Setting Up Squid Proxy Server on Mac OS X Leopard
My goal is to set up a very basic proxy server on my Mac box on campus, so that I can have full access to subscription-based academic journals via the proxy on my laptop even when I am off campus. Some schools provide such (library) proxies but my school unfortunately does not. I want to set it up such that the proxy requires a password authentication in order not to make it wide open to the public.
Getting and Installing Squid
Download a tarball for a stable version from the repository. The version that I use here is 2.7. I assume the file is downloaded to /usr/local/src/squid.
$ cd /usr/local/src/squid
$ gunzip -c squid-2.7.STABLE6.tar.gz | tar xvf -
$ cd squid-2.7.STABLE6
$ ./configure
$ make
$ sudo make install
$ cd helpers/basic_auth/NCSA
$ make
$ sudo make install
$ sudo chown -R nobody /usr/local/squid/var
$ sudo /usr/local/squid/sbin/squid -z
Squid will be installed at /usr/local/squid. (The last command is
necessary to run a daemon as user nobody.)
Configure Squid
First, prepare a NCSA-compliant encrypted password file for a user
(here with username johndoe):
$ cd /usr/local/squid/etc
$ sudo touch squid_passwd
$ sudo chmod o+r squid_passwd
$ sudo htpasswd squid_passwd johndoe
New password:
Re-type new passwod:
Adding passwod for user johndoe
Now, edit /usr/local/squid/etc/squid.conf. The following lines need to be added:
# Add this to the auth_param section
auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/squid_passwd
# Add this to the bottom of the ACL section
acl ncsa_users proxy_auth REQUIRED
# Add this at the top of the http_access section
http_access allow ncsa_users
Finally, run the server:
$ sudo /usr/local/squid/sbin/squid -N -d 1 -D
Firewall will prompt me to see if I allow incoming connections to squid. Say “allow.”
The IP address or host name of your Mac box at the port 3128 will be available as a proxy server now.
Launch Squid on Startup with launchd
Under the directory /Library/LaunchDaemons, create a file named squid.plist with the following content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>squid</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/squid/sbin/squid</string>
<string>-N</string>
<string>-d 1</string>
<string>-D</string>
</array>
<key>ServiceIPC</key>
<false/>
</dict>
</plist>
Then issuing
$ sudo launchctl load -w /Library/LaunchDaemons/squid.plist
will launch squid. On reboot, the proxy should also be working automatically.
Launch Squid on Startup with SystemStarter
This method should be ignored in favor of the method with launchd
described above. This one is incomplete anyways…
This is a server so it would be convenient if the proxy starts up upon reboot automatically. Here is a Mac way to do it:
$ sudo mkdir /Library/StartupItems/squid
$ sudo touch /Library/StartupItems/squid/squid
$ sudo touch /Library/StartupItems/squid/StartupParameters.plist
$ sudo chmod +x /Library/StartupItems/squid/squid
The newly created files should have contents as follows.
squid:
#!/bin/sh
. /etc/rc.common
StartService()
{
ConsoleMessage "Starting squid"
/usr/local/squid/bin/RunCache &
}
StopService()
{
ConsoleMessage "Stopping squid"
# TODO: add a command to stop squid
}
RestartService()
{
ConsoleMessage "Restarting squid"
# TODO: add a command to restart squid
StopService
StartService
}
RunService "$1"
StartupParameters.plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist
SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
<plist version="0.9">
<dict>
<key>Description</key>
<string>squid</string>
<key>Provides</key>
<array>
<string>squid</string>
</array>
<key>Requires</key>
<array>
<string>Network</string>
</array>
<key>OrderPreference</key>
<string>Last</string>
</dict>
</plist>
References
Edits
March 22, 2010. A minor error on the permission of var directory corrected.