Biboroku

Installing Squid Proxy Server on Mac OS X Snow Leopard

Written by Taro Sato on . Tagged: sysadmin OS X

My goal is to set up a very basic proxy server on my Mac box on campus, so that I can have full access to subscription-based academic journals via the proxy on my laptop even when I am off campus. Some schools provide such (library) proxies but my school unfortunately does not. I want to set it up such that the proxy requires a password authentication in order not to make it wide open to the public.

Getting and Installing Squid

Download a tarball for a stable version from the repository. The version that I use here is 2.7. I assume the file is downloaded to /usr/local/src/squid.

$ cd /usr/local/src/squid
$ gunzip -c squid-2.7.STABLE9.tar.gz | tar xvf -
$ cd squid-2.7.STABLE9
$ ./configure
$ make
$ sudo make install
$ cd helpers/basic_auth/NCSA
$ make
$ sudo make install
$ sudo chown -R nobody /usr/local/squid/var
$ sudo /usr/local/squid/sbin/squid -z

Squid will be installed at /usr/local/squid. (The last command is necessary to run a daemon as user nobody.)

Configure Squid

First, prepare a NCSA-compliant encrypted password file for a user (here with username johndoe):

$ cd /usr/local/squid/etc
$ sudo touch squid_passwd
$ sudo chmod o+r squid_passwd
$ sudo htpasswd squid_passwd johndoe
New password:
Re-type new passwod:
Adding passwod for user johndoe

Now, edit /usr/local/squid/etc/squid.conf. The following lines need to be added:

# Add this to the auth_param section
auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/squid_passwd

# Add this to the bottom of the ACL section
acl ncsa_users proxy_auth REQUIRED

# Add this at the top of the http_access section
http_access allow ncsa_users

Finally, run the server:

$ sudo /usr/local/squid/sbin/squid -N -d 1 -D

Firewall will prompt me to see if I allow incoming connections to squid. Say “allow.”

The IP address or hostname of your Mac box at the port 3128 will be available as a proxy server now.

Launch Squid on Startup with launchd

Under the directory /Library/LaunchDaemons, create a file named squid.plist with the following content:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>squid</string>
    <key>OnDemand</key>
    <false/>
    <key>ProgramArguments</key>
    <array>
      <string>/usr/local/squid/sbin/squid</string>
      <string>-N</string>
      <string>-d 1</string>
      <string>-D</string>
    </array>
    <key>ServiceIPC</key>
    <false/>
  </dict>
</plist>

Then issuing

$ sudo launchctl load -w /Library/LaunchDaemons/squid.plist

will launch squid. On reboot, the proxy should also be working automatically.