News
Seven days of Black Friday madness — great deal from Serverspace!
Serverspace Black Friday
VB
July 11, 2022
Updated June 7, 2023

Install Squid proxy on Ubuntu 20.04

Linux Networks

An introduction

Squid is famous solution to content delivery. There are many purposes to using it could be. Popular aims are improving privacy, make connection more secure or faster. E.g., you can take this to parse website's content not from your own IP-address. Proxy could be useful to avoid geographical restrictions or research "target" host behavior depended of client location.

Preparing

Before start the process you should ensure you have:
Machine under Ubuntu 20.04, root privileges or sudo group membership for your account. "External" access via FQDN is optional but IP only is possible too.

Service setup

Firstly, please authorize as root and update system package cache

sudo –s
apt-get update

Squid has been included into Ubuntu base repos long time ago, so maintainers made pre-built release of this package and you can install it in “just one click”

apt-get -y install squid

pic.1

To make a daemon which autostarts every machine reboot just run

systemctl enable squid

Settings update

Squid will "read" its service parameters from the file /etc/squid/squid.conf. So, edit it via nano, look for the parameter http_port option and change pre-defined value to the unused port number above 1024

pic.2

Then find http_access deny all" words. Further doings depend of expected result. To pass everyone access just set this to "allow all". More secure is accept data for some "trusted" IPs only. To include this option put directive acl whitelist src "/etc/squid/whitelist" before "http_access deny all"

pic.3

Don't forget to pass squid traffic through the system firewall

ufw allow

Then put your IP-address to the /etc/squid/whitelist file and reload the service

curl ifconfig.me >> /etc/squid/whitelist
service squid restart

Integrate user authorization

Most proxy services from one hand, and much clients applications (like web-browsers e.g.) from other hand, supports authorization mechanism today. It could be tokens or dedicated auth-servers, but mostly used it is simple login-password dual. There is possible to create this via internal operation system functional. Just make a file with name /etc/squid/pswds and "show it" to the proxy service.
First step is necessary tools installation

apt-get install apache2-utils -y

Then is time to do access credentials. Type in terminal

htpasswd -c /etc/squid/pswds <user>

Utility will ask user about password. Create and remember, then type it twice.

pic.4

Next step is "integrate" this security mechanism with squid daemon. Edit config file again, uncomment (or create if it's not exist) these rows:

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/pswds
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

pic.5

Remember, system will "read" configuration file "from top to the bottom", so this options must be placed before "http_access deny all" directive. Please restart service when finish editing

service squid restart

Final testing

The fastest method to test is curl utility. Run it:
curl -v -x http://<username>:<password>@<IP-address>:<port> https://google.com

pic.5

Client setup

If previous step is successful, we're ready to setup "user-friendly" client. Very popular case is using proxy in browser. My favorite browser is Chrome. To "teach" it how to work passthrough the proxy please do follow:
- Open browser settings (3 dots in top-right window corner, then Settings)

pic.5
- Go to “System” tab and click to the “Computer proxy settings”

pic.6
- System preferences will open. Click to the “Manual settings, then type your server’s IP and proxy port into the relevant fields

pic.6
- Open the URL https://whoer.net in Google Chrome. You should see squid IP as “exit node”

At the end

In this instruction you've learned how to deploy a stable software for proxyfiing traffic almost without any overhead. You know way to secure and resject connects from non-trusted users. And now you could use web-browser in a proxy client role and “hide” your real IP behind self-created anonimiser service.

Vote:
3 out of 5
Аverage rating : 3.5
Rated by: 22
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
ITGLOBAL.COM NL
700 300
We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.