Install and Configure Squid Proxy on AlmaLinux 9: Best Cache Server
This guide intends to teach you how to Install and Configure Squid Proxy on AlmaLinux 9. A Squid Proxy Cache Server is a caching server that also acts as a forward proxy.
Once Squid Proxy Server is installed on a network, the client’s web browsers can be configured to use it as an HTTP proxy server, which allows Squid to cache copies of the request results returned to them. When requests are repeated for the same results, it is then served to the client from the cached copies and not from the original data source. This results in reduced access time as well as lower bandwidth consumption.
You can now follow the guide steps below on the Orcacore website to complete the Squid caching server setup on AlmaLinux 9.
To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. For this purpose, you can follow our guide on Initial Server Setup with AlmaLinux 9.
Also, you need a domain name that is pointed to your server’s IP address.
1. Install Squid Proxy Server on AlmaLinux 9
By default, Squid is available in the default AlmaLinux repository. First, update your local package index with the following command:
sudo dnf update -yThen, use the following command to install the Epel repository on your server:
sudo dnf install epel-release -yNow you can use the following command to install Squid proxy:
sudo dnf install squid -yVerify your installation by checking the Squid version:
squid --version
Start and Enable Squid Caching Server
Next, start and enable Squid service to start on boot with the following commands:
# sudo systemctl start squid.service
# sudo systemctl enable squid.serviceTo check that Squid is active and running on AlmaLinux 9, run the following command:
sudo systemctl status squid.serviceIn your output you will see:
2. Configure Squid Proxy for Client Connection
Now you need to make some configuration changes in the Squid configuration file on your server to allow clients to connect to Squid from outside this server.
Open the file with your favorite text editor, here we use vi:
sudo vi /etc/squid/squid.confFind the lines below in the file:
...
http_access allow localhost
...
http_access deny all
...You can change the deny all to allow all and anyone can connect to your proxy server. But it’s not recommended to do that. You can add the line below and define your IP address to connect to the Squid proxy.
You can find your IP address from the What’s My IP?
Then, add the below line above the http_access allow localhost line.
...
acl localnet src **your_ip_address**
http_access allow localnet
http_access allow localhost
...
http_access deny all
...When you are done, save and close the file.
3. Restrict Access To Squid Proxy on AlmaLinux 9
At this point, you need to secure your Squid proxy. Squid allows you to create username-password pairs using built-in Linux functionality, as an additional or an alternative step to restricting access to your proxy by IP address.
First, you need to install some utilities from Apache in order to have access to a password generator that Squid likes:
sudo dnf -y install httpd-toolsThen, you can use the htpasswd command to generate a password for your new Squid user on AlmaLinux 9:
sudo htpasswd -c /etc/squid/passwords **your_squid_username**You will be asked to enter a password for your Squid user.
**Output**
New password:
Re-type new password:
Adding password for user orcacoreThis command will store your username along with a hash of your new password in /etc/squid/passwords, which will be used as an authentication source by Squid.
You can use the following command to see what that looks like:
sudo cat /etc/squid/passwords**Output**
orcacore:$apr1$4BjAnxkU$nUdvL6Pj5lEQc9aCmyAWu.Now you need to open the Squid configuration file on AlmaLinux 9 again with your favorite text editor, here we use vi:
sudo vi /etc/squid/squid.confAdd the following directives after the ports’ ACLs:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_usersWhen you are done, save and close the file.
To apply the changes, restart your Squid service on AlmaLinux 9:
sudo systemctl restart squid.service4. Configure Firewall For Squid Proxy
We assumed that you have enabled the firewalld. Now you need to open port 3128 through the firewall with the following command:
sudo firewall-cmd --add-service=squid --permanentReload the firewall to apply the new rules:
sudo firewall-cmd --reload5. Connect through Squid Proxy
To display your Squid server, you can use the curl command on AlmaLinux 9. To do this, run the following command:
curl -v -x http://**your_squid_username**:**your_squid_password**@**your_server_ip**:3128 http://www.google.com/In your output you will see:
Also, you can access HTTPs sites with your Squid proxy without any configuration changes on AlmaLinux 9.
curl -v -x http://**your_squid_username**:**your_squid_password**@**your_server_ip**:3128 https://www.google.com/In your output you will see:
For more information about Squid proxy, you can visit the Squid Documentation page.
Conclusion
At this point, you have learned to Install and Configure Squid Proxy on AlmaLinux 9. Squid proxy is used to control and manage internet traffic by acting as a middleman between users and websites. It helps improve speed, security, and privacy by caching data and filtering content.
Hope you enjoy it. You may also like these articles:
Steps To Install PHP 7.4 on AlmaLinux 9
Install PowerDNS on AlmaLinux 9
AlmaLinux 8 Quick Setup Flatpak
Installing and Configuring Jenkins on AlmaLinux 9
How To Install Docker Compose On AlmaLinux 8
Alternative Solutions for Proxy Caching on AlmaLinux 9
While Squid is a powerful and widely used proxy server, alternative solutions exist that may be better suited for specific needs. Here are two different approaches to consider instead of using Squid for proxy caching on AlmaLinux 9:
1. Varnish Cache
Varnish Cache is a high-performance HTTP reverse proxy and cache. It is designed for speed and is often used in front of web servers to accelerate content delivery. Unlike Squid, Varnish is primarily a reverse proxy, meaning it typically sits in front of one or more web servers, caching content before it reaches the client. However, it can also be configured as a forward proxy, though it’s less common.
Explanation:
Varnish excels at caching static content and can handle a large number of requests with low latency. Its configuration is done through VCL (Varnish Configuration Language), which allows for highly customized caching policies. Varnish uses memory to store cached objects, which contributes to its speed.
Installation and Basic Configuration on AlmaLinux 9:
-
Install Varnish:
sudo dnf install varnish -
Configure Varnish: The main configuration file is
/etc/varnish/default.vcl. Here’s a basic example that configures Varnish to act as a forward proxy:vcl 4.1; backend default { .host = "127.0.0.1"; # Not relevant for forward proxy .port = "8080"; # Replace with your backend port if necessary } sub vcl_recv { if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "DELETE") { return (pipe); } if (req.http.Authorization) { return (pipe); } return (hash); } sub vcl_backend_response { set beresp.ttl = 1h; # Cache for 1 hour return (deliver); } sub vcl_deliver { return (deliver); }Explanation of the VCL file:
backend default: Defines a default backend, although it’s not strictly used in forward proxy mode.vcl_recv: Determines if a request should be cached or passed through. The example pipes requests with methods other than GET, HEAD, PUT, POST, TRACE, OPTIONS and DELETE, as well as requests with authorization headers, directly to the backend.vcl_backend_response: Sets the Time-To-Live (TTL) for cached objects to 1 hour.vcl_deliver: Handles the delivery of cached objects to the client.
-
Configure Varnish Service: Edit
/etc/systemd/system/varnish.serviceand/etc/systemd/system/varnishncsa.serviceto reflect that varnish is used as forward proxy. -
Start and Enable Varnish:
sudo systemctl enable varnish sudo systemctl start varnish -
Firewall Configuration:
sudo firewall-cmd --add-port=80/tcp --permanent #or custom port sudo firewall-cmd --reload
Use Case: Varnish is excellent for caching static content, such as images, CSS, and JavaScript files, making it a good choice for accelerating website performance.
2. Nginx as a Caching Proxy
Nginx is a versatile web server that can also act as a reverse proxy, load balancer, and HTTP cache. While it’s not primarily designed as a forward proxy like Squid, it can be configured to function as one with caching capabilities.
Explanation:
Nginx’s caching is typically used in reverse proxy mode to cache content from backend servers. However, by configuring Nginx to listen on a specific port and forward requests to the internet, it can act as a forward proxy. Nginx uses a disk-based cache and offers flexible configuration options.
Installation and Basic Configuration on AlmaLinux 9:
-
Install Nginx:
sudo dnf install nginx -
Configure Nginx: Create a configuration file specifically for the forward proxy, e.g.,
/etc/nginx/conf.d/forward-proxy.conf:worker_processes auto; events { worker_connections 1024; } http { proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { listen 3128; # Proxy port resolver 8.8.8.8; # Public DNS resolver access_log /var/log/nginx/proxy.log; # Basic Authentication auth_basic "Proxy Authentication Required"; auth_basic_user_file /etc/nginx/.htpasswd; location / { proxy_pass http://$http_host$request_uri; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache my_cache; proxy_cache_valid 200 302 1h; proxy_cache_valid 404 1m; proxy_cache_use_stale error timeout invalid_header updating; add_header X-Cache-Status $upstream_cache_status; } } }Explanation of the Nginx Configuration:
proxy_cache_path: Defines the location and settings for the cache./tmp/nginx_cacheis the cache directory,levels=1:2creates a two-level directory hierarchy,keys_zoneallocates memory for cache keys,max_sizesets the maximum cache size,inactivesets the time after which inactive cache entries are removed.use_temp_path=offdisables the temporary path usage.listen 3128: Configures Nginx to listen on port 3128 for proxy requests.resolver 8.8.8.8: Specifies a DNS resolver to use.auth_basicandauth_basic_user_file: Implements basic authentication. You’ll need to create an.htpasswdfile withhtpasswd -c /etc/nginx/.htpasswd <username>.proxy_pass: Forwards requests to the destination server.proxy_set_header: Sets headers to pass to the destination server.proxy_cache: Enables caching using the defined cache zone.proxy_cache_valid: Sets the caching duration for different HTTP status codes.proxy_cache_use_stale: Allows serving stale content when the origin server is unavailable.add_header X-Cache-Status: Add header to response to see if content is served from cache or origin.
-
Create Authentication File:
sudo apt-get install apache2-utils #If not installed already sudo htpasswd -c /etc/nginx/.htpasswd <username> -
Start and Enable Nginx:
sudo systemctl enable nginx sudo systemctl start nginx -
Firewall Configuration:
sudo firewall-cmd --add-port=3128/tcp --permanent sudo firewall-cmd --reload
Use Case: Nginx is a good choice when you need a flexible web server that can also handle proxy caching. Its authentication features make it a suitable option for securing the proxy.
Install and Configure Squid Proxy on AlmaLinux 9 is a great starting point for deploying a caching proxy. However, these alternative solutions, Varnish and Nginx, offer different strengths and may be more appropriate depending on your specific needs and requirements. Always consider your workload, performance expectations, and security requirements when choosing a proxy caching solution.
