How to Install Squid From Source Code on CentOS 7

Install Squid From Source Code: This article is part of previously started series on most demanding topics related to squid proxy server Titled: How to control internet access using Squid Proxy Server.

`

Squid Proxy Server can be install using the source code or using package manager which provides pre-compiled binary packages. Binary packages are ready to install software bundles and available in the online software repositories of almost all Linux operating systems. Let’s have a detailed look at the possible ways in which we can install Squid.

In this guide we will be focusing on source code installation and then perform basic configuration on it.

Source Code Installation Benefits

There are many advantages of compiling Squid Proxy manually from the source as compare to pre-compiled binary packages. We can compile squid with custom flags, depending on our network requirements. During compilation process we can enable or disable extra features, which is not possible while we are installing Squid using pre-compiles binary package.

Don’t Miss: Squid RPM based installation using yum

Before we start playing with Linux command line in order to install Squid Proxy, Let’s have a graphical view of our LAB Environment.

 

LAB Environment Diagram.

Squid Proxy Server LAB Environment Diagram
Squid Proxy Server LAB Environment Diagram
 

The Above diagram is showing Squid Proxy Server has two network interface cards plugged in in that, one is directly connected to DSL modem, I will call that WAN and the second one is connected to switch which will be LAN. For testing purpose we have client computer in our network.

 

Squid Server Settings
WAN IP Settings
IP Address: 192.168.1.100
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS 1: 192.168.1.1
DNS 2: 8.8.8.8

LAN IP Settings
IP Address: 192.168.2.100
Subnet Mask: 255.255.255.0

Client PC Settings
Client-1 IP Settings
IP Address: 192.168.2.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.100
DNS 1: 192.168.2.100
DNS 2: 8.8.8.8

The Colored Gateway field is Squid Proxy Server IP as our gateway for client. IP settings for Squid Server and Client PC will remain same in all other parts of this series.

Let’s begin Squid configuration series with the very first one (Source Code Installation) and explore each topic one by one.

1) Installation and basic configuration of squid proxy

  • Source Code Installation.
  • RPM base installation using yum.

Requirements:

  • Minimal installation of CentOS 7. Refer to CentOS 7 Installation guide: How to Install Centos 7 Tutorial
  • Internet should be working on squid server via WAN link.
  • root level access

Installing Squid Proxy From Source Code.

Installing squid from source code process can be done by following below three steps.

  1. Select required features and operating system-specific settings.
  2. Compile the source code to generate the executables
  3. Finally place the generated executables and important squid files into their designated path for squid to work properly

Step-1: Install Required Tools & Packages

Before we download and compile Squid we need to install some required packages. Open up terminal with root access and enter below command:

yum install wget gcc gcc-c++ make perl -y

Step-2: Downloading Squid Source Archive

Change Directory to tmp.

 cd /tmp

Obtain Source code of squid proxy from official website link:

 wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.6.tar.gz

Uncompromising the source archive:

 tar xvf squid-3.4.6.tar.gz

Step-3: Compiling Squid Proxy

Navigate to squid directory where squid extracted.

 cd /tmp/squid-3.4.6

If you want to know more about squid configuration options you can run ./configure –help | less command.

 ./configure -help | less

This will display the page containing the options and their brief description for configure. Use up and down arrow keys to navigate through the information.

Let’s compile Squid with some extra features.

We will enable squid bandwidth control feature, transparent proxy support, enable authentication and filter client request based on mac address, for that will use following command:

 ./configure --enable-delay-pools --enable-arp-acl --enable-linux-netfilter --enable-basic-auth-helper="NCSA" && echo "Configuration Successful"

Command Explanation:

–enable-delay-pools = limit internet speed/ control bandwidth

–enable-arp-acl = Mac base access control instead of ip.

–enable-linux-netfilter = Install Transparent proxy Support.

–enable-basic-auth-helper=”NCSA” = enable apache base basic authentication mechanism.

At last I use trick to make sure all done perfectly.

Sample output:

hecking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands
"Configuration Successful"

Now run make command

 make && echo "Make Successful"

make[1]: Entering directory `/tmp/squid-3.4.6/test-suite'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/tmp/squid-3.4.6/test-suite'
make[1]: Entering directory `/tmp/squid-3.4.6'
make[1]: Nothing to be done for `all-am'.
make[1]: Leaving directory `/tmp/squid-3.4.6'
"Make Successful"

Finally place files in proper locations using make install command:

 make install && echo "Install Successful"

Sample output:

make[1]: Entering directory `/tmp/squid-3.4.6'
make[2]: Entering directory `/tmp/squid-3.4.6'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/squid-3.4.6'
make[1]: Leaving directory `/tmp/squid-3.4.6'
Install Successful
So far everything went well so we have successfully complied squid proxy server using source code.

Step-4: Basic Configuration

Now we will perform some basic configuration and start the service to make squid proxy server in action.

Default Squid installed directory is /usr/local/squid/

To Edit configuration file open squid.conf in vi text editor.

 vi /usr/local/squid/etc/squid.conf

For allowing internet sharing on your local network you need to add your network details in squid config file acl section (After line number 12) see how.

acl broexperts_network src 192.168.2.0/24 

Now allow http access to this acl.(After line number 54)

http_access allow broexperts_network

Now add visible_hostname = your Server hostname (At the bottom of this file).

visible_hostname Pxy.BroExperts.com

Save and exit squid.conf file.

Create user called pxyuser for squid service. Issue below command in terminal.

 useradd pxyuser

Change ownership of cache and logs directories under /usr/local/squid/var/ to pxyuser user.

 chown pxyuser:pxyuser -R /usr/local/squid/var/cache
 chown pxyuser:pxyuser -R /usr/local/squid/var/logs

Un-comment below line and add cache effective user parameters in squid.conf file at line number 63.

vi /usr/local/squid/etc/squid.conf

cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
cache_effective_user pxyuser

re

Save & Exit squid.conf file.

Now create cache directories using squid service command with –z option

 /usr/local/squid/sbin/squid -z 

Start squid service.

/usr/local/squid/sbin/squid

Step-5: Disable SE-Linux

For permanent disable selinux, edit the file /etc/sysconfig/selinux.
Change the value of SELINUX=enforcing directive into SELINUX=disabled and restart the system

vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing “ SELinux security policy is enforced.
# permissive “ SELinux prints warnings instead of enforcing.
# disabled “ No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted Targeted processes are protected,
# mls Multi Level Security protection.
SELINUXTYPE=targeted

Save the file and RESTART the system. Without restart of system SELINUX mode will not be changed permanently.

Step-6: Automatic starting Squid service on start-up using shell script

Change directory to add a simple shell script for squid service to run on start-up.

 cd /etc/rc.d/init.d

Then create file called squid then copy and paste below script

  vi squid
#!/bin/bash
# init script to control Squid server
case "$1" in
start)
/usr/local/squid/sbin/squid
;;
stop)
/usr/local/squid/sbin/squid -k shutdown
;;
reload)
/usr/local/squid/sbin/squid -k reconfigure
;;
restart)
/usr/local/squid/sbin/squid -k shutdown
sleep 2
/usr/local/squid/sbin/squid
;;
*)
echo $"Usage: $0 {start|stop|reload|restart}"
exit 2
esac
exit $?

Add command to start squid service in /etc/rc.local file.

echo systemctl start squid >> /etc/rc.local
chmod +x /etc/rc.local

Add firewall rule to allow 3128 squid port.

 firewall-cmd --zone=public --add-port=3128/tcp --permanent
firewall-cmd --reload

Done finally we have compile, Installed and configured squid from source code. Now we will test squid proxy server from windows 7 client to check browsing. You need to point squid proxy server name or IP address in browser proxy settings with port 3128.

Open up firefox browser and go to Tools > Options > Advance tab > Network > Settings > select manual proxy settings radio button and provide squid server IP 192.168.2.100 and port 3128 and check use this use this proxy server for all protocols and then click oK.

Now open www.broexperts.com

Click below to see next topic:

Next Topic: RPM base installation using yum


If you like this Post, please give us your valuable feedback by pressing Vote Up / Vote Down Button. Thanks.

[thumbs-rating-buttons]


Similar Posts