Red Hat Summit3장. Configuring the Squid caching proxy server
Squid is a proxy server that caches content to reduce bandwidth and load web pages more quickly. This chapter describes how to set up Squid as a proxy for the HTTP, HTTPS, and FTP protocol, as well as authentication and restricting access.
3.1. Setting up Squid as a caching proxy without authentication
You can configure Squid as a caching proxy without authentication. The procedure limits access to the proxy based on IP ranges.
Prerequisites
-
The procedure assumes that the
/etc/squid/squid.conffile is as provided by thesquidpackage. If you edited this file before, remove the file and reinstall the package.
Procedure
Install the
squidpackage:# dnf install squidEdit the
/etc/squid/squid.conffile:Adapt the
localnetaccess control lists (ACL) to match the IP ranges that should be allowed to use the proxy:acl localnet src 192.0.2.0/24 acl localnet 2001:db8:1::/64By default, the
/etc/squid/squid.conffile contains thehttp_access allow localnetrule that allows using the proxy from all IP ranges specified inlocalnetACLs. Note that you must specify alllocalnetACLs before thehttp_access allow localnetrule.중요Remove all existing
acl localnetentries that do not match your environment.The following ACL exists in the default configuration and defines
443as a port that uses the HTTPS protocol:acl SSL_ports port 443If users should be able to use the HTTPS protocol also on other ports, add an ACL for each of these port:
acl SSL_ports port port_numberUpdate the list of
acl Safe_portsrules to configure to which ports Squid can establish a connection. For example, to configure that clients using the proxy can only access resources on port 21 (FTP), 80 (HTTP), and 443 (HTTPS), keep only the followingacl Safe_portsstatements in the configuration:acl Safe_ports port 21 acl Safe_ports port 80 acl Safe_ports port 443By default, the configuration contains the
http_access deny !Safe_portsrule that defines access denial to ports that are not defined inSafe_portsACLs.Configure the cache type, the path to the cache directory, the cache size, and further cache type-specific settings in the
cache_dirparameter:cache_dir ufs /var/spool/squid 10000 16 256With these settings:
-
Squid uses the
ufscache type. -
Squid stores its cache in the
/var/spool/squid/directory. -
The cache grows up to
10000MB. -
Squid creates
16level-1 sub-directories in the/var/spool/squid/directory. Squid creates
256sub-directories in each level-1 directory.If you do not set a
cache_dirdirective, Squid stores the cache in memory.
-
Squid uses the
If you set a different cache directory than
/var/spool/squid/in thecache_dirparameter:Create the cache directory:
# mkdir -p path_to_cache_directoryConfigure the permissions for the cache directory:
# chown squid:squid path_to_cache_directoryIf you run SELinux in
enforcingmode, set thesquid_cache_tcontext for the cache directory:# semanage fcontext -a -t squid_cache_t "path_to_cache_directory(/.*)?" # restorecon -Rv path_to_cache_directoryIf the
semanageutility is not available on your system, install thepolicycoreutils-python-utilspackage.
Open the
3128port in the firewall:# firewall-cmd --permanent --add-port=3128/tcp # firewall-cmd --reloadEnable and start the
squidservice:# systemctl enable --now squid
Verification
To verify that the proxy works correctly, download a web page using the curl utility:
# curl -O -L "https://www.redhat.com/index.html" -x "proxy.example.com:3128"
If curl does not display any error and the index.html file was downloaded to the current directory, the proxy works.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}