Installing Squid Proxy Server on Mac OS X Snow Leopard
My goal is to set up a very basic proxy server on my Mac box on campus, so that I can have full access to subscription-based academic journals via the proxy on my laptop even when I am off campus. Some schools provide such (library) proxies but my school unfortunately does not. I want to set it up such that the proxy requires a password authentication in order not to make it wide open to the public.
Getting and Installing Squid
Download a tarball for a stable version from the repository. The version that I use here is 2.7. I assume the file is downloaded to /usr/local/src/squid.
$ cd /usr/local/src/squid
$ gunzip -c squid-2.7.STABLE9.tar.gz | tar xvf -
$ cd squid-2.7.STABLE9
$ ./configure
$ make
$ sudo make install
$ cd helpers/basic_auth/NCSA
$ make
$ sudo make install
$ sudo chown -R nobody /usr/local/squid/var
$ sudo /usr/local/squid/sbin/squid -z
Squid will be installed at /usr/local/squid. (The last command is necessary to run a daemon as user nobody.)
Configure Squid
First, prepare a NCSA-compliant encrypted password file for a user (here with username johndoe):
$ cd /usr/local/squid/etc
$ sudo touch squid_passwd
$ sudo chmod o+r squid_passwd
$ sudo htpasswd squid_passwd johndoe
New password:
Re-type new passwod:
Adding passwod for user johndoe
Now, edit /usr/local/squid/etc/squid.conf. The following lines need to be added:
# Add this to the auth_param section
auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/squid_passwd
# Add this to the bottom of the ACL section
acl ncsa_users proxy_auth REQUIRED
# Add this at the top of the http_access section
http_access allow ncsa_users
Finally, run the server:
$ sudo /usr/local/squid/sbin/squid -N -d 1 -D
Firewall will prompt me to see if I allow incoming connections to squid. Say “allow.”
The IP address or hostname of your Mac box at the port 3128 will be available as a proxy server now.
Launch Squid on Startup with launchd
Under the directory /Library/LaunchDaemons, create a file named squid.plist with the following content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>squid</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/squid/sbin/squid</string>
<string>-N</string>
<string>-d 1</string>
<string>-D</string>
</array>
<key>ServiceIPC</key>
<false/>
</dict>
</plist>
Then issuing
$ sudo launchctl load -w /Library/LaunchDaemons/squid.plist
will launch squid. On reboot, the proxy should also be working automatically.