Install Squid: Use sudo apt install squid on Ubuntu/Debian, use sudo dnf install squid on CentOS/RHEL, and start the service. 2. Configure basic settings: Edit /etc/squid/squid.conf, optionally change http_port, add acl definitions to allow networks such as 192.168.1.0/24, and ensure that the http_access allow rule is before deny all. 3. Restart Squid and verify: Use sudo systemctl restart squid and check port monitoring through ss or netstat. 4. Configure the firewall: Use ufw allow 3128 on Ubuntu, and firewall-cmd --add-port=3128/tcp on CentOS/RHEL. 5. Client settings: Configure the proxy IP and port 3128 on the client, or set the http_proxy environment variable. 6. Enable authentication (optional): Install apache2-utils or httpd-tools, create a password file, add authentication parameters to the configuration, and restart Squid. 7. Monitoring and Troubleshooting: Check /var/log/squid/access.log and cache.log, check the ACL order, configuration syntax, and firewall to solve common problems. After completing these steps, you will successfully deploy a basic Squid proxy server and can further enhance functionality as needed.
Setting up a proxy server on Linux using Squid is a practical way to control and monitor web traffic, improve performance through caching, or restrict access in a network. Squid is one of the most widely used open-source proxy servers, especially for HTTP, HTTPS, and FTP. Here's how to configure a basic proxy server with Squid on a Linux system.
1. Install Squid on Your Linux System
Squid is available in the default repositories of most Linux distributions.
On Ubuntu/Debian:
sudo apt update sudo apt install squid -y
On CentOS/RHEL/Rocky Linux:
sudo dnf install squid -y
After installation, start and enable the service:
sudo systemctl enable squid sudo systemctl start squid
Check status:
sudo systemctl status squid
2. Configure Basic Proxy Settings
The main configuration file for Squid is /etc/squid/squid.conf . Before making changes, back it up:
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
Open the config file:
sudo nano /etc/squid/squid.conf
Key Configuration Options:
Change the default port (optional):
By default, Squid listens on port 3128. To change it:http_port 3128
Replace
3128with your desired port.Allow access from your network:
By default, Squid only allows localhost. To allow a local network (eg, 192.168.1.0/24), add:acl localnet src 192.168.1.0/24 http_access allows localnet
You can add multiple
acllines for different subnets.Set visible hostname (optional but recommended):
visible_hostname proxy.yourdomain.com
?? Always place
http_access allowrules before the finalhttp_access deny allline, or clients will be blocked.
Save and exit the file.
3. Restart and Test Squid
After making changes, restart Squid:
sudo systemctl restart squid
Ensure the port is listening:
sudo netstat -tulnp | grep :3128
If netstat is not installed:
sudo apt install net-tools # Debian/Ubuntu sudo dnf install net-tools # RHEL/CentOS
Or use:
ss -tuln | grep 3128
4. Configure Firewall (if enabled)
Allow the Squid port through the firewall.
Using ufw (Ubuntu):
sudo ufw allows 3128
Using firewalld (CentOS/RHEL):
sudo firewall-cmd --permanent --add-port=3128/tcp sudo firewall-cmd --reload
5. Client-Side Proxy Configuration
On client machines, configure the browser or system proxy settings:
- IP Address: Your Squid server's IP
- Port: 3128 (or your custom port)
For command-line tools like curl or wget , set environment variables:
export http_proxy=http://squid-server-ip:3128 export https_proxy=http://squid-server-ip:3128
To make it permanent, add to ~/.bashrc or /etc/environment .
6. Enable Authentication (Optional)
To restrict access with username/password:
Install
htpasswd(if not present):sudo apt install apache2-utils # Debian/Ubuntu sudo dnf install httpd-tools # RHEL/CentOS
Create a password file and user:
sudo htpasswd -c /etc/squid/passwd username
In
squid.conf, add:auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid Basic Authentication auth_param basic credentialsttl 2 hours acl authenticated_users proxy_auth REQUIRED http_access allows authenticated_users
Restart Squid afterward.
7. Monitor and Troubleshoot
Check logs:
sudo tail -f /var/log/squid/access.log sudo tail -f /var/log/squid/cache.log
-
Common issues:
- Clients getting "Access Denied": Check ACL order and subnet definitions.
- Squid not starting: Validate config with
sudo squid -k parse. - Connection timeouts: Verify firewall and network settings.
That's it. You now have a working proxy server with Squid. From here, you can enhance it with SSL interference, bandwidth limits, or content filtering based on your needs. Just remember to keep security in mind—especially if exposing the proxy beyond your internal network.
The above is the detailed content of How to Configure a Proxy Server on Linux with Squid. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Install LXC (Linux Containers) in RHEL, Rocky & AlmaLinux
Jul 05, 2025 am 09:25 AM
LXD is described as the next-generation container and virtual machine manager that offers an immersive for Linux systems running inside containers or as virtual machines. It provides images for an inordinate number of Linux distributions with support
Clear Linux Distro - Optimized for Performance and Security
Jul 02, 2025 am 09:49 AM
Clear Linux OS is the ideal operating system for people – ahem system admins – who want to have a minimal, secure, and reliable Linux distribution. It is optimized for the Intel architecture, which means that running Clear Linux OS on AMD sys
How to create a self-signed SSL certificate using OpenSSL?
Jul 03, 2025 am 12:30 AM
The key steps for creating a self-signed SSL certificate are as follows: 1. Generate the private key, use the command opensslgenrsa-outselfsigned.key2048 to generate a 2048-bit RSA private key file, optional parameter -aes256 to achieve password protection; 2. Create a certificate request (CSR), run opensslreq-new-keyselfsigned.key-outselfsigned.csr and fill in the relevant information, especially the "CommonName" field; 3. Generate the certificate by self-signed, and use opensslx509-req-days365-inselfsigned.csr-signk
7 Ways to Speed Up Firefox Browser in Linux Desktop
Jul 04, 2025 am 09:18 AM
Firefox browser is the default browser for most modern Linux distributions such as Ubuntu, Mint, and Fedora. Initially, its performance might be impressive, however, with the passage of time, you might notice that your browser is not as fast and resp
How to extract a .tar.gz or .zip file?
Jul 02, 2025 am 12:52 AM
Decompress the .zip file on Windows, you can right-click to select "Extract All", while the .tar.gz file needs to use tools such as 7-Zip or WinRAR; on macOS and Linux, the .zip file can be double-clicked or unzip commanded, and the .tar.gz file can be decompressed by tar command or double-clicked directly. The specific steps are: 1. Windows processing.zip file: right-click → "Extract All"; 2. Windows processing.tar.gz file: Install third-party tools → right-click to decompress; 3. macOS/Linux processing.zip file: double-click or run unzipfilename.zip; 4. macOS/Linux processing.tar
How to troubleshoot DNS issues on a Linux machine?
Jul 07, 2025 am 12:35 AM
When encountering DNS problems, first check the /etc/resolv.conf file to see if the correct nameserver is configured; secondly, you can manually add public DNS such as 8.8.8.8 for testing; then use nslookup and dig commands to verify whether DNS resolution is normal. If these tools are not installed, you can first install the dnsutils or bind-utils package; then check the systemd-resolved service status and configuration file /etc/systemd/resolved.conf, and set DNS and FallbackDNS as needed and restart the service; finally check the network interface status and firewall rules, confirm that port 53 is not
Install Guacamole for Remote Linux/Windows Access in Ubuntu
Jul 08, 2025 am 09:58 AM
As a system administrator, you may find yourself (today or in the future) working in an environment where Windows and Linux coexist. It is no secret that some big companies prefer (or have to) run some of their production services in Windows boxes an
How would you debug a server that is slow or has high memory usage?
Jul 06, 2025 am 12:02 AM
If you find that the server is running slowly or the memory usage is too high, you should check the cause before operating. First, you need to check the system resource usage, use top, htop, free-h, iostat, ss-antp and other commands to check CPU, memory, disk I/O and network connections; secondly, analyze specific process problems, and track the behavior of high-occupancy processes through tools such as ps, jstack, strace; then check logs and monitoring data, view OOM records, exception requests, slow queries and other clues; finally, targeted processing is carried out based on common reasons such as memory leaks, connection pool exhaustion, cache failure storms, and timing task conflicts, optimize code logic, set up a timeout retry mechanism, add current limit fuses, and regularly pressure measurement and evaluation resources.
