In this tutorial, we'll explain how to install and configure Squid proxy on Ubuntu 22.04.
Squid is a stable, popular, open-source HTTP proxy. It is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages.Through a proxy server, an end user is able to control and monitor their web traffic for a wide variety of purposes, including privacy, security.
Install and Configure Squid Proxy on Ubuntu 22.04
Prerequisites:
- An Ubuntu 22.04 install dedicated server or cloud server
- A root user access or normal user with administrative privileges.
- For normal user, use sudo in front of every command.
1. Update Server
Keep the server updated for latest repositories links.
apt update
2. Install Squid Proxy Server
Next, execute following simple command to install Squid proxy.
apt install squid -y
that's it we have installed Squid proxy server.
3. Configure Squid Proxy Server
Here, we'll see series of configurations. You can choose the modification as per your requirements.
HTTP Port
First, let's check how we can change the default port 3128.
Use your favorite editor and open squid.conf file:
nano /etc/squid/squid.conf
Find http_port 3128. Here you can replace any port you want.
http_port 8080
For this demostration purpose, we are keeping the default port.
Allow access to all
At initial, Squid proxy blocks all the incoming access or traffic. We can allow it. Find http_access deny all and replace it with following:
http_access allow all
Important note: Allowing incoming traffic with authentication will allow everyone to connect to the Squid proxy server. This is for temporary, we will deny any traffic and allow authenticated traffic later.
Add ACL
We can add access control list and add our IP like shown below:
acl localnet src 192.168.2.22
Basically, it is saying that connect to the server if the traffic is comming from the specified IP.
Note:
- localnet is just name of ACL
- src is where the request would originate from under this ACL. Mention your IP address.
Save and exit.
We need to restart the Squid service everytime we change anything in squid.conf file.
systemctl restart squid
Configure firewall
Before we proceed further, we need to add Squid proxy port in firewall. If you are not using firewall, you can skip this step.
ufw allow 3128/tcp
Note: If you are using different port, replace 3128 with you port.
We can now test the Squid proxy server using following command:
curl -v -x http://your_server_ip:3128 https://www.google.com/
Note: Replace port 3128 with your port.
Output:
* Trying [server ip]...
* TCP_NODELAY set
* Connected to [server ip] ([server ip]) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.61.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
We can test it web browser too.
4. Configuring Squid Proxy Authentication
We can use username and password to connect to the server. If the user is authenticated then only the user can connect to the server otherwise it will give HTTP code 407 from proxy after CONNECT or likewise error.
We can add user and password and use those credetials to connect to the proxy server.
First, we need to install apache2-utils to get access of htpasswd command to generate password. Execute following command to install it:
apt install apache2-utils
Next, Create a passwd file in /etc/squid and add username and password using htpasswd command. Execute following command:
sudo htpasswd -c /etc/squid/passwd [username]
Note: Replace [username] with your username.
It will prompt and ask for password of the user. Use secure password. Once you enter the password, it will create a file. Let's print the contents of the file using cat command:
sudo cat /etc/squid/passwd
We can see the user we have added with the password.
Next, update the squid.conf to use our /etc/squid/passwd file. Use your favorite editor and edit squid.conf:
nano /etc/squid/squid.conf
Find include /etc/squid/conf.d/* and add following contents below:
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
Important note: Here /usr/lib/squid/basic_ncsa_auth, if squid is installed in lib64 directory, replace lib with lib64 and if you have installed squid3, replace squid with squid3.
Find http_access allow all and replace it with http_access deny all. So that only authenticated user can connect with the Squid proxy server.
Save and exit the file.
Restart the Squid service
systemctl restart squid
5, Test Connection
To test the connection and verify that everything set perfectly, execute following command:
curl --proxy http://[server IP]:[port] --proxy-user [username]:[password] -L https://google.com
Note: Replace [server IP]:[port] [username]:[password] with your details.
Block Websites (Optionally)
If we want to block certain websites for user accessing, we can do it easy.
First, create a file named blocked.acl in /etc/squid directory.
nano /etc/squid/blocked.acl
Add websites that we want to block
.facebook.com
.instgram.com
Save and exit the file.
Edit squid.conf file:
nano /etc/squid/squid.conf
Add following lines after the ACL list we have added for IP address:
acl blocked_social_websites dstdomain "/etc/squid/blocked.acl"
http_access deny blocked_social_websites
Note: We can change the blocked_social_websites name with anyname we want.
Restart squid.service to reflect the changes.
systemctl restart squid
That's it. We have seen how to install and configure Squid proxy on Ubuntu 22.04.
