Simple Squid Caching Proxy server in Rocky Linux 8.x

Introduction

Squid is an open-source piece of software used to set up a caching proxy server in any nix servers, It reduces our bandwidth utilization by caching frequently used web contents. It falls under the GNU GPL license, the first stable version released by 20 Mar 2001, and the current latest stable version is 5.3. The version 6 development is in progress and soon we can expect the release.

The virtual machine we are using in the guide has two interfaces. We will focus on the 192.168.56.0/24 network.

[root@squid ~]# ip add | grep -v 'inet6\|127' | grep inet
    inet 10.0.2.16/24 brd 10.0.2.255 scope global noprefixroute enp0s3
    inet 192.168.56.102/24 brd 192.168.56.255 scope global noprefixroute enp0s8
[root@squid ~]#

Installing Squid

App-stream provides squid, check for a guide if you are not familiar with AppStream.

[root@squid ~]# dnf module list squid
Last metadata expiration check: 1:24:02 ago on Sat 15 Jan 2022 08:44:38 PM +04.
Rocky Linux 8 - AppStream
Name                                    Stream                                   Profiles                                     Summary
squid                                   4 [d]                                    common [d]                                   Squid - Optimising Web Delivery

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
[root@squid ~]#

Let’s start installing the package to set up our caching proxy server.

# dnf module install squid -y

It may take a few seconds to pull the required dependencies.

Installed:
  libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64              libtool-ltdl-2.4.6-25.el8.x86_64                            perl-Carp-1.42-396.el8.noarch
  perl-DBI-1.641-3.module+el8.4.0+509+59a8d9b3.x86_64             perl-Data-Dumper-2.167-399.el8.x86_64                       perl-Digest-1.17-395.el8.noarch
  perl-Digest-MD5-2.55-396.el8.x86_64                             perl-Digest-SHA-1:6.02-1.el8.x86_64                         perl-Encode-4:2.97-3.el8.x86_64
  perl-Errno-1.28-420.el8.x86_64                                  perl-Exporter-5.72-396.el8.noarch                           perl-File-Path-2.15-2.el8.noarch
  perl-File-Temp-0.230.600-1.el8.noarch                           perl-Getopt-Long-1:2.50-4.el8.noarch                        perl-HTTP-Tiny-0.074-1.el8.noarch
  perl-IO-1.38-420.el8.x86_64                                     perl-IO-Socket-IP-0.39-5.el8.noarch                         perl-IO-Socket-SSL-2.066-4.module+el8.4.0+512+d4f0fc54.noarch
  perl-MIME-Base64-3.15-396.el8.x86_64                            perl-Math-BigInt-1:1.9998.11-7.el8.noarch                   perl-Math-Complex-1.59-420.el8.noarch
  perl-Mozilla-CA-20160104-7.module+el8.4.0+529+e3b3e624.noarch   perl-Net-SSLeay-1.88-1.module+el8.4.0+512+d4f0fc54.x86_64   perl-PathTools-3.74-1.el8.x86_64
  perl-Pod-Escapes-1:1.07-395.el8.noarch                          perl-Pod-Perldoc-3.28-396.el8.noarch                        perl-Pod-Simple-1:3.35-395.el8.noarch
  perl-Pod-Usage-4:1.69-395.el8.noarch                            perl-Scalar-List-Utils-3:1.49-2.el8.x86_64                  perl-Socket-4:2.027-3.el8.x86_64
  perl-Storable-1:3.11-3.el8.x86_64                               perl-Term-ANSIColor-4.06-396.el8.noarch                     perl-Term-Cap-1.17-395.el8.noarch
  perl-Text-ParseWords-3.30-395.el8.noarch                        perl-Text-Tabs+Wrap-2013.0523-395.el8.noarch                perl-Time-Local-1:1.280-1.el8.noarch
  perl-URI-1.73-3.el8.noarch                                      perl-Unicode-Normalize-1.25-396.el8.x86_64                  perl-constant-1.33-396.el8.noarch
  perl-interpreter-4:5.26.3-420.el8.x86_64                        perl-libnet-3.11-3.el8.noarch                               perl-libs-4:5.26.3-420.el8.x86_64
  perl-macros-4:5.26.3-420.el8.x86_64                             perl-parent-1:0.237-1.el8.noarch                            perl-podlators-4.11-1.el8.noarch
  perl-threads-1:2.21-2.el8.x86_64                                perl-threads-shared-1.58-2.el8.x86_64                       squid-7:4.15-1.module+el8.5.0+705+218dec94.x86_64

Complete!
[root@squid ~]#

Configuring Caching Proxy Server

The configuration file will be residing under /etc/squid/

Let’s make the required changes.

# vim /etc/squid/squid.conf

The lines we are interested in are very few.

For which network/Interface does the browsing need to be allowed.

acl linuxsysadmins.local src 192.168.56.0/24

Allowing access from our local networks

http_access allow linuxsysadmins.local

The default port of Squid.

http_port 3128

If any other port is used instead of 3128 it should be labeled with squid_port_t, for more information refer SELinux guide.

The caching directory to be used by Squid, By default, it will be commented with “#” we need to uncomment.

cache_dir ufs /var/spool/squid 100 16 256

The disk space allowed for caching is 100 MB and 16 subdirectories and 256 subdirectories inside those 16 subdirectories.

Save and exit using “wq!“, These are the basic setup and we are good with starting using the Squid.

Starting Squid

Start the service and enable it persistently

# systemctl enable squid.service
# systemctl start squid.service

Now the service should be up and running.

[root@squid ~]# systemctl status squid.service
● squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2022-01-15 22:58:20 +04; 15s ago
     Docs: man:squid(8)
  Process: 4241 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
 Main PID: 4248 (squid)
    Tasks: 4 (limit: 4862)
   Memory: 19.7M
   CGroup: /system.slice/squid.service
           ├─4248 /usr/sbin/squid --foreground -f /etc/squid/squid.conf
           ├─4250 (squid-1) --kid squid-1 --foreground -f /etc/squid/squid.conf
           ├─4251 (logfile-daemon) /var/log/squid/access.log
           └─4252 (unlinkd)

Jan 15 22:58:19 squid.linuxsysadmins.local systemd[1]: Starting Squid caching proxy...
Jan 15 22:58:19 squid.linuxsysadmins.local cache_swap.sh[4241]: init_cache_dir /var/spool/squid...
Jan 15 22:58:19 squid.linuxsysadmins.local squid[4248]: Squid Parent: will start 1 kids
Jan 15 22:58:19 squid.linuxsysadmins.local squid[4248]: Squid Parent: (squid-1) process 4250 started
Jan 15 22:58:20 squid.linuxsysadmins.local systemd[1]: Started Squid caching proxy.
[root@squid ~]#

Firewall Requirement

Allow the squid port for the clients

# firewall-cmd --add-service=squid --permanent
# firewall-cmd --reload
# firewall-cmd --list-all

That’s it on the server-side.

Client Side Configuration

One of the Linux desktops we are using as our client. The client-side configuration is very simple, just need to add the IP and Port of Squid server. The client we are supposed to use is Mozilla.

Caching Proxy server client configuration
Caching Proxy server-client configuration

To verify and confirm whether Squid works on clients, check for the logs.

Below are a few logs related to Squid.

/var/log/squid/squid.out
/var/log/squid/cache.log
/var/log/squid/access.log

Try to access any website and check for the access logs on the Squid server.

# tail -f /var/log/squid/access.log

That’s it, we have completed setting up a basic caching proxy server using Squid.

Conclusion:

By installing and configuring a basic configuration the squid caching proxy server is ready to serve the internet for any client. Subscribe to the newsletters and provide your feedback through below comment section.