Install and configure Squid proxy server

Squid is software for running HTTP proxies. In this article, we will show how to install and configure the Squid proxy server.

To start with the installation connect to the server via SSH and run the following command.

CentOS:

[root@proxy ~]# yum -y install squid

Ubuntu/Debian:

[root@proxy ~]# apt-get -y install squid

Clean Squid configuration file.

[root@proxy ~]# cat /dev/null > /etc/squid/squid.conf

Navigate to the Squid directory and open its configuration file.

[root@proxy ~]# cd /etc/squid/
[root@proxy squid]# vi squid.conf

Start editing the configuration file by pressing Insert on your keyboard and entering the following contents.

CentOS:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_users
auth_param basic children 5
auth_param basic realm Auth
auth_param basic credentialsttl 1 hours
acl ncsa_users proxy_auth REQUIRED
ignore_expect_100 on
access_log /var/log/squid/access.log squid
server_persistent_connections off
dns_v4_first on
visible_hostname localhost
cache deny all
http_port 17102

acl proxy_user_acl proxy_auth proxy_user
acl ip_1 myip 2.58.28.45
tcp_outgoing_address 2.58.28.45
http_access allow proxy_user_acl ip_1

forwarded_for off 
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access Set-Cookie allow all

Ubuntu/Debian:

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/squid_users
auth_param basic children 5
auth_param basic realm Auth
auth_param basic credentialsttl 1 hours
acl ncsa_users proxy_auth REQUIRED
ignore_expect_100 on
access_log /var/log/squid/access.log squid
server_persistent_connections off
dns_v4_first on
visible_hostname localhost
cache deny all
http_port 17102

acl proxy_user_acl proxy_auth proxy_user
acl ip_1 myip 2.58.28.45
tcp_outgoing_address 2.58.28.45
http_access allow proxy_user_acl ip_1

forwarded_for off 
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access Set-Cookie allow all

Save and close the file by pressing Esc and :wq keys in your keyboard.

We will also need htpasswd utility to generate the password for our proxy user. To do this install the httpd-tools package.

CentOS:

[root@proxy squid]# yum install -y httpd-tools

Ubuntu/Debian:

[root@proxy squid]# apt-get install -y apache2-utils

Generate password for the user named proxy_user.

[root@proxy squid]# htpasswd -b -c squid_users proxy_user e7aB4AmpUvFDj6E
Adding password for user proxy_user

The command above takes 3 parameters:

  • squid_users – file name in which the user password is saved,
  • proxy_user – username
  • e7aB4AmpUvFDj6E – password

Check if the password has been successfully generated.

[root@proxy squid]# cat squid_users
proxy_user:$apr1$Zac9nPwt$pbDUf3LsyWdeIei.JLcwF.

Start Squid service if it’s not running yet.

[root@proxy squid]# systemctl status squid
● squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@proxy squid]# systemctl start squid
[root@proxy squid]# systemctl status squid
● squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-09-08 12:56:37 UTC; 3s ago
  Process: 1342 ExecStop=/usr/sbin/squid -k shutdown -f $SQUID_CONF (code=exited, status=0/SUCCESS)
  Process: 1349 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
  Process: 1344 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
 Main PID: 1351 (squid)
   CGroup: /system.slice/squid.service
           ├─1351 /usr/sbin/squid -f /etc/squid/squid.conf
           └─1353 (squid-1) -f /etc/squid/squid.conf

Sep 08 12:56:37 proxy systemd[1]: Stopped Squid caching proxy.
Sep 08 12:56:37 proxy systemd[1]: Starting Squid caching proxy...
Sep 08 12:56:37 proxy systemd[1]: Started Squid caching proxy.
Sep 08 12:56:37 proxy squid[1351]: Squid Parent: will start 1 kids
Sep 08 12:56:37 proxy squid[1351]: Squid Parent: (squid-1) process 1353 started

Check if the proxy is accessible and working with any client that supports HTTP proxy. For example:

curl -x http://proxy_user:e7aB4AmpUvFDj6E@2.58.28.45:17102 ipinfo.io
{
  "ip": "2.58.28.45",
  "city": "London",
  "region": "England",
  "country": "GB",
  "loc": "51.5085,-0.1257",
  "org": "AS61317 Digital Energy Technologies Ltd.",
  "postal": "EC1A",
  "timezone": "Europe/London",
  "readme": "https://ipinfo.io/missingauth"

Related articles:

Was this article helpful?

Still need help?

Heficed Slack Community

Get involved in Heficed Slack community. Get updates, ask questions, connect with peers.

Heficed Slack

Need support?

If you need any further help, don't hesitate to send a support request to our support team.