Installation & Configuration for Proxy service Squid3

This aritcle describes squid installation & configuration on Cent OS 7.

🐞 Server Environment

OS: CentOS 7
Squid: Version 3.3.8

😎 Installation

$ sudo yum -y install vim-enhanced squid

🐰 Squid Configuration

You should change Squid configuration vim /etc/squid/squid.conf.

At frist, comment out default setting:

#http_access deny all
#http_port 3128

Add customized configuration in last line:

# Host Name
visible_hostname 29.29.29.29.nifty.com

# Port
http_port 8080

# Basic auth
# Ref http://arashmilani.com/post?id=49
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

# Define ACL
acl ncsa_users proxy_auth REQUIRED

# Set permission to ACL
http_access allow ncsa_users

# Anonymization
forwarded_for off
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all

# No Caching
no_cache deny all

🐝 Basic Authorization

# Install apache tools to use htpasswd command
$ yum install httpd-tools

# Set USER/PASSWORD to basic auth
$ useradd 
$ sudo htpasswd -c /etc/squid/.passwd 
> New password: 
> Re-type new password: 

🍮 Start Squid

# clear cache
$ squid -z

# Start Squid
$ service squid start

😸 firewall-cmd Configuration

# Allow your IP address
$ firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="x.x.x.x" port protocol="tcp" port="8080" accept"
# Allow all IP address
# $ firewall-cmd --permanent --zone=public --add-port=8080/tcp
$ firewall-cmd --reload

🚌 Confirmation

http://taruo.net/e/?

🎉 Sample Code

You can confirm proxy configuration by Ruby Code like the following:

Install Ruby Gems

$ gem install faraday
$ gem install faraday_middleware

Please run following ruby code:

require 'faraday'
require 'faraday_middleware'

connection = Faraday.new(proxy: {
   uri: 'http://xx.xx.xx.xx:8080',
   user: 'USER',
   password: 'PASS'
}) do |conn|
  conn.use FaradayMiddleware::FollowRedirects
  conn.adapter :net_http
end

response = connection.get 'http://taruo.net/e/?'
response.status #=> 200 OK
response.body

😀 Start Squid process with Docker

If you want to launch Proxy server process with Docker, you can easily execute the following command:

docker run -p 49834:3128 -dit \
    --restart unless-stopped \
    -e SQUID_USERNAME=hoge \
    -e SQUID_PASSWORD=fuga \
    morizyun/squid-docker

GitHub Repository is as follows: https://github.com/morizyun/squid-docker

🚕 Special Thanks

• Squid

  • Authorization
    • http://qiita.com/pcnikki/items/404329f9ad9cb6e235d4
    • http://www.workabroad.jp/posts/2149
    • http://centos.sabakan.red/entry/2015/06/26/073000
    • http://vogel.at.webry.info/201306/article_19.html
    • http://www.unix-power.net/linux/squid.html

• firewall-cmd

  • http://unix.stackexchange.com/questions/159873/whitelist-ips-in-centos-7

• Faraday

  • https://www.mobomo.com/2012/03/faraday-one-http-client-to-rule-them-all/

🖥 Recommended VPS Service

VULTR provides high performance cloud compute environment for you. Vultr has 15 data-centers strategically placed around the globe, you can use a VPS with 512 MB memory for just $ 2.5 / month ($ 0.004 / hour). In addition, Vultr is up to 4 times faster than the competition, so please check it => Check Benchmark Results!!