×

How to Install Squid Proxy Server on Ubuntu 22.04

How to Install Squid Proxy Server on Ubuntu 22.04


In this blog post, we will show you how to install squid proxy server on Ubuntu 22.04 step-by-step.

As a regular internet user, you might probably be wondering how best you can maintain your online privacy. One of the options is leveraging a VPN which encrypts your traffic and guarantees data privacy and anonymity. The other equally efficient option is using a Proxy server.

What is a Proxy Server?

A proxy server is a system or intermediary that sits between your computer and the internet, separating you from the websites that you visit. Proxy provides varying levels of privacy and security depending on your browsing needs or IT policy in your Company.

With a Proxy server, traffic flows from your device through the proxy server – which acts as an intermediary – to the target website. The web server on which the website sits responds to the request and sends back web traffic through the same proxy server, which then forwards the data from the website to you.

What is Squid Proxy Server?

Squid is an open-source, flexible, and fully-featured proxy server primarily used as a caching proxy. It’s highly customizable and offers an array of features such as traffic optimization, caching, load balancing, and IP anonymization.

Through caching, it optimizes web performance by caching frequently accessed web content and compressing traffic thus reducing network bandwidth. In addition, Squid proxy allows you to circumvent content restrictions imposed by governments i.e. access geo-restricted websites. Through the Access Control List feature you can control the websites that employees or other users can browse based on their URL or keywords. The Proxy can also be coupled with a VPN to provide an added layer of security.

Prerequisites

  • Pre-Install Ubuntu 22.04 system
  • Sudo User with admin rights
  • Reliable Internet Connectivity

Lab Details:

With that out of the way, let’s deep dive into squid proxy server installation steps.

1) Update APT cache

To start, log into your server and update the local package index:

$ sudo apt update

The command updates the local software repository index and syncs the cache.

2) Install Squid Proxy Server on Ubuntu 22.04

Squid is available on Ubuntu repositories. You can verify this using the following command:

$ sudo apt-cache policy squid

The command outputs crucial information such as whether the package is installed or not, the version (in this case version 5.7), and the URL of the repository.

Apt-Cache-Policy-Squid-Ubuntu-Linux

Next, use the APT package manager to install the Squid Proxy server.

$ sudo apt install squid -y

Install-Squid-Proxy-Server-on-Ubuntu-22-04

The Squid proxy server service starts automatically. You can verify using the command:

$ sudo systemctl status squid

Squid-Proxy-Service-Status-Ubuntu

By default, Squid Proxy runs on TCP port 3128. You can confirm by running the ss command as shown.

$ sudo ss -pnltu | grep -i 3128

Squid-Proxy-Port-Status-Ubuntu

At this point, we’ve successfully installed Squid Proxy Server. Let’s now go ahead and configure squid and its authentication for client systems.

3) Configure Squid for Clients

As shown in lab details section, our client’s network is “192.168.56.0/24”, so we will allow internet connection to this network via squid. Edit squid configuration file and add the following lines to it.

Note: In squid conf, ACL (Access Control List) define what will be allowed via squid.

$ sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
$ sudo vi /etc/squid/squid.conf

Comment out the default localnet ACL, starting from line number approximate “1333” and add new acl for your clients network as show below:

Clients-Network-Acl-Squid-Ubuntu

Next, define http_access and http_deny rule for your custom acl. Go the line number “1554” add the following lines.

………………
http_access allow clients_net
acl blocksites dstdomain /etc/squid/blocksites.txt
http_access deny blocksites
………………

Change the default squid port from 3128 to 8080, search http_port and set port as 8080 as shown below:

http_port 8080

save and close the file.

Create a /etc/squid/blocksites.txt file and add the web site domain which you want to block via squid.

$ cat /etc/squid/blocksites.txt
.facebook.com
.whatsapp.com

Restart squid service to make above changes into the affect.

$ sudo systemctl restart squid

4) Configure Basic HTTP authentication for Squid

In this section, we will configure basic HTTP authentication for client systems. This is the simplest authentication that comes with the HTTP protocol.

To set sail with creating authentication, install the apache2-utils package.

$ sudo apt install apache2-utils -y

Apt-Install-Apache2-Utils-Ubuntu

Next, create a password file that will contain authentication details for the client. So, run the following command. Here,  passwords is the name of the password file.

$ sudo touch /etc/squid/passwords
$ sudo chmod 777 /etc/squid/passwords

Next, generate the client’s password using the htpasswd utility. Here, alex is the username of the client.

$ sudo htpasswd -c /etc/squid/passwords alex

You will be prompted for the user’s password. Provide and confirm it.

To test the password file, run the command:

$ /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords

When the command is executed, you will notice that the shell appears hung. So enter username password (Be sure to replace these with your respective username and password ). Then hit ENTER.

You will get ‘OK’  as the output.

Test-Squid-User-Authentication-Command-Ubuntu

Next, we are going to configure the Squid configuration file

$ sudo vi /etc/squid/squid.conf

Then add the following lines. We will briefly discuss what they entail shortly.

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access allow clients_net
acl blocksites dstdomain /etc/squid/blocksites.txt
http_access deny blocksites

# And finally deny all other access to this proxy
http_access deny all

dns_v4_first on
forwarded_for delete
via off

Save the changes and exit the Squid configuration file.

Squid-Authentication-Parameters-Ubuntu

Let’s check out what some lines stand for.

  • auth_param basic casesensitive off: Case sensitivity is disabled.
  • acl authenticated proxy_auth REQUIRED:  Requires authentication to the Proxy server.
  • http_access allow authenticated: Allows authenticated clients HTTP access
  • dns_v4_first on: Only IPv4 will be used to speed up the proxy.
  • forwarded_for delete: Prevents forwarding of the http header which would expose your source to the destination.
  • via off: Removes additional headers to avoid exposing the source.

5) Restart Squid Proxy

For the changes to come into effect, restart the Squid Proxy service.

$ sudo systemctl restart squid

Alternatively, you can reload Squid without restarting the service as shown.

$ sudo systemctl reload squid

In addition, verify whether Squid Proxy is running as expected.

$ sudo systemctl status squid

6) Configure Firewall Rule for Squid

If you are behind a firewall, be sure to open the Squid Proxy port that you have specified. In this case, we are opening port 8080.

$ sudo ufw allow 8080/tcp
$ sudo ufw reload

7) Test Squid Proxy Server

Let’s now put the Proxy Server to the test. To do so, head to a client system’s browser. In this example, we are using Firefox for demonstration.

Navigate to the ‘Network’ settings and head over to the Proxy settings section. Fill out the IP address of the Proxy Server and specify the port number. Additionally, select to use the proxy for HTTPS protocol which most sites use.

Then click ‘Ok’.

Proxy-Settings-Firefox-Ubuntu-Linux

Now head over to your web browser and try to visit any site.  A pop-up will appear prompting for the Squid Authentication credentials i.e Username and password configured in Step 4.

Provide the credentials and hit ‘Sign in’.

Proxy-UserName-Password-Firefox-Ubuntu-Linux

Your Firefox browser is now configured to use the Proxy Server. You can confirm this by heading to google.com and searching ‘What is my IP’.

You will notice that your IP is the same as the Proxy Server’s. This confirms that we have successfully connected to the proxy server.

Conclusion

A proxy server offer numerous benefits including anonymity, privacy, and access to geo-restricted websites. In this post, we have demonstrated how to install and configure Squid Proxy on Ubuntu 22.04 LTS. Feel free to post your queries and feedback in below comments section.



Source link