How to install Squid proxy server on Ubuntu 18.04
Squid is a full-featured cache proxy server, which supports well-known network protocols like HTTP, HTTPS, FTP, etc. Putting Squid on the front end of the web server can greatly improve the performance of the server by caching repeated requests and filtering network traffic.
This guide will explain how to set up Squid on Ubuntu 18.04, and configure Firefox and Google browser to use this proxy server.
1. Install Squid on Ubuntu
The Squid package is included in the default Ubuntu 18.04 source repository. To install it, run the following command as a sudo user:
sudo apt update
sudo apt install squid
Once the installation is complete, the Squid service will start automatically.
To verify whether the installation is successful, enter the following command, the status of the service will be printed out:
sudo systemctl status squid
● squid.service - LSB: Squid HTTP Proxy version 3.x
Loaded:loaded(/etc/init.d/squid; generated)
Active:active(running) since Thu 2019-06-2711:45:17 UTC
...
Two, configure Squid
Squid is configured by editing the /etc/squid/squid.conf file. New files can be added to the configuration file using the "include" directive.
The configuration file contains comments explaining the role of each configuration option.
Before making any changes, it is best to back up the following original configuration files:
sudo cp /etc/squid/squid.conf{,.orginal}
To edit the file, open it with a text editor:
sudo nano /etc/squid/squid.conf
By default, Squid is configured to listen on port 3128 on all network interfaces of the server.
If you want to modify the port number and set the listening interface, locate the http_port and specify the interface IP address and the new port. If no interface is specified, Squid will listen on all network interfaces.
/etc/squid/squid.conf
# Squid normally listens to port 3128
http_port IP_ADDR:PORT
Running Squid on all interfaces and the default port is suitable for most users.
You can use Access Control Lists (ACLs) to control access to the Squid server.
By default, Squid only allows access from the local host and local network.
If all clients that will use the proxy server have a fixed IP address, you can create an ACL that contains allowed IP addresses.
Instead of adding an IP address to the main configuration, we can create a new configuration file to configure the address: /etc/squid/allowed_ips.txt
192.168.33.1
# All other allowed IPs
Once completed, open the main configuration file and create a new ACL named allowed_ips, and use the http_access directive to allow it to access: /etc/squid/squid.conf
# ...
acl allowed_ips src "/etc/squid/allowed_ips.txt"
# ...
# http_access allow localnet
http_access allow localhost
http_access allow allowed_ips
# And finally deny all other access to this proxy
http_access deny all
The order of this http_access rule is important. Make sure you add this line before http_access deny all.
The http_access directive is similar to firewall rules. Squid reads rules from top to bottom, and subsequent matching rules will not be processed.
No matter what changes you make to the configuration file, you need to restart the Squid server to make the changes take effect:
sudo systemctl restart squid
Three, Squid authentication##
Squid can use different backends, including Samba, LDAP and HTTP basic authentication to authenticate users.
In this example, we configure Squid to use basic authentication. It is a simple authentication method built into the HTTP protocol.
We will use openssl to generate the password, and append the username:password pair to the file /etc/squid/htpasswd and display it:
printf "USERNAME:$(openssl passwd -crypt PASSWORD)\n"| sudo tee -a /etc/squid/htpasswd
For example, to create a username of mike and a password of Pz$lPk76, you will run:
printf "mike:$(openssl passwd -crypt 'Pz$lPk76')\n"| sudo tee -a /etc/squid/htpasswd
mike:2nkgQsTSPCsIo
The next step is to configure Squid to enable HTTP basic authentication and use this file.
Open the main configuration file and add the following content: /etc/squid/squid.conf
# ...
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# ...
http_access allow localnet
http_access allow localhost
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all
In the first three lines, we created an ACL named authenticated, and the last line allows authenticated users to access.
Restart the Squid service:
sudo systemctl restart squid
Fourth, configure firewall##
Assuming you are using UFW to manage your firewall, you need to open the Squid port. To enable the'Squid' profile with the default Squid port:
sudo ufw allow 'Squid'
To verify the status, enter:
sudo ufw status
The output should look like this:
Status: active
To Action From
- - - - - - - - - - - - 22 /tcp ALLOW Anywhere
Squid ALLOW Anywhere
22 /tcp(v6) ALLOW Anywhere(v6)Squid(v6) ALLOW Anywhere(v6)
If Squid is running on another non-default port, for example`8888`You can allow your traffic to pass through that port, set`sudo ufw allow 8888/tcp`。
Five, configure your browser to use a proxy server##
Now that you have built Squid, the last step is to configure your favorite browser to use it.
5.1 Firefox
The following steps are the same for Windows, macOS, and Linux.
-
In the upper right corner, click the hamburger icon
☰to open the Firefox menu: -
Click
⚙ Preferencesto connect. -
Scroll to the
Network Settingssection, and click theSettings...button. -
Open a new window.
- Select the
Manual proxy configurationradio button. - Enter your Squid server IP address in the
HTTP Hosttext field, and enter3128in thePorttext field. - Check the
Use this proxy server for all protocolscheckbox. - Click the
okbutton to save the settings.
At this point, your Firefox is configured. You can browse the Internet through the Squid proxy server. To verify it, open google.com, type "what is my ip", and you can see your Squid server IP address.
To restore the default settings, find the Network Settings, select the Use system proxy settings radio button, and save the settings.
There are also some plug-ins that can help you configure Firefox's proxy server settings, for example: FoxyProxy.
5.2 Google Chrome
Google Chrome uses the default system proxy server settings. You can also install an extension, for example: SwitchyOmega, or start the Chrome web server from the terminal command line.
To start Chrome with the new settings and connect to the Squid server, use the following command:
Linux:
/usr/bin/google-chrome \
- - user-data-dir="$HOME/proxy-profile" \
- - proxy-server="http://SQUID_IP:3128"
macOS:
" /Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
- - user-data-dir="$HOME/proxy-profile" \
- - proxy-server="http://SQUID_IP:3128"
Windows:
" C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"^--user-data-dir="%USERPROFILE%\proxy-profile"^--proxy-server="http://SQUID_IP:3128"
If this configuration does not exist, it will be created automatically. In this way, you can run multiple instances at the same time.
To confirm whether the proxy server is working properly, open google.com and enter "what is my ip". The IP displayed in your browser should be the IP of your server.
Six, summary##
You have learned how to install squid on Ubuntu 18.04 and configure your browser to use it.
Squid is one of the most famous proxy cache servers. It improves the speed of the web server and can help you restrict users' access to the network.
Recommended Posts