Last active
June 17, 2022 15:08
-
-
Save cdodd/8886180 to your computer and use it in GitHub Desktop.
Install a basic squid proxy with authentication on Centos 6 x64. Just modify the variables at the top and run the script on a clean system.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| PROXY_USER=user | |
| PROXY_PASS=password | |
| PROXY_PORT=3128 | |
| # Clear the repository index caches | |
| yum clean all | |
| # Update the operating system | |
| yum update -y | |
| # Install httpd-tools to get htpasswd | |
| yum install httpd-tools -y | |
| # Install squid | |
| yum install squid -y | |
| # Create the htpasswd file | |
| htpasswd -c -b /etc/squid/passwords $PROXY_USER $PROXY_PASS | |
| # Backup the original squid config | |
| cp /etc/squid/squid.conf /etc/squid/squid.conf.bak | |
| # Set up the squid config | |
| cat << EOF > /etc/squid/squid.conf | |
| auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwords | |
| auth_param basic realm proxy | |
| acl authenticated proxy_auth REQUIRED | |
| http_access allow authenticated | |
| forwarded_for delete | |
| http_port 0.0.0.0:$PROXY_PORT | |
| EOF | |
| # Set squid to start on boot | |
| chkconfig squid on | |
| # Start squid | |
| /etc/init.d/squid start | |
| # Set up the iptables config | |
| cat << EOF > /etc/sysconfig/iptables | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| -A INPUT -p icmp -j ACCEPT | |
| -A INPUT -i lo -j ACCEPT | |
| ####################################################### | |
| # BEGIN CUSTOM RULES | |
| ####################################################### | |
| # Allow SSH from anywhere | |
| -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT | |
| # Allow squid access from anywhere | |
| -A INPUT -m state --state NEW -m tcp -p tcp --dport $PROXY_PORT -j ACCEPT | |
| ####################################################### | |
| # END CUSTOM RULES | |
| ####################################################### | |
| -A INPUT -j REJECT --reject-with icmp-host-prohibited | |
| -A FORWARD -j REJECT --reject-with icmp-host-prohibited | |
| COMMIT | |
| EOF | |
| # Restart iptables | |
| /etc/init.d/iptables restart |
nice one man
forked,Thanks.
another compile install method: http://my.oschina.net/u/1162688/blog/415837
Another method, for Ubuntu based servers: https://www.rosehosting.com/blog/install-squid-proxy-server-on-ubuntu-14-04/
why do I have to use iptables, I mean squid just redirect traffic in http level, how is iptables involved?
@yifeikong likely to allow ingress connections to 3128
This states that this is for Centos 6 x64. Is it only for 6.8?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
finally a working solution for Squid + Authentication + Centos 6.5
Thank you!