How to Install Squid From Source Code on CentOS 7
Install Squid From Source Code: This article is part of previously started series on most demanding topics related to squid proxy server Titled: How to control internet access using Squid Proxy Server.
`
Squid Proxy Server can be install using the source code or using package manager which provides pre-compiled binary packages. Binary packages are ready to install software bundles and available in the online software repositories of almost all Linux operating systems. Let’s have a detailed look at the possible ways in which we can install Squid.
In this guide we will be focusing on source code installation and then perform basic configuration on it.
Source Code Installation Benefits
There are many advantages of compiling Squid Proxy manually from the source as compare to pre-compiled binary packages. We can compile squid with custom flags, depending on our network requirements. During compilation process we can enable or disable extra features, which is not possible while we are installing Squid using pre-compiles binary package.
Don’t Miss: Squid RPM based installation using yum
Before we start playing with Linux command line in order to install Squid Proxy, Let’s have a graphical view of our LAB Environment.
LAB Environment Diagram.
The Above diagram is showing Squid Proxy Server has two network interface cards plugged in in that, one is directly connected to DSL modem, I will call that WAN and the second one is connected to switch which will be LAN. For testing purpose we have client computer in our network.
Squid Server Settings
|
|
WAN IP Settings
|
|
IP Address: | 192.168.1.100 |
Subnet Mask: | 255.255.255.0 |
Gateway: | 192.168.1.1 |
DNS 1: | 192.168.1.1 |
DNS 2: | 8.8.8.8 |
LAN IP Settings
|
|
IP Address: | 192.168.2.100 |
Subnet Mask: | 255.255.255.0 |
Client PC Settings
|
|
Client-1 IP Settings
|
|
IP Address: | 192.168.2.10 |
Subnet Mask: | 255.255.255.0 |
Gateway: | 192.168.2.100 |
DNS 1: | 192.168.2.100 |
DNS 2: | 8.8.8.8 |
The Colored Gateway field is Squid Proxy Server IP as our gateway for client. IP settings for Squid Server and Client PC will remain same in all other parts of this series.
Let’s begin Squid configuration series with the very first one (Source Code Installation) and explore each topic one by one.
1) Installation and basic configuration of squid proxy
- Source Code Installation.
- RPM base installation using yum.
Requirements:
- Minimal installation of CentOS 7. Refer to CentOS 7 Installation guide: How to Install Centos 7 Tutorial
- Internet should be working on squid server via WAN link.
- root level access
Installing Squid Proxy From Source Code.
Installing squid from source code process can be done by following below three steps.
- Select required features and operating system-specific settings.
- Compile the source code to generate the executables
- Finally place the generated executables and important squid files into their designated path for squid to work properly
Step-1: Install Required Tools & Packages
Before we download and compile Squid we need to install some required packages. Open up terminal with root access and enter below command:
yum install wget gcc gcc-c++ make perl -y
Step-2: Downloading Squid Source Archive
Change Directory to tmp.
cd /tmp
Obtain Source code of squid proxy from official website link:
wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.6.tar.gz
Uncompromising the source archive:
tar xvf squid-3.4.6.tar.gz
Step-3: Compiling Squid Proxy
Navigate to squid directory where squid extracted.
cd /tmp/squid-3.4.6
If you want to know more about squid configuration options you can run ./configure –help | less command.
./configure -help | less
This will display the page containing the options and their brief description for configure. Use up and down arrow keys to navigate through the information.
Let’s compile Squid with some extra features.
We will enable squid bandwidth control feature, transparent proxy support, enable authentication and filter client request based on mac address, for that will use following command:
./configure --enable-delay-pools --enable-arp-acl --enable-linux-netfilter --enable-basic-auth-helper="NCSA" && echo "Configuration Successful"
Command Explanation:
–enable-delay-pools = limit internet speed/ control bandwidth
–enable-arp-acl = Mac base access control instead of ip.
–enable-linux-netfilter = Install Transparent proxy Support.
–enable-basic-auth-helper=”NCSA” = enable apache base basic authentication mechanism.
At last I use trick to make sure all done perfectly.
Sample output:
hecking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /usr/bin/mkdir -p checking for gawk... gawk checking that generated files are newer than configure... done configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: executing depfiles commands config.status: executing libtool commands "Configuration Successful"
Now run make command
make && echo "Make Successful"
make[1]: Entering directory `/tmp/squid-3.4.6/test-suite' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/tmp/squid-3.4.6/test-suite' make[1]: Entering directory `/tmp/squid-3.4.6' make[1]: Nothing to be done for `all-am'. make[1]: Leaving directory `/tmp/squid-3.4.6' "Make Successful"
Finally place files in proper locations using make install command:
make install && echo "Install Successful"
Sample output:
make[1]: Entering directory `/tmp/squid-3.4.6' make[2]: Entering directory `/tmp/squid-3.4.6' make[2]: Nothing to be done for `install-exec-am'. make[2]: Nothing to be done for `install-data-am'. make[2]: Leaving directory `/tmp/squid-3.4.6' make[1]: Leaving directory `/tmp/squid-3.4.6' Install SuccessfulSo far everything went well so we have successfully complied squid proxy server using source code.
Step-4: Basic Configuration
Now we will perform some basic configuration and start the service to make squid proxy server in action.
Default Squid installed directory is /usr/local/squid/
To Edit configuration file open squid.conf in vi text editor.
vi /usr/local/squid/etc/squid.conf
For allowing internet sharing on your local network you need to add your network details in squid config file acl section (After line number 12) see how.
acl broexperts_network src 192.168.2.0/24
Now allow http access to this acl.(After line number 54)
http_access allow broexperts_network
Now add visible_hostname = your Server hostname (At the bottom of this file).
visible_hostname Pxy.BroExperts.com
Save and exit squid.conf file.
Create user called pxyuser for squid service. Issue below command in terminal.
useradd pxyuser
Change ownership of cache and logs directories under /usr/local/squid/var/ to pxyuser user.
chown pxyuser:pxyuser -R /usr/local/squid/var/cache chown pxyuser:pxyuser -R /usr/local/squid/var/logs
Un-comment below line and add cache effective user parameters in squid.conf file at line number 63.
vi /usr/local/squid/etc/squid.conf
cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256 cache_effective_user pxyuser reSave & Exit squid.conf file.
Now create cache directories using squid service command with –z option
/usr/local/squid/sbin/squid -zStart squid service.
/usr/local/squid/sbin/squidStep-5: Disable SE-Linux
For permanent disable selinux, edit the file /etc/sysconfig/selinux.
Change the value of SELINUX=enforcing directive into SELINUX=disabled and restart the systemvi /etc/sysconfig/selinux# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing “ SELinux security policy is enforced. # permissive “ SELinux prints warnings instead of enforcing. # disabled “ No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted Targeted processes are protected, # mls Multi Level Security protection. SELINUXTYPE=targetedSave the file and RESTART the system. Without restart of system SELINUX mode will not be changed permanently.
Step-6: Automatic starting Squid service on start-up using shell script
Change directory to add a simple shell script for squid service to run on start-up.
cd /etc/rc.d/init.dThen create file called squid then copy and paste below script
vi squid#!/bin/bash # init script to control Squid server case "$1" in start) /usr/local/squid/sbin/squid ;; stop) /usr/local/squid/sbin/squid -k shutdown ;; reload) /usr/local/squid/sbin/squid -k reconfigure ;; restart) /usr/local/squid/sbin/squid -k shutdown sleep 2 /usr/local/squid/sbin/squid ;; *) echo $"Usage: $0 {start|stop|reload|restart}" exit 2 esac exit $?Add command to start squid service in /etc/rc.local file.
echo systemctl start squid >> /etc/rc.local chmod +x /etc/rc.localAdd firewall rule to allow 3128 squid port.
firewall-cmd --zone=public --add-port=3128/tcp --permanent firewall-cmd --reloadDone finally we have compile, Installed and configured squid from source code. Now we will test squid proxy server from windows 7 client to check browsing. You need to point squid proxy server name or IP address in browser proxy settings with port 3128.
Open up firefox browser and go to Tools > Options > Advance tab > Network > Settings > select manual proxy settings radio button and provide squid server IP 192.168.2.100 and port 3128 and check use this use this proxy server for all protocols and then click oK.
Now open www.broexperts.com
Click below to see next topic:
Next Topic: RPM base installation using yum
If you like this Post, please give us your valuable feedback by pressing Vote Up / Vote Down Button. Thanks.
[thumbs-rating-buttons]