HOWTO
In this article, we will examine installing and using Gitlab on Ubuntu server version 20.04. Gitlab community edition or Gitlab CE can be installed by
In this guide, we will walk you through the step-by-step installation of Squid Proxy on RHEL9 or CentOS9, catering to the needs of IT professionals seeking a robust and reliable solution for managing internet traffic.
In the ever-evolving landscape of IT infrastructure, the need for efficient and secure internet access has become paramount. One tool that has stood the test of time in meeting this demand is Squid Proxy.
Squid Proxy has been a stalwart in the realm of web caching and proxy services since its inception in the early 1990s. Initially developed as a tool to provide faster internet access for web clients, Squid has grown into a feature-rich proxy server with a strong emphasis on security and performance.
Photo by Ronnie Siegel from Pexels
Squid Proxy is an open-source caching proxy server that acts as an intermediary between client machines and web servers. Its primary function is to enhance web performance by caching frequently requested web content, reducing bandwidth usage, and providing granular control over internet access. Squid also offers features such as access control, authentication, and logging, making it a versatile solution for various networking scenarios.
Before you begin, ensure that you have administrative privileges and have access to a terminal on your RHEL9 or CentOS9 server.
First, it is a good practice to ensure the system is updated before we proceed.
$ sudo dnf update -y
Install the squid proxy packages.
$ sudo dnf install squid -y
Run the following command to start the squid proxy service as well as, enable it to automatically start on reboot.
$ sudo systemctl enable --now squid
If applicable, adjust firewall rules accordingly:
$ sudo firewall-cmd --permanent --add-service=squid
$ sudo firewall-cmd --reload
Verify the squid proxy service is running:
$ sudo systemctl status squid
Once Squid Proxy is installed on your RHEL 9 or CentOS 9 server, the next crucial step is configuring its settings to suit your network requirements. The main configuration file for Squid is typically located at /etc/squid/squid.conf. Let’s go through some key configurations and the changes you may need to make.
Using your favorite text editor, open the squid configuration file.
$ sudo vim /etc/squid/squid.conf
Set access control rules to define which clients are allowed to access the proxy. Modify or add the following lines:
acl localnet src 192.168.0.0/24 # Adjust the IP range according to your local network
http_access allow localnet
Squid Proxy typically listens on port 3128. If you need to change the default port, locate the following line and modify it accordingly:
http_port 3128
To enable caching, find and uncomment (remove the ‘#’ at the beginning of the line) or add the following lines:
cache_dir ufs /var/spool/squid 100 16 256
If SSL/TLS interception is required, carefully configure Squid to handle encrypted traffic. Add the following lines:
https_port 3129 intercept # Adjust the port as needed
ssl_bump peek all
ssl_bump splice all
Adjust logging settings based on your preferences. You can specify the log file location and set log rotation parameters. Example:
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
Customize the error pages displayed to users when access is denied or other errors occur. Example:
error_directory /usr/share/squid/errors/English
If you require users to authenticate, enable basic authentication. Add the following lines:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
Fine-tune cache settings based on your storage capacity and performance requirements. Example:
cache_mem 256 MB
maximum_object_size 100 MB
After making the necessary changes, save the configuration file and exit the text editor.
Apply the changes by restarting the Squid service:
$ sudo systemctl restart squid
These are just basic configurations, and you should tailor them to your specific needs and security requirements. Always review the official Squid documentation for detailed explanations of each configuration directive and additional advanced settings.
Here are some common best practices as it pertains to squid proxy.
Keep a close eye on Squid logs (typically located at /var/log/squid/) to identify and address any potential issues or security concerns.
Leverage Squid’s access control features to restrict access based on IP addresses, domains, or user authentication, enhancing security and compliance.
Fine-tune cache settings to align with your organization’s needs, balancing performance gains with storage considerations.
If SSL/TLS interception is required, carefully configure Squid to avoid security risks and ensure seamless encrypted traffic management.
Stay current with Squid updates to benefit from the latest features, bug fixes, and security patches.
Installing Squid Proxy on RHEL 9 or CentOS 9 provides IT professionals with a powerful tool for optimizing internet access, improving performance, and enhancing security. By following the step-by-step guide and implementing best practices, organizations can leverage Squid Proxy to create a robust and efficient web proxy infrastructure tailored to their specific needs.
Whether you are managing a small business network or a large enterprise, Squid Proxy stands as a reliable and adaptable solution in the dynamic landscape of IT.
Related Posts
In this article, we will examine installing and using Gitlab on Ubuntu server version 20.04. Gitlab community edition or Gitlab CE can be installed by
In today’s article, we will review how to install brackets on Ubuntu 20.04. Brackets is a modern text editor that makes designing easy from a
In this tutorial, we will review the Kubernetes cluster install on CentOS8. This procedure will mirror our previous article about this subject. Install a Kubernetes