How to install SQUID on RHEL 8 - nomorespice/rhel8-howto GitHub Wiki
Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. This procedure will guide you through the installation process on a Red Hat Enterprise Linux 8 server.
This document assumes that:
- you installed the RHEL 8 x64 Operating System according to How to install RHEL 8 via kickstart
- you are performing these tasks as root
- you are performing these tasks in order, as some tasks require others to be completed first
dnf -y install squid
Be sure to modify the following to customize for your environment:
- Modify the visible hostname
- Change the internal ACL network IP address
- Modify the cache manager email address
mv /etc/squid/squid.conf /etc/squid/squid.conf.orig
/bin/cat << EOT >/etc/squid/squid.conf
visible_hostname HOSTNAME
http_port 3128
cache_effective_user squid
cache_effective_group squid
#
pipeline_prefetch on
shutdown_lifetime 1 second
httpd_suppress_version_string on
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#
acl internal src 192.168.1.0/24
http_access allow internal
http_access deny all
always_direct allow all
cache deny all
ident_lookup_access deny all
icp_port 0
icp_access deny all
htcp_port 0
htcp_access deny all
snmp_port 0
snmp_access deny all
#
logformat combined %{x-forward}>h %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
access_log /var/log/squid/access.log combined
buffered_logs on
coredump_dir /var/spool/squid
#
forward_timeout 30 seconds
connect_timeout 30 seconds
read_timeout 30 seconds
request_timeout 30 seconds
client_lifetime 20 hours
pconn_timeout 1 minute
request_header_max_size 64 KB
detect_broken_pconn on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
#
via off
forwarded_for off
ignore_unknown_nameservers on
cache_mgr [email protected]
#
request_header_access Accept-Language deny all
request_header_access Accept-Encoding deny all
request_header_access Cache-Control deny all
request_header_access Referer deny all
request_header_access Via deny all
request_header_access x-forward deny all
request_header_access X-Forwarded-For deny all
request_header_access X-Real-IP deny all
request_header_replace Accept-Encoding gzip, deflate
request_header_replace Accept-Language en-US
EOT
systemctl --now enable squid