How to Install Squid Proxy on CentOS Stream 9 Tutorial (Step by Step)

How to Install Squid Proxy on CentOS Stream 9. Proxy servers are server application that acts as a gateway between the end users and the online resources. The role of a proxy server is to allow end users to monitor and control their web traffic, for a variety of reasons, including caching, security, and privacy. A proxy server, for example, allows you to access the web from an IP address other than your own.

Squid is an open source, stable, and popular HTTP proxy. In this article, we will have a look at what is squid proxy, its features as well as advantages of using it then illustrate the installation steps on CentOS Stream 9. Let’s start!

What is Squid Proxy?

Squid is a feature rich forwarding and caching web proxy server application that offers cache and proxy services for HTTP (Hyper Text Transfer Protocol), FTP (File Transfer Protocol), and several other network protocols. Using Squid, you can cache and proxy Secure Socket Layer (SSL) requests, DNS queries, and handle transparent caching. The Squid does not serve as a generic proxy server. Normally, it only proxies HTTP connections.

With Squid it serves both as a cache and a proxy. As a proxy, Squid serves as an intermediary between two web transactions. It accepts requests from clients, processes them, and then sends them back to the origin server. It is possible to log, reject, or even modify a request before the request is forwarded.

Squid Features

Squid offers a wide range of other features such as:

  • Load distribution across hierarchies of intercommunicating proxy servers.
  • Setting up a strict access control list for all clients that access the proxy server.
  • Denying or allowing specific web page access through other applications.
  • Statistic generation of most visited Web pages to assess surfing habits.
  • Reporting individual or group Internet usage by monitoring user traffic.
  • Ensure the privacy of users by not exposing their machines directly to the internet.
  • Reducing the load on a single web server by distributing it among multiple web servers.
  • Boost a slow web server’s performance.
  • Requests or responses can be filtered through an integrated malware/virus detection system.
  • Manage traffic across multiple connection types by load balancing.

Advantages of Squid Proxy

Caching and load balancing

A major advantage of Squid is that it caches frequently requested pages for speeding up website load time and bandwidth usage by eliminating the need to repeatedly request the same page multiple times. In addition, you can use it as a reverse proxy to speed up web servers because it serves cached content instead of allowing simultaneous client requests for identical content to the web server.

Security

Using Squid along with a firewall can help protect internal networks from outside intrusion. A firewall prevents all clients from accessing external services except for Squid. It is necessary for the proxy server to establish all Web connections. This configuration allows Squid to fully control Web access.

Multiple Caches

You can configure several instances of Squid so that they exchange objects between themselves. In this way, the total load on the system is reduced and the likelihood of retrieving objects from the local network is greatly enhanced.

In addition, cache hierarchies can be configured, making it possible for a cache to forward object requests to its parent cache or sibling cache, this will cause the cache to retrieve objects directly from other caches within the local network or from the source directly.

Caching Internet Objects

Here there is many dynamic objects in the network that are not static such as SSL/TLS encrypted content. Such objects are not cached as they get changed every time they are accessed.

The objects are assigned some states based on how long they should be cached. Proxy servers determine an object’s status by adding header information to these objects such as ‘’Expires’’, ‘’Last Modified’’ the date they were modified. You can specify other headers to prevent objects from being cached as well.

Cache objects are typically replaced, due to limited disk space, using LRU (last recently used) algorithms. In other words, the proxy deletes objects that haven’t been requested in a long time.

Privacy

Several other benefits of Squid proxy is including privacy as it allows you to surf anonymously on the internet by hiding your IP address. The website you’re visiting can be identified by your public IP address when you don’t use a proxy.

However, when you use a proxy server to access the web page, your IP address becomes invisible, since only the proxy server’s IP address appears on the page. The proxy IP then handles the rest of the work.

Saves Bandwidth

Another benefit of using Squid proxy is speed. Rather than retrieving a web page from the internet, it stores it into a centralized cache database and can retrieve it from there. This makes web page retrieval much faster. Furthermore, a proxy server can save bandwidth by reducing the need to access the internet in order to retrieve data.

Strict access control lists for clients accessing the proxy server

With loading the configuration file Squid processes all the directives or ACL lines  into memory, as tests which are performed against any request transaction. So there are two different components: ACL elements and access lists. An access list consists of an allow or deny action followed by a number of ACL elements.

Follow this post to learn how to install Squid Proxy on CentOS Stream 9.

Install Squid Proxy on CentOS Stream 9

Prerequisites

  • A root password is configured on your server.

Install Squid Proxy

By default, the Squid Proxy package is not included in the CentOS Stream 9 default repo. So you will need to install it from the EPEL repo.

First, install the EPEL repo with the following command:

				
					dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
				
			

Once the EPEL repo is installed, run the following command to install  Squid Proxy server on your server.

				
					dnf install squid -y
				
			

When you installed Squid please verify the package information using the following command:

				
					rpm -qi squid
				
			

You should see the Squid package information in the following output:

				
					Name        : squid
Epoch       : 7
Version     : 4.15
Release     : 3.module+el8.6.0+991+e278114b.1
Architecture: x86_64
Install Date: Sunday 10 July 2022 02:56:32 PM UTC
Group       : Unspecified
Size        : 12404565
License     : GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
Signature   : RSA/SHA256, Thursday 07 July 2022 03:32:27 PM UTC, Key ID 15af5dac6d745a60
Source RPM  : squid-4.15-3.module+el8.6.0+991+e278114b.1.src.rpm
Build Date  : Thursday 07 July 2022 03:25:23 PM UTC
Build Host  : ord1-prod-x86build002.svc.aws.centos.org
Relocations : (not relocatable)
Packager    : infrastructure@rockylinux.org
Vendor      : Rocky
URL         : http://www.squid-cache.org
Summary     : The Squid proxy caching server
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

				
			

Manage Squid Proxy Service

By default, the Squid Proxy service is managed by systemd. You can easily manage it using the systemctl command.

Start Squid service by running the following command:

				
					systemctl start squid
				
			

Enable Squid service to start at system reboot by running the following command:

				
					systemctl enable squid
				
			

Check the status of Squid service by running the following command:

				
					systemctl status squid
				
			

You will get the following output:

				
					● squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-07-10 14:57:07 UTC; 4s ago
     Docs: man:squid(8)
  Process: 4026 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
 Main PID: 4032 (squid)
    Tasks: 3 (limit: 11412)
   Memory: 14.0M
   CGroup: /system.slice/squid.service
           ├─4032 /usr/sbin/squid --foreground -f /etc/squid/squid.conf
           ├─4034 (squid-1) --kid squid-1 --foreground -f /etc/squid/squid.conf
           └─4035 (logfile-daemon) /var/log/squid/access.log

Jul 10 14:57:07 centos systemd[1]: Starting Squid caching proxy...
Jul 10 14:57:07 centos squid[4032]: Squid Parent: will start 1 kids
Jul 10 14:57:07 centos squid[4032]: Squid Parent: (squid-1) process 4034 started
Jul 10 14:57:07 centos systemd[1]: Started Squid caching proxy.
				
			

By default, Squid listens on port 3128. You can check it with the following command:

				
					ss -antpl | grep squid
				
			

You should see the following output:

				
					LISTEN 0      128                *:3128            *:*    users:(("squid",pid=4034,fd=13))
				
			

Configure Firewall for Squid

If firewalld is installed on your server then you will also need to allow port 3128 via firewalld. You can allow it with the following command:

				
					firewall-cmd --add-service=squid --permanent
				
			

Next, reload the firewalld service to apply the changes:

				
					firewall-cmd --reload
				
			

Configure Squid Proxy

Next, you will need to edit the Squid Proxy main configuration file and define the IP address of the remote PC to access the internet via Squid Proxy.

To do so, edit the Squid Proxy configuration file using the nano editor:

				
					nano /etc/squid/squid.conf
				
			

Add the following lines at the beginning of the file:

				
					#Define the IP address of remotepc to access the internet via Squid

acl remotepc1 src 106.205.251.23
acl remotepc2 src 106.205.251.24
http_access allow remotepc1 remotepc2
				
			

Next, add the following lines at the beginning of the file to anonymize traffic and mask the Client’s IP address:

				
					forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

				
			

Save and close the file then restart the Squid proxy service to apply the changes:

				
					systemctl restart squid
				
			

Configure Client PC to Use Squid Proxy

Next, you will need to configure the client PC to use the Squid proxy as the gateway or set the proxy settings on the browser.

To set system wide proxy configurations, create a new configuration file inside the directory /etc/profile.d:

				
					nano /etc/profile.d/squid.sh
				
			

Add the following lines:

				
					PROXY_URL="squid-server-ip:3128"
HTTP_PROXY=$PROXY_URL
HTTPS_PROXY=$PROXY_URL
FTP_PROXY=$PROXY_URL
http_proxy=$PROXY_URL
https_proxy=$PROXY_URL
ftp_proxy=$PROXY_URL
export HTTP_PROXY HTTPS_PROXY FTP_PROXY http_proxy https_proxy ftp_proxy

				
			

Save and close the fiel then reload the file using the following command:

				
					source /etc/profile.d/squid.sh
				
			

Now, try to download anything from google.com to test the Squid proxy:

				
					wget google.com
				
			

You should see that your request is sent via your proxy server:

				
					--2022-07-10 20:44:25--  http://google.com/
Connecting to 208.117.84.254:3128... connected.
Proxy request sent, awaiting response... 301 Moved Permanently
Location: http://www.google.com/ [following]
--2022-07-10 20:44:26--  http://www.google.com/
Reusing existing connection to 208.117.84.254:3128.
Proxy request sent, awaiting response... 200 OK

				
			

Now, go to the Squid server and verify the Squid log using the following command:

				
					tail -f /var/log/squid/access.log 
				
			

You will get the following output:

				
					1657466066.255     86 106.205.251.23 TCP_MISS/301 648 GET http://google.com/ - HIER_DIRECT/74.125.138.101 text/html
1657466066.763    140 106.205.251.23 TCP_MISS/200 15058 GET http://www.google.com/ - HIER_DIRECT/64.233.177.99 text/html
				
			

Configure Proxy via web server

To configure the Proxy setting via web browser, open your Firefox browser and click on the Preferences => General. You should see the following screen:

Now, click on the Network Settings. You should see the proxy configuration page:

Define your Squid Proxy server IP, Port and click on the OK button.

Now, type the URL https://whatismyipaddress.com/ in your web browser. You should see your Squid Proxy server IP under the My IP Address:

That means you are accessing the internet via the Squid Proxy server.

That’s great effort! Thank you for reading article blog about How to Install Squid Proxy on CentOS Stream 9. Let’s conclude. 

How to Install Squid Proxy on CentOS Stream 9 Conclusion

In this guide, we explained how to install the Squid Proxy server on CentOS 9 Stream. We also showed you how to configure the client machine to use the Squid proxy to browse the Internet. You can now configure Squid proxy to monitor users’ internet history and control their web traffic. You can also use Squid as a caching proxy server to save the client request in the cache to speed up the website performance. For more advanced configuration, visit the Squid Proxy documentation page.

Enjoy checking out our content about Squid proxy here.

Avatar for Hitesh Jethva
Hitesh Jethva

I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x