Squid (caching) proxy has been used on the Internet for ages. The first release of Squid was back in the mid-90s!
Here is how you may use Squid as a proxy HTTP server with user and password authorization (it is easy to enable the caching, but we do not include such configuration). Our system is CentOS 7, but the configuration part is platform-independent, so just install it in your Linux distribution and use our configuration lines.
STEP 1) Install Squid
The instalation under CentOS 7
yum install squid
STEP 2) Squid configuration to use it as web caching proxy.
The configuration file is located in “/etc/squid/squid.conf” and you should add at the begging the following lines:
#MY ADITIONAL CONFIG visible_hostname srvname auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/pass.squid acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/pass.squid
STEP 3) Create the password file.
[root@srv ~]# printf "myuser:$(openssl passwd -apr1)\n" >> /etc/squid/pass.squid Password: Verifying - Password: [root@srv ~]# cat /etc/squid/pass.squid myuser:$apr1$rbdVtoC8$9A7gjTjg.T8jQyBXm7cDQ1
There are more options to generate the password:
Using openssl and “-crypt” option, which will limit the password to 8 characters!
[root@srv ~]# printf "myuser:$(openssl passwd -crypt derfdfdTsgsg3423)\n" >> /etc/squid/pass.squid Warning: truncating password to 8 characters [root@srv ~]# cat /etc/squid/pass.squid myuser:.4EyncW2x3tB.
Or the good old htpasswd:
[root@srv ~]# yum install httpd-tools ..... ..... [root@srv ~]# htpasswd -c /etc/squid/pass.squid myuser New password: Re-type new password: Adding password for user myuser [root@srv ~]# cat /etc/squid/pass.squid myuser:$apr1$3rf0e9xu$yW2BMnszPjGg.N4Ep5oAx0 [root@srv ~]#
Tune the permissions to the password file:
[root@srv ~]# chown squid:squid /etc/squid/pass.squid [root@srv ~]# chmod 600 /etc/squid/pass.squid
STEP 4) Configure firewall to allow connections to the proxy
[root@srv ~]# firewall-cmd --permanent --add-service=squid success [root@srv ~]# firewall-cmd --reload success
STEP 5) Start Squid service.
[root@srv ~]# systemctl start squid
[root@srv ~]# systemctl status squid
● squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2020-01-23 10:44:19 UTC; 3s ago
Docs: man:squid(8)
Process: 12865 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
Process: 12859 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
Main PID: 12866 (squid)
Tasks: 3 (limit: 23832)
Memory: 14.9M
CGroup: /system.slice/squid.service
├─12866 /usr/sbin/squid -f /etc/squid/squid.conf
├─12868 (squid-1) --kid squid-1 -f /etc/squid/squid.conf
└─12869 (logfile-daemon) /var/log/squid/access.log
Jan 23 10:44:19 srv systemd[1]: Starting Squid caching proxy...
Jan 23 10:44:19 srv systemd[1]: Started Squid caching proxy.
Jan 23 10:44:19 srv squid[12866]: Squid Parent: will start 1 kids
Jan 23 10:44:19 srv squid[12866]: Squid Parent: (squid-1) process 12868 started
[root@srv ~]# systemctl enable squid
Created symlink /etc/systemd/system/multi-user.target.wants/squid.service → /usr/lib/systemd/system/squid.service.
STEP 6) Test the proxy.
You may want to test the proxy with curl, for example:
curl -x "http://192.168.0.20:3128" -U "myuser:testtest" http://www.google.com/
And you are going to see in the log “/var/log/squid/access.log” a line similar to:
1579778191.802 133 192.168.0.15 TCP_MISS/200 17623 GET http://www.google.com/ myuser HIER_DIRECT/216.58.212.4 text/html