Installation & Configuration for Proxy service Squid3

This aritcle describes squid installation & configuration on Cent OS 7.


Server Environment

1
2
OS: CentOS 7
Squid: Version 3.3.8

Installation

1
$ sudo yum -y install vim-enhanced squid

Squid Configuration

You should change Squid configuration vim /etc/squid/squid.conf.

At frist, comment out default setting:

1
2
#http_access deny all
#http_port 3128

Add customized configuration in last line:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# Host Name
visible_hostname 29.29.29.29.nifty.com
# Port
http_port 8080
# Basic auth
# Ref http://arashmilani.com/post?id=49
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# Define ACL
acl ncsa_users proxy_auth REQUIRED
# Set permission to ACL
http_access allow ncsa_users
# Anonymization
forwarded_for off
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all
# No Caching
no_cache deny all

Basic Authorization

1
2
3
4
5
6
7
8
# Install apache tools to use htpasswd command
$ yum install httpd-tools
# Set USER/PASSWORD to basic auth
$ useradd <USER>
$ sudo htpasswd -c /etc/squid/.passwd <USER>
> New password: <PASS>
> Re-type new password: <PASS>

Start Squid

1
2
3
4
5
# clear cache
$ squid -z
# Start Squid
$ service squid start

firewall-cmd Configuration

1
2
3
4
5
# Allow your IP address
$ firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="x.x.x.x" port protocol="tcp" port="8080" accept"
# Allow all IP address
# $ firewall-cmd --permanent --zone=public --add-port=8080/tcp
$ firewall-cmd --reload

Confirmation

http://taruo.net/e/?

Sample Code

You can confirm proxy configuration by Ruby Code like the following:

Install Ruby Gems

1
2
$ gem install faraday
$ gem install faraday_middleware

Please run following ruby code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
require 'faraday'
require 'faraday_middleware'
connection = Faraday.new(proxy: {
uri: 'http://xx.xx.xx.xx:8080',
user: 'USER',
password: 'PASS'
}) do |conn|
conn.use FaradayMiddleware::FollowRedirects
conn.adapter :net_http
end
response = connection.get 'http://taruo.net/e/?'
response.status #=> 200 OK
response.body

Special Thanks