Squid is a robust proxy server that supports caching for protocols like HTTP, HTTPS, and FTP. It has the ability to speed up web requests by caching frequently accessed websites, and serving that cache to requesting clients. This is a great way for networks to reduce bandwidth consumption and provide snappier response times for web browsing.
In this guide, we’ll go over the step by step instructions to download, install, and configure Squid proxy on a Linux system. Follow along with us to get it setup on your own system, which can either provide caching just for yourself or all the way up to an entire organization of computers.
In this tutorial you will learn:
- How to download and install Squid proxy on major Linux distros
- How to configure Squid proxy
- How to configure a browser to use Squid proxy
Category | Requirements, Conventions or Software Version Used |
---|---|
System | Any Linux distro |
Software | Squid proxy |
Other | Privileged access to your Linux system as root or via the sudo command. |
Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
How to download and install Squid proxy on major Linux distros
Squid is available from the default repositories of most Linux distros, so you can use the system’s package manager to install the software. Use the appropriate command below to install it.
To install Squid on Ubuntu, Debian, and Linux Mint:
$ sudo apt install squid
To install Squid on CentOS, Fedora, AlmaLinux, and Red Hat:
$ sudo dnf install squid
To install Squid on Arch Linux and Manjaro:
$ sudo pacman -S squid
How to configure Squid
After Squid is installed, use the following instructions to get it configured with access control lists, authentication, and allowing it through the system firewall.
- Make sure Squid is running and enabled to start automatically upon system reboot by executing the following systemd command.
$ sudo systemctl enable --now squid
- To make configuration changes to Squid, open the following file in nano or your favorite text editor. We’ll go through some of the most common configuration in the following steps.
$ sudo nano /etc/squid/squid.conf
- Find the
http_port
directive if you’d like to change the listening port for Squid. By default, it is already set to port 3128. - Squid uses access control lists to determine who is allowed to connect to and use the proxy. localhost (the system where Squid is installed) as well as most local networks will already be able to access Squid without a problem, but additional networks and IP addresses will need to be configured in the ACL if you want to allow them access. The easiest way to do this is by adapting Squid’s internal IP network list to fit your own needs. You can also add additional network and IP addresses in this same section.
- If you want to configure authentication, use the
openssl
tool to generate an encrypted password and append it to the/etc/squid/httpauth
file (or name the file anything you want). Take the following example where we configure a user with the namelinuxconfig
and a password ofmypass
.$ printf "linuxconfig:$(openssl passwd -crypt 'mypass')\n" | sudo tee -a /etc/squid/httpauth
- Next, we need to edit the
/etc/squid/squid.conf
file to create an ACL namedmyauth
that uses the authentication we’ve created. Add the following lines.auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd auth_param basic realm proxy acl myauth proxy_auth REQUIRED
And add this line anywhere above the
http_access deny all
line:http_access allow myauth
- Finally, save your changes to the file and then restart Squid for the changes to take effect.
$ sudo systemctl restart squid
- If your firewall is active, you will need to allow Squid through the firewall for other systems to connect. But you shouldn’t need to change any firewall rules to allow localhost. If you’re using ufw firewall:
$ sudo ufw allow 'Squid'
If you are using firewalld:
$ sudo firewall-cmd --permanent --add-service=squid $ sudo firewall-cmd --reload
Configure browser to use Squid proxy
First, check to see if your browser has a proxy configuration setting, usually located within the networking section of the configuration menu. Enter the IP address or hostname and the port of your Squid server to have your network traffic routed through the proxy.
If your browser doesn’t have this option, then it uses the system’s proxy settings. You will have to configure the system proxy, whether you’re on Linux, Windows, MacOS, etc.
If you need to authenticate with Squid proxy on Firefox, you’ll need an addon to facilitate that configuration. It’s recommended to download and install FoxyProxy for this.
You can see websites being accessed through the Squid proxy by checking the access.log
file.
$ sudo cat /var/log/squid/access.log
In the screenshot above, we see that linuxconfig.org has been accessed through the proxy.
Closing Thoughts
In this guide, we learned how to download and install Squid proxy on a Linux system. We also saw how to configure the Squid proxy with access control lists or authentication. The proxy server should help speed up web browsing by keeping the data of popular sites cached.