Squid proxy configuration tutorial on Linux

Squid is a robust proxy server that supports caching for protocols like HTTP, HTTPS, and FTP. It has the ability to speed up web requests by caching frequently accessed websites, and serving that cache to requesting clients. This is a great way for networks to reduce bandwidth consumption and provide snappier response times for web browsing.

In this guide, we’ll go over the step by step instructions to download, install, and configure Squid proxy on a Linux system. Follow along with us to get it setup on your own system, which can either provide caching just for yourself or all the way up to an entire organization of computers.

In this tutorial you will learn:

  • How to download and install Squid proxy on major Linux distros
  • How to configure Squid proxy
  • How to configure a browser to use Squid proxy

Configuring Squid proxy on Linux

Configuring Squid proxy on Linux

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Any Linux distro
Software Squid proxy
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

How to download and install Squid proxy on major Linux distros

Squid is available from the default repositories of most Linux distros, so you can use the system’s package manager to install the software. Use the appropriate command below to install it.

To install Squid on Ubuntu, Debian, and Linux Mint:

$ sudo apt install squid

To install Squid on CentOS, Fedora, AlmaLinux, and Red Hat:

$ sudo dnf install squid

To install Squid on Arch Linux and Manjaro:

$ sudo pacman -S squid

How to configure Squid

After Squid is installed, use the following instructions to get it configured with access control lists, authentication, and allowing it through the system firewall.

  1. Make sure Squid is running and enabled to start automatically upon system reboot by executing the following systemd command.
    $ sudo systemctl enable --now squid

  2. To make configuration changes to Squid, open the following file in nano or your favorite text editor. We’ll go through some of the most common configuration in the following steps.
    $ sudo nano /etc/squid/squid.conf
  3. Find the http_port directive if you’d like to change the listening port for Squid. By default, it is already set to port 3128.
  4. Change the HTTP listening port if you don't want the default

    Change the HTTP listening port if you don’t want the default

  5. Squid uses access control lists to determine who is allowed to connect to and use the proxy. localhost (the system where Squid is installed) as well as most local networks will already be able to access Squid without a problem, but additional networks and IP addresses will need to be configured in the ACL if you want to allow them access. The easiest way to do this is by adapting Squid’s internal IP network list to fit your own needs. You can also add additional network and IP addresses in this same section.

  6. Configuring the access control list by IP address

    Configuring the access control list by IP address

  7. If you want to configure authentication, use the openssl tool to generate an encrypted password and append it to the /etc/squid/httpauth file (or name the file anything you want). Take the following example where we configure a user with the name linuxconfig and a password of mypass.
    $ printf "linuxconfig:$(openssl passwd -crypt 'mypass')\n" | sudo tee -a /etc/squid/httpauth
  8. Next, we need to edit the /etc/squid/squid.conf file to create an ACL named myauth that uses the authentication we’ve created. Add the following lines.
    auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd
    auth_param basic realm proxy
    acl myauth proxy_auth REQUIRED

    And add this line anywhere above the http_access deny all line:

    http_access allow myauth
  9. Finally, save your changes to the file and then restart Squid for the changes to take effect.
    $ sudo systemctl restart squid
  10. If your firewall is active, you will need to allow Squid through the firewall for other systems to connect. But you shouldn’t need to change any firewall rules to allow localhost. If you’re using ufw firewall:
    $ sudo ufw allow 'Squid'

    If you are using firewalld:

    $ sudo firewall-cmd --permanent --add-service=squid
    $ sudo firewall-cmd --reload

Configure browser to use Squid proxy

First, check to see if your browser has a proxy configuration setting, usually located within the networking section of the configuration menu. Enter the IP address or hostname and the port of your Squid server to have your network traffic routed through the proxy.

Configuring Firefox to use Squid proxy server

Configuring Firefox to use Squid proxy server

If your browser doesn’t have this option, then it uses the system’s proxy settings. You will have to configure the system proxy, whether you’re on Linux, Windows, MacOS, etc.

If you need to authenticate with Squid proxy on Firefox, you’ll need an addon to facilitate that configuration. It’s recommended to download and install FoxyProxy for this.

You can see websites being accessed through the Squid proxy by checking the access.log file.

$ sudo cat /var/log/squid/access.log

Checking the Squid access log file

Checking the Squid access log file

In the screenshot above, we see that linuxconfig.org has been accessed through the proxy.

Closing Thoughts

In this guide, we learned how to download and install Squid proxy on a Linux system. We also saw how to configure the Squid proxy with access control lists or authentication. The proxy server should help speed up web browsing by keeping the data of popular sites cached.

Comments and Discussions
Linux Forum