How to Setup Squid Proxy in Ubuntu Server 14.04

How to Setup Squid Proxy in UbuntuSquid is a proxy server that provide cache services to the clients. It redirects client requests from web browsers to the proxy server and delivers the client’s requests and keeps a copy of them in the proxy hard disk cache. This will speeding up internet access especially for frequently-used files and reduces internet bandwidth. Squid program does not requires intensive CPU usage. To increase efficiency, i would recommend to buy faster disks or add more memory into the squid proxy server. This post describes basic steps on how to Setup Squid Proxy in Ubuntu Server 14.04.

How to Setup Squid Proxy in Ubuntu

 

 

How to Setup Squid Proxy in Ubuntu

1. Install Squid 3 :

ehowstuff@ubuntu14:~$ sudo apt-get install squid3 -y

2. Configure common setting :

ehowstuff@ubuntu14:~$ sudo vi /etc/squid3/squid.conf

Around line 919, define allowed LAN segment :

..
acl lan_ehowstuff src 192.168.0.0/24
..

Around line 1058, allow defined LAN :

..
http_access allow lan_ehowstuff
..

Listen on port 3128 :

# Squid normally listens to port 3128
http_port 3128

Save the configuration

See also  How to Install Wireshark on CentOS 6.2

3. Configure Squid Proxy Authentication using digest authentication scheme :

a. Install the program ‘htdigest’ :

ehowstuff@ubuntu14:~$ sudo apt-get install apache2-utils -y

b. Setting up user :

sudo htdigest -c /etc/squid3/passwords realm_name user_name

Example :

ehowstuff@ubuntu14:~$ sudo htdigest -c /etc/squid3/passwords proxy proxyuser1
Adding password for proxyuser1 in realm proxy.
New password:
Re-type new password:

c. At line 335-337, add digest squid authentication configuration. Please note that the file digest_pw_auth has been renamed to digest_file_auth in ubuntu 14.04. By default, the digest authentication scheme is not used unless the program is specified.

auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passwords
auth_param digest realm proxy
acl authenticated_ehowstuff proxy_auth REQUIRED
http_access allow authenticated_ehowstuff

4. Restart the Squid to take affect the new configuration :

ehowstuff@ubuntu14:~$ sudo initctl restart squid3
squid3 start/running, process 2185

or

ehowstuff@ubuntu14:~$ sudo service squid3 restart

5. Verify port 3128 are listening :

ehowstuff@ubuntu14:~$ sudo netstat -plunt | grep 3128
tcp6       0      0 :::3128                 :::*                    LISTEN      2185/squid3

6. Configure at client browser :
How to Setup Squid Proxy in Ubuntu

See also  How to Setup Persistent Static Routes on Linux CentOS 6.4

7. Everytime you open the browser, proxy authentication box will be prompted :
How to Setup Squid Proxy in Ubuntu

8. Monitor the access log from proxy server. You can see proxyuser1 as authenticated user :

ehowstuff@ubuntu14:~$ sudo tail -f /var/log/squid3/access.log
RECT/173.194.126.55 text/html
1409354804.372   1073 192.168.0.1 TCP_MISS/200 776 GET http://xml.alexa.com/data? proxyuser1 HIER_DIRECT/23.21.109.107 text/xml
1409354842.754    963 192.168.0.1 TCP_MISS/200 2285 POST http://sd.symcd.com/ proxyuser1 HIER_DIRECT/23.51.43.27 application/ocsp-response
1409354843.234   1489 192.168.0.1 TCP_MISS/200 915 POST http://ocsp.digicert.com/ proxyuser1 HIER_DIRECT/117.18.237.29 application/ocsp-response
1409354843.454   1549 192.168.0.1 TCP_MISS/200 2285 POST http://sd.symcd.com/ proxyuser1 HIER_DIRECT/23.51.43.27 application/ocsp-response
1409354848.074   3249 192.168.0.1 TCP_MISS_ABORTED/000 0 POST http://ocsp.thawte.com/ proxyuser1 HIER_NONE/- -
1409354848.877   3248 192.168.0.1 TCP_MISS_ABORTED/000 0 POST http://ocsp.thawte.com/ proxyuser1 HIER_DIRECT/199.7.71.72 -
1409354853.997   1120 192.168.0.1 TCP_MISS/200 794 GET http://hsrd.yahoo.com/_ylt=A86.IsJVDAFUTGsAVsJUqcB_;_ylu=X3oDMTQ0aHJqM2NuBGNjb2RlA2hvbWVydW4yBGNwb3MDMARnAzAyMTMtMGExNGQ5Zjc1NWZkZGUyYTY5M2E0ZmViNzE0MDUwOTctMDAxNARpbnRsA215BHBrZ3QDNARwb3MDMgRzZWMDdGQtb2ZsLWIEc2xrA3RpdGxlBHRlc3QDNjg0BHdvZQM5MTc5OTMzMg--/RV=1/RE=1410564437/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly9teS5zcG9ydHMueWFob28uY29tL2ZhbnRhc3kvc29jY2VyL3ByZW1pZXItbGVhZ3Vl/RS=%5EADA7H0JFo.Ud2RQRqK4zKbm5QoTGVg- proxyuser1 HIER_DIRECT/206.190.39.139 text/html
1409354854.482    280 192.168.0.1 TCP_MISS/200 446 GET http://toolbarqueries.google.com/tbr? proxyuser1 HIER_DIRECT/58.27.61.123 text/html
1409354854.750    549 192.168.0.1 TCP_MISS/200 4214 GET http://xml.alexa.com/data? proxyuser1 HIER_DIRECT/23.21.109.107 text/xml

I hope that above guidelines on how to Setup Squid Proxy in Ubuntu Server will help system administrator to start installing their own proxy server.

How to Reset the Directory Manager Password on RHEL 7 / CentOS 7
How to Reset the Directory Manager Password on RHEL 7 / CentOS 7

It is best practice to remember passwords, but because too many passwords, sometimes we forget. We are not encouraged to write the password on any paper or share the password...

How to Find Big Files Size on Linux RHEL/CentOS
How to Find Big Files Size on Linux RHEL/CentOS

As the linux administrator, sometimes we have to identify which files are most take much space in the linux server resulting in low free space. Low disk space can also...

Why Linux users should worry about malware and what they can do about it
Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux. Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If...

How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7
How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7

This short howto will explain the steps to reset a lost root password or to reset a forgotten root password on Linux RHEL 7 or CentOS 7. Basically, we will...

How to Update CentOS or Upgrade CentOS to the Latest Version
How to Update CentOS or Upgrade CentOS to the Latest Version

Recently, the latest version of CentOS 7.3 was released. All users of CentOS 7.0, 7.1 and 7.2 can upgrade their system to the most recent. This quick guide will explain...

How to Change your WordPress Username, Nickname and Display Name in MySQL
How to Change your WordPress Username, Nickname and Display Name in MySQL

After you create an account log in WordPress, you may want to change your WordPress username, as appropriate or due to security reason. However, you can not do this from...

How to Enable SSH Root Login on Ubuntu 16.04
How to Enable SSH Root Login on Ubuntu 16.04

As what we wrote in the previous article on how to allow SSH root on Ubuntu 14.04, after installing a fresh new copy of Ubuntu 16.04 LTS, we find that...

How to Change UUID of Linux Partition on CentOS 7
How to Change UUID of Linux Partition on CentOS 7

UUID (Universally Unique IDentifier) should be unique and it is used to identify storage devices on a linux system. If you cloned a virtual machine from vCenter, the metadata containing...

9 Comments

  • Avatar for Muhammed Sathar Muhammed Sathar says:

    I am setting up an http proxy server on AWS for the users to bypass the blocked urls by our ISP, so the users might access from remotely with different local subnets. basicaly i want to give the access from all source and enabling authentication such as username and password to authenticate with the proxy server. I am using 14.04ubuntu and installed squid, but i am unable to achieve this (i am just a newbie on this ubuntu side) so can you please help me with the scripts if you have some time.

    • Avatar for Muhammed Sathar Muhammed Sathar says:

      Hello Skytech, Can you please help me on the above?

      • Avatar for skytech skytech says:

        Hi,

        Sorry for late reply. I have updated the post above to use Squid Proxy Authentication using digest authentication. Let me know if you need any other help…

        Hope this helps.

        • Avatar for Muhammed Sathar Muhammed Sathar says:

          Great.. thanks a lot.. let me work on this and i will post you the feedback 🙂

          • Avatar for Muhammed Sathar Muhammed Sathar says:

            Hi Skytech, Its working fine now.. The auth also works great.. but a quick question what if i want to create multiple users, I think by default it only accept one user at a time. which means I have several users and who required separate user name and passwords, but when i created those and it accept only the last user which created. my server actually hosted in AWS and the purpose is actually that in our region some websites are been blocked and those who need unrestricted access, their traffic will go through this proxy.

            and this is what my squid conf. so is there anything else i need to add on this to create more users.

            Really appreciated your support.

            auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passw$
            auth_param digest realm ibt
            acl authenticated_all proxy_auth REQUIRED
            http_access allow authenticated_all
            acl all src all
            acl SSL_ports port 443
            acl CONNECT method CONNECT
            http_access allow all
            http_port 9999
            hierarchy_stoplist cgi-bin ?
            coredump_dir /var/spool/squid3

  • Avatar for Vsla Dds Vsla Dds says:

    ehowstuff@ubuntu14:~$ sudo apt-get install squid3 -y
    Why put “-y” at the end of the commands to install squid3

  • Avatar for Sergio Soares Sergio Soares says:

    Is there any way to add another user with authentication? If i try to add a new one it replaces the first one i create. Thanks

  • Avatar for Mars Mars says:

    Thanks for your sharing!

Leave a Reply

Your email address will not be published. Required fields are marked *