow Buy me a coffeeBuy me a coffee

Leave a Reply

Your email address will not be published. Required fields are marked *