In this recipe, we will install and configure the squid proxy and caching server. The term proxy is generally combined with two different terms: one is forward proxy and the other is reverse proxy.
When we say proxy, it generally refers to forward proxy. A forward proxy acts as a gateway between a client's browser and the Internet, requesting the content on behalf of the client. This protects intranet clients by exposing the proxy as the only requester. A proxy can also be used as a filtering agent, imposing organizational policies. As all Internet requests go through the proxy server, the proxy can cache the response and return cached content when a similar request is found, thus saving bandwidth and time.
A reverse proxy is the exact opposite of a forward proxy. It protects internal servers from the outside world. A reverse proxy accepts requests from external clients and routes them to servers behind the proxy. External clients can see a single entity serving requests, but internally, it can be multiple servers working behind the proxy and sharing the load. More details about reverse proxies are covered in article 3, Working with Web Servers.
In this recipe, we will discuss how to install a squid server. Squid is a well-known application in the forward proxy world and works well as a caching proxy. It supports HTTP, HTTPS, FTP, and other popular network protocols.
Getting ready
As always, you will need access to a root account or an account with sudo privileges.
How to do it…
Following are the steps to setup and configure Squid proxy:
Squid is quite an old, mature, and commonly used piece of software. It is generally shipped as a default package with various Linux distributions. The Ubuntu package repository contains the necessary pre-compiled binaries, so the installation is as easy as two commands.
First, update the apt cache and then install squid as follows:
$ sudo apt-get update
$ sudo apt-get install squid3
Edit the /etc/squid3/squid.conf file:
$ sudo nano /etc/squid3/squid.conf
Ensure that the cache_dir directive is not commented out:
cache_dir ufs /var/spool/squid3 100 16 256
Optionally, change the http_port directive to your desired TCP port:
http_port 8080
Optionally, change the squid hostname:
visible_hostname proxy1
Save changes with Ctrl + O and exit with Ctrl + X.
Restart the squid server:
$ sudo service squid3 restart
Make sure that you have allowed the selected http_port on firewall.
Next, configure your browser using the squid server as the http/https proxy.
How it works…
Squid is available as a package in the Ubuntu repository, so you can directly install it with the apt-get install squid command. After installing squid, we need to edit the squid.conf file for some basic settings. The squid.conf file is quite a big file and you can find a large number of directives listed with their explanation. It is recommended to create a copy of the original configuration file as a reference before you do any modifications.
In our example, we are changing the port squid listens on. The default port is 3128. This is just a security precaution and it's fine if you want to run squid on the default port. Secondly, we have changed the hostname for squid.
Other important directive to look at is cache_dir. Make sure that this directive is enabled, and also set the cache size. The following example sets cache_dir to /var/spool/suid3 with the size set to 100MB:
cache_dir ufs /var/spool/squid3 100 16 256
To check the cache utilization, use the following command:
$ sudo du /var/spool/squid3
There's more…
Squid provides lot more features than a simple proxy server. Following is a quick list of some important features:
Access control list
With squid ACLs, you can set the list of IP addresses allowed to use squid. Add the following line at the bottom of the acl section of /etc/squid3/squid.conf:
acl developers src 192.168.2.0/24
Then, add the following line at the top of the http_access section in the same file:
http_access allow developers
Set cache refresh rules
You can change squid's caching behavior depending on the file types. Add the following line to cache all image files to be cached—the minimum time is an hour and the maximum is a day:
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 86400
This line uses a regular expression to find the file names that end with any of the listed file extensions (gif, png, and etc)
Sarg – tool to analyze squid logs
Squid Analysis Report Generator is an open source tool to monitor the squid server usages. It parses the logs generated by Squid and converts them to easy-to-digest HTML-based reports. You can track various metrics such as bandwidth used per user, top sites, downloads, and so on. Sarg can be quickly installed with the following command:
$ sudo apt-get install sarg
The configuration file for Sarg is located at /etc/squid/sarg.conf. Once installed, set the output_dir path and run sarg. You can also set cron jobs to execute sarg periodically. The generated reports are stored in output_dir and can be accessed with the help of a web server.
Squid guard
Squid guard is another useful plugin for squid server. It is generally used to block a list of websites so that these sites are inaccessible from the internal network. As always, it can also be installed with a single command, as follows:
$ sudo apt-get install squidguard
The configuration file is located at /etc/squid/squidGuard.conf.
See also
Check out the squid manual pages with the man squid command
Check out the Ubuntu community page for squid guard at https://help.ubuntu.com/community/SquidGuard
