Install and Configure Squid Proxy on AlmaLinux 9: Best Cache Server
This guide intends to teach you to Install and Configure Squid Proxy on AlmaLinux 9. A Squid Proxy Cache Server is a caching server that also acts as a forward proxy.
Once Squid Proxy Server is installed on a network, the client’s web browsers can be configured to use it as an HTTP proxy server which allows Squid to cache copies of the request results returned to them. When requests are repeated for the same results it is then served to the client from the cached copies and not from the original data source. This results in reduced access time as well as lower bandwidth consumption.
You can now follow the guide steps below on the Orcacore website to complete the Squid caching server setup on AlmaLinux 9.
To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. For this purpose, you can follow our guide on Initial Server Setup with AlmaLinux 9.
Also, you need a domain name that is pointed to your server’s IP address.
1. Install Squid Proxy Server on AlmaLinux 9
By default, squid is available in the default AlmaLinux repository. First, update your local package index with the following command:
sudo dnf update -yThen, use the following command to install the Epel repository on your server:
sudo dnf install epel-release -yNow you can use the following command to install Squid proxy:
sudo dnf install squid -yVerify your installation by checking the Squid version:
squid --version
Start and Enable Squid Caching Server
Next, start and enable Squid service to start on boot with the following commands:
# sudo systemctl start squid.service
# sudo systemctl enable squid.serviceTo check that Squid is active and running on AlmaLinux 9, run the following command:
sudo systemctl status squid.serviceIn your output you will see:
2. Configure Squid Proxy for Client Connection
Now you need to make some configuration changes in the Squid configuration file on your server to allow clients to connect to Squid from outside this server.
Open the file with your favorite text editor, here we use vi:
sudo vi /etc/squid/squid.confFind the lines below in the file:
...
http_access allow localhost
... http_access deny all
...You can change the deny all to allow all and anyone can connect to your proxy server. But it’s not recommended to do that. You can add the line below and define your IP address to connect to the Squid proxy.
You can find your IP address from the What’s My IP?
Then, add the below line above the http_access allow localhost line.
...
acl localnet src <mark><strong>your_ip_address</strong></mark>
http_access allow localhost
...
http_access deny all
...When you are done, save and close the file.
3. Restrict Access To Squid Proxy on AlmaLinux 9
At this point, you need to secure your Squid proxy. Squid allows you to create username-password pairs using built-in Linux functionality, as an additional or an alternative step to restricting access to your proxy by IP address.
First, you need to install some utilities from Apache in order to have access to a password generator that Squid likes:
sudo dnf -y install httpd-toolsThen, you can use the htpasswd command to generate a password for your new Squid user on AlmaLinux 9:
sudo htpasswd -c /etc/squid/passwords <mark><strong>your_squid_username</strong></mark>You will be asked to enter a password for your Squid user.
<strong><mark>Output</mark></strong>
New password:
Re-type new password:
Adding password for user orcacoreThis command will store your username along with a hash of your new password in /etc/squid/passwords, which will be used as an authentication source by Squid.
You can use the following command to see what that looks like:
sudo cat /etc/squid/passwords<strong><mark>Output</mark></strong>
orcacore:$apr1$4BjAnxkU$nUdvL6Pj5lEQc9aCmyAWu.Now you need to open the Squid configuration file on AlmaLinux 9 again with your favorite text editor, here we use vi:
sudo vi /etc/squid/squid.confAdd the following directives after the ports’ ACLs:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_usersWhen you are done, save and close the file.
To apply the changes, restart your Squid service on AlmaLinux 9:
sudo systemctl restart squid.service4. Configure Firewall For Squid Proxy
We assumed that you have enabled the firewalld. Now you need to open port 3128 through the firewall with the following command:
sudo firewall-cmd --add-service=squid --permanentReload the firewall to apply the new rules:
sudo firewall-cmd --reload5. Connect through Squid Proxy
To display your Squid server, you can use the curl command on AlmaLinux 9. To do this, run the following command:
curl -v -x http://<mark>your_squid_username</mark>:<mark>your_squid_password</mark>@<mark>your_server_ip</mark>:3128 http://www.google.com/In your output you will see:
Also, you can access HTTPs sites with your Squid proxy without any configuration changes on AlmaLinux 9.
curl -v -x http://<mark>your_squid_username</mark>:<mark>your_squid_password</mark>@<mark>your_server_ip</mark>:3128 https://www.google.com/In your output you will see:
For more information about Squid proxy, you can visit the Squid Documentation page.
Conclusion
At this point, you have learned to Install and Configure Squid Proxy on AlmaLinux 9. Squid proxy is used to control and manage internet traffic by acting as a middleman between users and websites. It helps improve speed, security, and privacy by caching data and filtering content. This article will guide you to Install and Configure Squid Proxy on AlmaLinux 9.
Hope you enjoy it. You may also like these articles:
Steps To Install PHP 7.4 on AlmaLinux 9
Install PowerDNS on AlmaLinux 9
AlmaLinux 8 Quick Setup Flatpak
Installing and Configuring Jenkins on AlmaLinux 9
How To Install Docker Compose On AlmaLinux 8
Alternative Solutions for Proxy Caching on AlmaLinux 9
While Squid is a powerful and widely used proxy caching server, other options exist for achieving similar results on AlmaLinux 9. Here are two alternative solutions, along with explanations and code examples:
1. Varnish Cache
Varnish Cache is a high-performance HTTP reverse proxy and cache. It’s designed to accelerate web applications by caching HTTP responses in memory. Unlike Squid, Varnish is primarily a reverse proxy, meaning it sits in front of one or more web servers and caches their content. This makes it particularly well-suited for improving the performance of websites and web applications. Install and Configure Squid Proxy on AlmaLinux 9 is a method to handle network requests but Varnish offers a different approach.
Installation:
First, add the Varnish repository:
sudo dnf config-manager --add-repo https://packagecloud.io/varnishcache/varnish70/el/9/$basearchThen, install Varnish:
sudo dnf install varnish -yConfiguration:
The main configuration file for Varnish is /etc/varnish/default.vcl. This file uses Varnish Configuration Language (VCL) to define caching policies, backend servers, and other settings.
Here’s a simplified example of a default.vcl file:
vcl 4.1;
backend default {
.host = "127.0.0.1"; # Your web server IP
.port = "8080"; # Your web server port
}
sub vcl_recv {
if (req.http.Authorization) {
return (pass); # Do not cache authenticated requests
}
return (hash);
}
sub vcl_backend_response {
if (beresp.http.Cache-Control !~ "s-maxage") {
set beresp.ttl = 1h; # Cache for 1 hour if no Cache-Control header
}
return (deliver);
}Explanation:
- backend default: Defines the backend server (your web server) that Varnish will fetch content from.
- vcl_recv: This subroutine is called when Varnish receives a request. In this example, it checks for an
Authorizationheader. If present, the request is passed directly to the backend without caching (important for avoiding caching sensitive user data). - vcl_backend_response: This subroutine is called after Varnish receives a response from the backend. It checks if the response contains a
Cache-Controlheader withs-maxage. If not, it sets a default TTL (Time To Live) of 1 hour.
Firewall Configuration:
Allow traffic to port 80 (or the port you’ve configured Varnish to listen on):
sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --reloadStarting Varnish:
sudo systemctl start varnish
sudo systemctl enable varnishVarnish is particularly effective for caching static content and frequently accessed dynamic content, leading to significant performance improvements for web applications. While the steps to Install and Configure Squid Proxy on AlmaLinux 9 are similar, the configuration language and intended application differ significantly.
2. Nginx as a Reverse Proxy and Cache
Nginx is a versatile web server that can also function as a reverse proxy and cache. While not as specialized as Varnish for caching, Nginx offers a good balance of features and performance, and it is often already used as a web server, making it a convenient option. Install and Configure Squid Proxy on AlmaLinux 9 provides proxy functionality, nginx can also offer similar options as a reverse proxy with caching capabilities.
Installation:
If you don’t already have Nginx installed:
sudo dnf install nginx -yConfiguration:
Edit the Nginx configuration file (usually located at /etc/nginx/nginx.conf or /etc/nginx/conf.d/default.conf).
Add the following directives to enable caching:
http {
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off;
proxy_cache_key "$scheme$request_method$host$request_uri";
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://127.0.0.1:8080; # Your web server
proxy_cache my_cache;
proxy_cache_valid 200 302 60m; # Cache successful responses for 60 minutes
proxy_cache_valid 404 1m; # Cache 404 errors for 1 minute
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
add_header X-Cache-Status $upstream_cache_status;
}
}
}Explanation:
- proxy_cache_path: Defines the cache directory, levels (directory hierarchy), a named zone for storing cache keys (
my_cache), the maximum size of the cache (10GB), the inactivity timeout (60 minutes), and disables temporary file usage. - proxy_cache_key: Defines the key used to identify cached responses.
- proxy_pass: Specifies the backend server to proxy requests to.
- proxy_cache: Enables caching using the named zone
my_cache. - proxy_cache_valid: Sets the cache validity duration for different HTTP response codes.
- proxy_cache_use_stale: Allows Nginx to serve stale content from the cache if the backend is unavailable or experiencing errors.
- add_header X-Cache-Status: Adds an HTTP header to the response indicating whether the content was served from the cache (
HIT) or fetched from the backend (MISS).
Creating the Cache Directory:
sudo mkdir -p /var/cache/nginx
sudo chown nginx:nginx /var/cache/nginxStarting Nginx:
sudo systemctl start nginx
sudo systemctl enable nginxFirewall Configuration:
Ensure that port 80 is open in your firewall, similar to the Varnish example.
Nginx, as a reverse proxy with caching, provides a readily available solution, especially if you’re already using Nginx as your web server. The solution to Install and Configure Squid Proxy on AlmaLinux 9 is a good starting point for caching, Nginx offers a more integrated solution if it is already part of your infrastructure.
These alternative solutions, Varnish and Nginx, offer different approaches to caching compared to Squid. The best choice depends on your specific requirements, infrastructure, and expertise.
