How to install Squid Proxy on RHEL9 Step by Step
Hello Folks, In this blog we will learn how to install and configure Squid Proxy on RHEL9 on the local machine. Squid is a proxy server that caches content to reduce bandwidth and load web pages more quickly. In this blog we will learn how to set up Squid as a proxy for the HTTP, HTTPS, and FTP protocol.
Prerequisites
RHEL9 OS, you can install on Virtual Box or if you are using the cloud then you can spin up the RHEL9 machine on it.
Sudo user with Admin right on OS.
Locally configure the yum repository or subscription of RHEL9
Step-1 Update System Package
Before installing and configuring the squid proxy server, first we will update the system packages by running the below command.
# sudo dnf update -y
Step-2 Install squid package
After the system update, we will now install the squid proxy package by running the below command.
# dnf install squid
It will show you all the dependencies packages which are going to install while installing the squid proxy package. Press y and continue the installation of packages. Once all the packages are installed it will show you similar output as below screenshot.
Now the squid proxy package is installed, lets check the version of squid by running the below command.
# squid --versionit will show you similar output as below screenshot based on the version installed in your system. In my system the installed Version is 5.5.
Step-3 Configure squid proxy
To configure the squid proxy first we will check the status of squid service by running the below command.
# systemctl status squidIn our case currently service is inactive.
Let’s start the service and enable it so that service will start on every boot, Run the below commands to start and enable the squid service.
# systemctl start squid
# systemctl enable squidyou will get the similar output below after running the above command.
now the squid service is started and enabled, let’s check the status of squid service again by running the below command.
# systemctl status squid
Now the squid service is active and running on our system. Let’s have a look of default squid.conf file which is present at /etc/squid/squid.conf. It will look similar to the below mentioned code.
[root@localhost ~]# cat /etc/squid/squid.conf
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhostcar
It has different ports and IP addresses that are allowed. To configure the client’s IP address to use the proxy, add the following line. Ensure to replace the IP with your actual IP address.
# acl localnet src 192.168.18.3You can also allow a range of IP addresses that are allowed to use the proxy.
# acl localnet src 192.168.18.0/16You can also define ports that define rules to configure to which ports Squid can establish a connection. For example, to configure client using the proxy to access resources on port 21 for FTP, 80 for HTTP, and 443 for HTTPS, we will use the acl Safe_ports statement in squid.conf file.
# acl Safe_ports port 80 # http
# acl Safe_ports port 21 # ftp
# acl Safe_ports port 443 # httpsAfter editing the squid.conf file save and close the file. To ensure the changes are implemented by squid we need to restart the squid service by running the below command.
# systemctl restart squidStep-4 Configure Firewall
Now our squid proxy server is configure and running in local system we need configure the firewall to allow squid service. Squid service by default runs on port 3128. Run the below command to allow squid service in firewall.
# firewall-cmd --add-port=3128/tcp --permanent
# firewall-cmd --reloadStep-5 Verification of Squid working
To verify that squid works, download a webpage. The file should be downloaded in that current working directory and curl should not produce any error. Replace the IP address with yours IP or the hostname.
[root@localhost squidTest]# curl -O -L "https://www.google.com/index.html" -x "192.168.18.3:3128"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 20650 0 20650 0 0 169k 0 --:--:-- --:--:-- --:--:-- 170k
[root@localhost squidTest]# ls
index.html
[root@localhost squidTest]#
Our squid proxy is configured and working fine. In next blog we will learn how to allow and block the website via squid proxy. Also we will learn how to create Ansible role to setup and configure the squid proxy in RHEL9.
Refer here to learn How to set up Puppet Master and Agent in a Virtual Box environment.
Refer here to learn How to write modules in Puppet.
Refer here to learn RHEL8 custom AMI creation using RHEL Image Builder
Refer here to learn creating Ansible Role to install Jenkins on RHEL9.
Refer here to learn How to remove the old Linux kernel from RHEL8/CentOS8?
