Foreword

Squid is a web proxy server application that provides web proxy and caching services for organizations, supporting HTTP, HTTPS, FTP, etc. By caching and reusing frequently requested web pages, it reduces bandwidth and response time. With extensive access control, Squid is an excellent server accelerator. It runs on most available operating systems, including Windows, and is licensed under the GNU GPL. To install Squid on a CentOS 8 / RHEL 8 server, follow these steps.

Step 1: Update the server

Before you start installing the server in a comfortable place, make sure our house is completely clean.

                      
                        sudo dnf update
                      
                    

Step 2: Install Squid

Squid is available in the Yum repository. Run the following command to install it on our clean server.

                      
                        sudo dnf install squid -y
                      
                    

Step 3: Configure forwarding proxy settings

You send a connection request to a forwarding agent, which then retrieves data from the Internet on your behalf. This way, it can also act as a cache server by keeping all frequently visited pages in it. The next time you visit a cached page, your request does not need to have constant Internet access. The browser retrieves it from the cache.

Before proceeding, let’s back up the default configuration file.

                      
                        sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.ori
                      
                    

Open the main configuration file for squid and add / edit the following

                      
                        sudo vim /etc/squid/squid.conf
                      
                    

Comment out all the default network ACLs as shown below

                      #acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
#acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
#acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
#acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
#acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
#acl localnet src 192.168.0.0/16         # RFC 1918 local private network (LAN)
#acl localnet src fc00::/7               # RFC 4193 local private network range
#acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines

#Add the subnet that will be using the proxy. This is typically your local area network(s). You can give them anyname.
 
                      
                        acl my_proxynet src 172.20.0.0/24
 http_access deny to_localhost
                      
                      
#Comment out the line below

                      
                        #http_access allow localnet
                      
                      
#Allow the defined network acl above
 
                      
                        http_access allow my_proxynet
                      
                      
#Hide your IP address
 
                      
                        forwarded_for off
                      
                      
#Extra Settings
 
                      
                        request_header_access From deny all
 request_header_access Server deny all
 request_header_access Referer deny all
 request_header_access X-Forwarded-For deny all
 request_header_access Via deny all
 request_header_access Cache-Control deny all
                      
                    

Configure the cache type, path to the cache directory, cache size, and other cache-type-specific settings in the cache_dir parameter.

                      #Uncomment the line below in the same config file

                      
                        cache_dir ufs /var/spool/squid 10000 16 256
                      
                    

Step 4: Start Squid and allow its services on the firewall

If your server is running FirewallD, we need to allow it so that clients can access it. Run the following command to start / enable, then allow squid on your firewall.

                      
                        sudo firewall-cmd --add-service=squid --permanent
sudo firewall-cmd --reload
                      
                    

Test if your proxy works. It should download the index.html file

                      
                        curl -O -L "https://www.redhat.com/index.html" -x "localhost:3128"
                      
                    

Step 5: Configure CentOS Client

On CentOS clients, you can choose to set a proxy server system-wide or on a per-application basis. In order not to waste a lot of time on each application, let’s set up a proxy server system-wide.

Open the file below and add settings accordingly

                      
                        sudo vim /etc/profile.d/proxyserver.sh
                      
                    

Add proxy settings:

                      
                        MY_PROXY_URL="192.168.120.15:3128"  ## If your server has a domain name, you can replace the IP with it. 
HTTP_PROXY=$MY_PROXY_URL
HTTPS_PROXY=$MY_PROXY_URL
FTP_PROXY=$MY_PROXY_URL
http_proxy=$MY_PROXY_URL
https_proxy=$MY_PROXY_URL
ftp_proxy=$MY_PROXY_URL
                      
                    

Then get the file

                      
                        source /etc/profile.d/proxyserver.sh
                      
                    

in conclusion

Now we have installed the squid agent. Give it a try and see what it can achieve in your setup. If you want to develop more, put your eyes below for a shared guide. Thank you for staying on the blog and hope it helps.

Install and configure Squid proxy server on Ubuntu 18.04 / CentOS 7

Type of proxy server

Getting started with secure HAProxy on Linux