Squid is a web proxy application with a variety of configurations and uses. Squid has a large number of access controls and supports different protocols, such as HTTP, HTTPS, FTP, and SSL. In this post, we will see how to use Squid as an HTTP proxy.
The Setup
Squid is quite an old, mature, and commonly used piece of software. It is generally shipped as a default package with various Linux distributions.
Setup for this post:
192.168.10.2 - is our proxy server. 192.168.10.3 - Will redirect/cache traffic via the proxy server.
Installing squid proxy
Install the required packages for squid proxy enable the squid service to start automatically on boot.
# yum install squid # systemctl enable squid # systemctl start squid
You may receive the below error if you do not have the latest openssl version
Job for squid.service failed because the control process exited with error code. See "systemctl status squid.service" and "journalctl -xe" for details.
To make sure, update the openssl version using the below command:
# yum update openssl
Now we can go ahead and start the quid service.
# systemctl start squid
Configuring squid proxy
The squid proxy by default listens on the port 3128. You may change this port as it may be a security precaution for some companies. Edit the squid configuration file /etc/squid/squid.conf modify http_port directives for port 3128 if you want to change this port. I will keep the port same as this is a test setup.
# vim /etc/squid/squid.conf # Squid normally listens to port 3128 http_port 3128
Restart the squid service for the changes to take effect.
# systemctl restart squid
Verify if the squid proxy processes are started.
# ps -ef | grep squid root 5403 1 0 03:21 ? 00:00:00 /usr/sbin/squid -f /etc/squid/squid.conf squid 5405 5403 0 03:21 ? 00:00:00 (squid-1) -f /etc/squid/squid.conf squid 5406 5405 0 03:21 ? 00:00:00 (logfile-daemon) /var/log/squid/access.log root 5448 5158 0 03:24 pts/0 00:00:00 grep --color=auto squid
You can also verify if the squid proxy is listening on the port 3128.
# ss -nlp | grep squid | grep 3128
tcp LISTEN 0 128 :::3128 :::* users:(("squid",pid=5405,fd=11))
We also need to allow the port 3128 in firewalld, in case it is enabled. Or you can simply disable the firewalld completely.
# firewall-cmd --add-port=3128/tcp --permanent
Setup client server to use squid
# export http_proxy=http://${PROXY_FQDN}:8080
On remote server, to verify you can connect to the proxy, you can run curl to the google.com
# curl -v http://google.com | head -1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to google.com port 80 (#0)
* Trying 2607:f8b0:4009:804::200e...
* Connected to google.com (2607:f8b0:4009:804::200e) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: google.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: http://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Date: Wed, 05 Jun 2019 07:28:26 GMT
< Expires: Fri, 05 Jul 2019 07:28:26 GMT
< Cache-Control: public, max-age=2592000
< Server: gws
< Content-Length: 219
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
<
{ [data not shown]
100 219 100 219 0 0 3145 0 --:--:-- --:--:-- --:--:-- 3173
* Connection #0 to host google.com left intact