My goal is to set up a very basic proxy server on my Mac box on campus, so that I can have full access to subscription-based academic journals via the proxy on my laptop even when I am off campus. Some schools provide such (library) proxies but my school unfortunately does not. I want to set it up such that the proxy requires a password authentication in order not to make it wide open to the public.
Getting and Installing Squid
Download a tarball for a stable version from the repository. The version that I use here is 2.7. I assume the file is downloaded to /usr/local/src/squid.
$ cd /usr/local/src/squid $ gunzip -c squid-2.7.STABLE9.tar.gz | tar xvf - $ cd squid-2.7.STABLE9 $ ./configure $ make $ sudo make install $ cd helpers/basic_auth/NCSA $ make $ sudo make install $ sudo chown -R nobody /usr/local/squid/var $ sudo /usr/local/squid/sbin/squid -z
Squid will be installed at /usr/local/squid. (The last command is necessary to run a daemon as user nobody.)
First, prepare a NCSA-compliant encrypted password file for a user (here with username johndoe):
$ cd /usr/local/squid/etc $ sudo touch squid_passwd $ sudo chmod o+r squid_passwd $ sudo htpasswd squid_passwd johndoe New password: Re-type new passwod: Adding passwod for user johndoe
Now, edit /usr/local/squid/etc/squid.conf. The following lines need to be added:
# Add this to the auth_param section auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/squid_passwd # Add this to the bottom of the ACL section acl ncsa_users proxy_auth REQUIRED # Add this at the top of the http_access section http_access allow ncsa_users
Finally, run the server:
$ sudo /usr/local/squid/sbin/squid -N -d 1 -D
Firewall will prompt me to see if I allow incoming connections to squid. Say “allow.”
The IP address or host name of your Mac box at the port 3128 will be available as a proxy server now.
Launch Squid on Startup with launchd
Under the directory /Library/LaunchDaemons, create a file named squid.plist with the following content:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>squid</string> <key>OnDemand</key> <false/> <key>ProgramArguments</key> <array> <string>/usr/local/squid/sbin/squid</string> <string>-N</string> <string>-d 1</string> <string>-D</string> </array> <key>ServiceIPC</key> <false/> </dict> </plist>
$ sudo launchctl load -w /Library/LaunchDaemons/squid.plist
will launch squid. On reboot, the proxy should also be working automatically.