CentOSRHEL Based

How To Install Squid Proxy on CentOS Stream 10

r00t

Install Squid Proxy on CentOS Stream 10

In this tutorial, we will show you how to install Squid Proxy on CentOS Stream 10. In today’s digital landscape, proxy servers play a crucial role in managing network traffic, enhancing security, and optimizing bandwidth usage. Among the popular proxy server solutions, Squid stands out as a versatile and widely-used caching proxy server. This article will guide you through the process of installing and configuring Squid Proxy on CentOS Stream 10, ensuring that you have a robust and efficient proxy setup for your network needs.

Introduction to Squid Proxy

Squid is an open-source caching proxy server that supports HTTP, HTTPS, and FTP protocols. It is renowned for its ability to cache frequently accessed web pages, thereby reducing bandwidth consumption and improving response times. Squid’s extensive access controls make it an excellent choice for organizations seeking to monitor and manage web traffic effectively.

Benefits of Using Squid Proxy

  • Caching: Squid caches frequently accessed web pages, reducing the need for repeated downloads and enhancing browsing speed.
  • Access Control: It offers robust access control features, allowing administrators to restrict access to specific websites or content.
  • Security: Squid can be configured to enhance network security by filtering out malicious traffic and enforcing authentication.
  • Flexibility: It supports various protocols and can be easily integrated into existing network infrastructures.

Understanding Squid Proxy

Before diving into the installation process, it’s essential to understand Squid’s key features and capabilities:

  • Caching Proxy: Squid acts as a caching proxy, storing frequently accessed web pages to reduce bandwidth usage.
  • Access Control Lists (ACLs): Squid supports ACLs, which allow administrators to define access rules based on IP addresses, domains, or user identities.
  • Authentication: Squid can be configured to require authentication for proxy access, ensuring that only authorized users can access the internet through the proxy.

Use Cases for Squid Proxy

  • Corporate Networks: Squid is often used in corporate environments to monitor and control employee internet access.
  • Educational Institutions: It helps educational institutions manage student internet access and filter out inappropriate content.
  • Home Networks: Squid can be used in home networks to control children’s internet access and enhance browsing speeds.

Prerequisites for Installation

Before installing Squid Proxy on CentOS Stream 10, ensure you have the following prerequisites:

  • CentOS Stream 10 Operating System: Ensure that your server is running CentOS Stream 10.
  • Root Access or Sudo Privileges: You need administrative privileges to install and configure Squid.
  • Terminal Access: Access to a terminal window is necessary for executing commands.
  • Internet Connection: A stable internet connection is required for downloading the Squid package.

System Preparation

Update System Packages

To ensure your system is up-to-date, run the following command:

sudo dnf update -y

This command updates all system packages to their latest versions.

Install EPEL Repository

Squid is not included in the default CentOS Stream 10 repositories. You need to install the EPEL (Extra Packages for Enterprise Linux) repository to access Squid:

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm

Configure Firewall Settings

Ensure that your firewall allows traffic on the Squid port. By default, Squid listens on port 3128. You can configure your firewall using `firewalld`:

sudo firewall-cmd --permanent --add-service=squid
sudo firewall-cmd --reload

If Squid is not listed as a service, you may need to add a custom rule for port 3128:

sudo firewall-cmd --permanent --add-port=3128/tcp
sudo firewall-cmd --reload

Installation Process

Install Squid Package

With the EPEL repository installed, you can now install Squid:

sudo dnf install squid -y

Verify Installation

To confirm that Squid is installed correctly, check the package information:

rpm -qi squid

Start Squid Service

Start the Squid service and enable it to start automatically on boot:

sudo systemctl enable --now squid

Verify Squid Status

Check the status of the Squid service to ensure it is running:

sudo systemctl status squid

Basic Configuration

Squid’s configuration file is located at `/etc/squid/squid.conf`. Here are some essential configurations to get you started:

Open Squid Configuration File

Use your preferred text editor to open the configuration file:

sudo nano /etc/squid/squid.conf

Configure HTTP Port

By default, Squid listens on port 3128. You can change this if needed:

http_port 3128

If you want to use a different port, simply replace `3128` with your desired port number.

Allow HTTP Access

Initially, Squid is configured to deny all HTTP access. Change this to allow access:

http_access allow all

Restart Squid Service

After making changes to the configuration file, restart the Squid service:

sudo systemctl restart squid

Advanced Configuration

Access Control Lists (ACLs)

ACLs allow you to define access rules based on IP addresses, domains, or user identities. Here’s an example of how to create an ACL for a specific IP address:

acl mynetwork src 192.168.1.0/24
http_access allow mynetwork

This configuration allows access to the proxy for devices on the `192.168.1.0/24` network.

Authentication Setup

To add an extra layer of security, you can configure Squid to require authentication. This involves setting up an authentication helper like `squid_ldap_auth` or `squid_ntlm_auth`.

  1. Install Authentication Helper: For example, to use LDAP authentication, install the necessary package:
sudo dnf install squid-ldap-auth -y
  1. Configure Authentication in Squid.conf:
auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b "dc=example,dc=com" -D "cn=admin,dc=example,dc=com" -w "your_password"
auth_param basic children 5
auth_param basic realm My Proxy
auth_param basic credentialsttl 2 hours
  1. Define ACL for Authenticated Users:
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

Bandwidth Control

You can control bandwidth usage by setting limits on the amount of data that can be transferred. This is useful for managing network resources:

delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_access 1 deny !authenticated
delay_parameters 1 -1/-1 -1/-1

Logging Configuration

Squid logs are crucial for monitoring and troubleshooting. You can customize log settings in the `squid.conf` file:

access_log /var/log/squid/access.log squid

Security Considerations

Implementing Access Restrictions

Use ACLs to restrict access to specific websites or domains:

acl blocked_sites dstdomain .example.com
http_access deny blocked_sites

Setting Up Authentication

As mentioned earlier, authentication adds a layer of security by ensuring only authorized users can access the proxy.

Securing Proxy Communications

Consider using HTTPS for proxy communications to encrypt data:

https_port 3129 cert=/path/to/cert.pem key=/path/to/key.pem

Best Security Practices

  • Regularly Update Squid: Ensure Squid is updated to the latest version to patch security vulnerabilities.
  • Use Strong Authentication: Implement robust authentication mechanisms to prevent unauthorized access.
  • Monitor Logs: Regularly review Squid logs to detect and respond to security incidents.

Client Configuration

System-Wide Proxy Settings

To configure your system to use the Squid proxy, you can set environment variables:

export http_proxy=http://your_squid_server_ip:3128
export https_proxy=http://your_squid_server_ip:3128

Browser-Specific Configuration

In your web browser, go to the network settings and enter the Squid proxy details:

  • Proxy Server: `your_squid_server_ip`
  • Port: `3128`

Install Squid Proxy on CentOS Stream 10

Testing Proxy Connectivity

After configuring your client, test the proxy by accessing a website. You can verify that the proxy is working by checking the Squid logs or using tools like `curl`:

curl -x http://your_squid_server_ip:3128 http://example.com

Congratulations! You have successfully installed Squid. Thanks for using this tutorial for installing the Squid proxy server on the CentOS Stream 10 system. For additional help or useful information, we recommend you check the official Squid website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more tutorials!
Back to top button