Home / How To / How to install Squid Proxy Server on Ubuntu 20.04

How to install Squid Proxy Server on Ubuntu 20.04



Squid is a full-featured Linux-based proxy application that is mostly used to filter traffic, security and DNS searches. It is also used to improve the performance of the web server by caching resources. Simply put, a Squid server is a computer that acts as an intermediary between a desktop computer and the Internet that redirects incoming client requests to a server where data is stored for easier retrieval. It supports several protocols including HTTP, FTP, TLS, SSL, Internet Gopher and HTTPS.

In this tutorial we will show you how to install and configure Squid Proxy Server on the Ubuntu 20.04 server.

Conditions

  • A server running Ubuntu 20.04.
  • A root password is configured on the server.

Getting Started

Before you begin, you must update your system packages to the latest version. You can update them with the following command:

apt-get update -y

When all packages have been updated, restart the system to apply the changes.

Install Squid Proxy

By default, the Squid package is available in the standard Ubuntu 20.04 repository. You can install it with the following command:

apt-get install squid -y

Once the octopus is installed, you can check the status of the octopus service with the following command:

systemctl status squid

You should get the following output:

? squid.service - Squid Web Proxy Server
     Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2020-08-23 12:00:24 UTC; 11s ago
       Docs: man:squid(8)
    Process: 49265 ExecStartPre=/usr/sbin/squid --foreground -z (code=exited, status=0/SUCCESS)
    Process: 49282 ExecStart=/usr/sbin/squid -sYC (code=exited, status=0/SUCCESS)
   Main PID: 49283 (squid)
      Tasks: 4 (limit: 2353)
     Memory: 16.4M
     CGroup: /system.slice/squid.service
             ??49283 /usr/sbin/squid -sYC
             ??49285 (squid-1) --kid squid-1 -sYC
             ??49287 (logfile-daemon) /var/log/squid/access.log
             ??49288 (pinger)

Aug 23 12:00:24 ubuntu2004 squid[49285]: Max Swap size: 0 KB
Aug 23 12:00:24 ubuntu2004 squid[49285]: Using Least Load store dir selection
Aug 23 12:00:24 ubuntu2004 squid[49285]: Set Current Directory to /var/spool/squid
Aug 23 12:00:24 ubuntu2004 squid[49285]: Finished loading MIME types and icons.
Aug 23 12:00:24 ubuntu2004 squid[49285]: HTCP Disabled.
Aug 23 12:00:24 ubuntu2004 squid[49285]: Pinger socket opened on FD 14
Aug 23 12:00:24 ubuntu2004 squid[49285]: Squid plugin modules loaded: 0
Aug 23 12:00:24 ubuntu2004 squid[49285]: Adaptation support is off.
Aug 23 12:00:24 ubuntu2004 squid[49285]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9
Aug 23 12:00:25 ubuntu2004 squid[49285]: storeLateRelease: released 0 objects

By default, Squid listens on port 3128. You can check this with the following command:

netstat -plunt | grep 3128

You should see the following output:

tcp6       0      0 :::3128                 :::*                    LISTEN      50017/(squid-1)

When you are done, you can move on to the next step.

Set IP-based authentication

There are several ways to restrict the client from accessing the internet. In this section, we set up Squid to authenticate based on the client’s IP address.

You can do this by editing the Squid default configuration file:

nano /etc/squid/squid.conf

Add the following line at the beginning of the file:

acl client1 src 192.168.10.10
acl client2 src 192.168.10.11
http_access allow client1 client2

Save and close the file when you are done. Then restart the Squid service to apply the changes:

systemctl restart squid

Where:

  • client1 and client2 is the name that identified the client computers.
  • 192.168.10.10 and 192.168.10.11 is the IP address of the client computer.

Now only computers configured with IP 192.168.10.10 and 192.168.10.11 can access the Internet.

Set user-based authentication

You can also set up Squid to authenticate based on users and passwords. To do this, you need to install the Apache toolkit in your system.

Run the following command to install the Apache utils package:

apt install apache2-utils -y

Once installed, create a first user with the following command:

htpasswd /etc/squid/passwd client1

You will be asked to set a password as below:

New password: 
Re-type new password: 
Adding password for user client1

Then create a second user with the following command:

htpasswd /etc/squid/passwd client2

Set your password as below:

New password: 
Re-type new password: 
Adding password for user client2

Then you can verify both users with the following command:

cat /etc/squid/passwd

You should get the following output:

client1:$apr1$CPlx8eVt$NJq3CT/hzfDCnAZRypIq5/
client2:$apr1$XYxQ2npc$IW0Nqjp15O5WYCo/wCFlB0

Then open the default Squid configuration file:

nano /etc/squid/squid.conf

Delete the first three lines you added in the previous section and add the following lines at the beginning of the file:

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Save and close the file. Then restart the Squid proxy service to apply the changes:

systemctl restart squid

Now you need to enter your username and password to access the internet.

Set combined authentication

You can also set up an octopus to authenticate a client based on the IP address and username / password.

Open the default Squid configuration file:

nano /etc/squid/squid.conf

Find the following lines that you added in the previous section:

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

And replace them with the following lines:

acl client1 src 192.168.10.10
acl client2 src 192.168.10.11
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow client1 client2 ncsa_users

Save and close the file when you are done, and then restart the Squid service to apply the changes:

systemctl restart squid

Set squid to anonymize traffic

Next, you need to add some rules to mask the client’s IP addresses from the servers that receive traffic from your Squid HTTP proxy.

You can do this by editing the default Squid configuration file:

nano /etc/squid/squid.conf

Add the following lines to the beginning of the file:

forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

Save and close the file when you are done, and then restart the Squid service to apply the changes:

systemctl restart squid

Verify octopus proxy

Next, you need to define your proxy server in your Mozilla browser.

Go to the client system, open the Mozilla browser and click Edit => Settings as follows:

Check the octopus proxy

click Network settings and click settings. You should see the following page:

Proxy server configuration

Select Manual agent configuration by entering your IP address for the Squid server in the HTTP host field and 3128 in the port bar and select the Use this proxy server for all protocols check box and click OK to save the settings.

Your browser is now configured to browse the Internet through the Squid proxy.

To verify it, enter the URL https://www.whatismyip.com/. You will be asked to enter a username and password as below:

Authenticate on the proxy server

Enter your Squid Proxy Server username and password that you created earlier and click OK button. You should see the following page:

Axxess website through octopus proxy

On the page above, you should see your Squid server’s IP address instead of the IP address of your client computer.

Conclusion

Congratulations! you have installed and configured the Squid Proxy server on the Ubuntu 20.04 server. You can also configure Squid Proxy to restrict the specific site based on words, domain and IP addresses. For more information, visit Squid’s official documentation.


Source link