Install Squid Proxy on RHEL9 or CentOS9

 

Introduction

In the ever-evolving landscape of IT infrastructure, the need for efficient and secure internet access has become paramount. One tool that has stood the test of time in meeting this demand is Squid Proxy.

Brief History

Squid Proxy has been a stalwart in the realm of web caching and proxy services since its inception in the early 1990s. Initially developed as a tool to provide faster internet access for web clients, Squid has grown into a feature-rich proxy server with a strong emphasis on security and performance.

Photo by Ronnie Siegel from Pexels

What is Squid Proxy

Squid Proxy is an open-source caching proxy server that acts as an intermediary between client machines and web servers. Its primary function is to enhance web performance by caching frequently requested web content, reducing bandwidth usage, and providing granular control over internet access. Squid also offers features such as access control, authentication, and logging, making it a versatile solution for various networking scenarios.

Step-by-Step Installation Procedure for Squid Proxy

Before you begin, ensure that you have administrative privileges and have access to a terminal on your RHEL9 or CentOS9 server.

Update System

First, it is a good practice to ensure the system is updated before we proceed.

$ sudo dnf update -y

Install Squid Proxy

Install the squid proxy packages.

$ sudo dnf install squid -y

Start Squid Proxy

Run the following command to start the squid proxy service as well as, enable it to automatically start on reboot.

$ sudo systemctl enable --now squid

Adjust Firewall Rules

If applicable, adjust firewall rules accordingly:

$ sudo firewall-cmd --permanent --add-service=squid
$ sudo firewall-cmd --reload

Check Status

Verify the squid proxy service is running:

$ sudo systemctl status squid

Configuring Squid Proxy

Once Squid Proxy is installed on your RHEL 9 or CentOS 9 server, the next crucial step is configuring its settings to suit your network requirements. The main configuration file for Squid is typically located at /etc/squid/squid.conf. Let’s go through some key configurations and the changes you may need to make.

Squid Config File

Using your favorite text editor, open the squid configuration file.

$ sudo vim /etc/squid/squid.conf

Define Access Controls

Set access control rules to define which clients are allowed to access the proxy. Modify or add the following lines:

acl localnet src 192.168.0.0/24  # Adjust the IP range according to your local network
http_access allow localnet

Configure Port Settings

Squid Proxy typically listens on port 3128. If you need to change the default port, locate the following line and modify it accordingly:

http_port 3128

Enable Caching

To enable caching, find and uncomment (remove the ‘#’ at the beginning of the line) or add the following lines:

cache_dir ufs /var/spool/squid 100 16 256

Implement SSL/TLS

If SSL/TLS interception is required, carefully configure Squid to handle encrypted traffic. Add the following lines:

https_port 3129 intercept  # Adjust the port as needed
ssl_bump peek all
ssl_bump splice all

Logs Configuration

Adjust logging settings based on your preferences. You can specify the log file location and set log rotation parameters. Example:

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log

Custom Error Pages

Customize the error pages displayed to users when access is denied or other errors occur. Example:

error_directory /usr/share/squid/errors/English

Enable Authentication

If you require users to authenticate, enable basic authentication. Add the following lines:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

Adjust Cache Settings

Fine-tune cache settings based on your storage capacity and performance requirements. Example:

cache_mem 256 MB
maximum_object_size 100 MB

Save and Exit

After making the necessary changes, save the configuration file and exit the text editor.

Restart Squid

Apply the changes by restarting the Squid service:

$ sudo systemctl restart squid

These are just basic configurations, and you should tailor them to your specific needs and security requirements. Always review the official Squid documentation for detailed explanations of each configuration directive and additional advanced settings.

Best Practices

Here are some common best practices as it pertains to squid proxy.

Monitor Squid Logs

Keep a close eye on Squid logs (typically located at /var/log/squid/) to identify and address any potential issues or security concerns.

Implement Access Control

Leverage Squid’s access control features to restrict access based on IP addresses, domains, or user authentication, enhancing security and compliance.

Optimize Cache Settings

Fine-tune cache settings to align with your organization’s needs, balancing performance gains with storage considerations.

SSL/TLS Interception

If SSL/TLS interception is required, carefully configure Squid to avoid security risks and ensure seamless encrypted traffic management.

Regular Squid Updates

Stay current with Squid updates to benefit from the latest features, bug fixes, and security patches.