How to Configure Reverse Proxy with Squid in CentOS

To Configure Reverse Proxy with Squid in CentOS

Squid is a proxy servers that acts as a reverse proxy to increase the performance for web services. The proxy server will stand behind the firewall of local network and redirects the every request from clients to backend webservers. This article shows how to configure reverse proxy with squid in CentOS.

Testing Environment

IP Address Hostname
Squid Proxy Server 192.168.5.237 node1.example.com
Web Server 192.168.5.238 node2.example.com


Pre-requisites

Basic webserver like Apache is required.
Fully qualified domain name is required for both machines including squid proxy server and web server.
Hostname resolution between two servers, either configure DNS or create entry as follows on /etc/hosts file,


192.168.5.237 node1.example.com node1
192.168.5.238 node2.example.com node2

Installation of Squid package

Run the following command to install Squid package.

[root@node1 ~]# yum install squid -y 
Loaded plugins: fastestmirror, langpacks
base | 3.6 kB 00:00:01
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
* base: mirror.fibergrid.in
* extras: mirror.fibergrid.in
* updates: mirror.fibergrid.in
Resolving Dependencies
-->  Running transaction check
--->  Package squid.x86_64 7:3.3.8-26.el7_2.4 will be installed
.
.
.
Installed:
squid.x86_64 7:3.3.8-26.el7_2.4

Dependency Installed:
libecap.x86_64 0:0.2.0-9.el7 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBI.x86_64 0:1.627-4.el7
perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-Digest.noarch 0:1.17-245.el7 perl-Digest-MD5.x86_64 0:2.52-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7
perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7

Complete!


To Configure Squid as Reverse Proxy

Utilize the following command to configure Squid as reverse proxy. Edit the squid’ s default configuration file as follows,

[root@node1 ~]# vim /etc/squid/squid.conf

Add the below lines under line number 53 and specify the FQDN of backend webserver http_port 80 accel defaultsite=node2.example.com in the 59th line. Finally, uncomment the 62nd line (remove “ #” symbol before the line).

#cache_dir ufs /var/spool/squid 100 16 256
cache_peer node2.example.com parent 80 0 no-query originserver
cache_mem 256 MB
visible_hostname node1.example.com

Once the squid is configured, start and enable the service to take effect.

[root@node1 ~]# systemctl restart squid
[root@node1 ~]# systemctl enable squid
ln -s ' /usr/lib/systemd/system/squid.service'  ' /etc/systemd/system/multi-user.target.wants/squid.service' 


Open the web browser with the hostname of squid proxy machine to check the output. It will display the content from the web server that acts in the back-end of reverse proxy settings.

Tag : Squid
FAQ
Q
What is squid reverse proxy?
A
Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic.
Q
What is proxy server Linux?
A
A proxy server is a computer that acts as an intermediary between a desktop computer and the internet and allows a client machine to make an indirect connection to network servers and services.
Q
How to set up squid to forward the right request to the right web server?
A
you can setup port 80 or 443 to forward to your exchange server/OWA and then some random port to forward to your VM server.
Q
How does a proxy server improve security?
A
A proxy server reduces the chance of a breach. Proxy servers add an additional layer of security between your servers and outside traffic. Because proxy servers can face the internet and relay requests from computers outside the network, they act as a buffer.

# Squid normally listens to port 3128
http_port 3128 accel defaultsi
Q
Is a reverse proxy secure?
A
In the case of secure websites, a web server may not perform SSL encryption itself, but instead offloads the task to a reverse proxy that may be equipped with SSL acceleration hardware. A reverse proxy can distribute the load from incoming requests to several servers, with each server serving its own application area.