How to Setup Squid Proxy in Ubuntu Server 14.04

Selecting the right proxy server software for your dedicated, VPS, or cloud hosting machine can significantly enhance your web operations.

One of the most reliable and efficient options is Squid, a proxy server that provides cache services to its clients. Squid redirects client requests from web browsers to the proxy server, delivers the client’s requests, and keeps a copy of them in the proxy hard disk cache.

This process speeds up internet access, especially for frequently-used files, and reduces internet bandwidth usage.

In this tutorial, we will guide you through the process of setting up Squid Proxy on an Ubuntu Server 14.04. We will cover everything from installation to configuration, ensuring that you can get your proxy server up and running efficiently. By the end of this guide, you will have a fully functional Squid Proxy server that can enhance your web operations and improve your overall server performance.

Step 1: Install Squid 3

sudo apt-get install squid3 -y

Step 2: Configure Common Settings

sudo vi /etc/squid3/squid.conf

Around line 919, define the allowed LAN segment:

acl lan_ehowstuff src 192.168.0.0/24

Around line 1058, allow the defined LAN:

http_access allow lan_ehowstuff

Listen on port 3128:

http_port 3128

Save the configuration.

See also  How to Install and Configure Squid Proxy Server on CentOS 6.2

Step 3: Configure Squid Proxy Authentication using Digest Authentication Scheme

a. Install the program ‘htdigest’:

sudo apt-get install apache2-utils -y

b. Set up user:

sudo htdigest -c /etc/squid3/passwords realm_name user_name

Example:

sudo htdigest -c /etc/squid3/passwords proxy proxyuser1

c. At lines 335-337, add digest squid authentication configuration. Please note that the file digest_pw_auth has been renamed to digest_file_auth in Ubuntu 14.04. By default, the digest authentication scheme is not used unless the program is specified.

auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passwords
auth_param digest realm proxy
acl authenticated_ehowstuff proxy_auth REQUIRED
http_access allow authenticated_ehowstuff

Step 4: Restart the Squid to Take Effect the New Configuration

sudo initctl restart squid3

or

sudo service squid3 restart

Step 5: Verify Port 3128 are Listening

sudo netstat -plunt | grep 3128

Step 6: Configure at Client Browser

Every time you open the browser, the proxy authentication box will be prompted.

How to Setup Squid Proxy in Ubuntu

Step 7: Monitor the Access Log from Proxy Server

You can see proxyuser1 as the authenticated user:

sudo tail -f /var/log/squid3/access.log

For example:

geeks@ubuntu14:~$ sudo tail -f /var/log/squid3/access.log
RECT/173.194.126.55 text/html
1409354804.372   1073 192.168.0.1 TCP_MISS/200 776 GET http://xml.alexa.com/data? proxyuser1 HIER_DIRECT/23.21.109.107 text/xml
1409354842.754    963 192.168.0.1 TCP_MISS/200 2285 POST http://sd.symcd.com/ proxyuser1 HIER_DIRECT/23.51.43.27 application/ocsp-response
1409354843.234   1489 192.168.0.1 TCP_MISS/200 915 POST http://ocsp.digicert.com/ proxyuser1 HIER_DIRECT/117.18.237.29 application/ocsp-response
1409354843.454   1549 192.168.0.1 TCP_MISS/200 2285 POST http://sd.symcd.com/ proxyuser1 HIER_DIRECT/23.51.43.27 application/ocsp-response
1409354848.074   3249 192.168.0.1 TCP_MISS_ABORTED/000 0 POST http://ocsp.thawte.com/ proxyuser1 HIER_NONE/- -
1409354848.877   3248 192.168.0.1 TCP_MISS_ABORTED/000 0 POST http://ocsp.thawte.com/ proxyuser1 HIER_DIRECT/199.7.71.72 -
1409354853.997   1120 192.168.0.1 TCP_MISS/200 794 GET http://hsrd.yahoo.com/_ylt=A86.IsJVDAFUTGsAVsJUqcB_;_ylu=X3oDMTQ0aHJqM2NuBGNjb2RlA2hvbWVydW4yBGNwb3MDMARnAzAyMTMtMGExNGQ5Zjc1NWZkZGUyYTY5M2E0ZmViNzE0MDUwOTctMDAxNARpbnRsA215BHBrZ3QDNARwb3MDMgRzZWMDdGQtb2ZsLWIEc2xrA3RpdGxlBHRlc3QDNjg0BHdvZQM5MTc5OTMzMg--/RV=1/RE=1410564437/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly9teS5zcG9ydHMueWFob28uY29tL2ZhbnRhc3kvc29jY2VyL3ByZW1pZXItbGVhZ3Vl/RS=%5EADA7H0JFo.Ud2RQRqK4zKbm5QoTGVg- proxyuser1 HIER_DIRECT/206.190.39.139 text/html
1409354854.482    280 192.168.0.1 TCP_MISS/200 446 GET http://toolbarqueries.google.com/tbr? proxyuser1 HIER_DIRECT/58.27.61.123 text/html
1409354854.750    549 192.168.0.1 TCP_MISS/200 4214 GET http://xml.alexa.com/data? proxyuser1 HIER_DIRECT/23.21.109.107 text/xml

Commands Mentioned:

  • sudo apt-get install squid3 -y – This command installs Squid 3 on your server.
  • sudo vi /etc/squid3/squid.conf – This command opens the Squid configuration file for editing.
  • acl lan_ehowstuff src 192.168.0.0/24 – This command defines the allowed LAN segment.
  • http_access allow lan_ehowstuff – This command allows the defined LAN.
  • http_port 3128 – This command sets Squid to listen on port 3128.
  • sudo apt-get install apache2-utils -y – This command installs the ‘htdigest’ program.
  • sudo htdigest -c /etc/squid3/passwords realm_name user_name – This command sets up a user for the digest authentication scheme.
  • auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passwords – This command adds the digest authentication configuration.
  • sudo initctl restart squid3 or sudo service squid3 restart – These commands restart Squid to apply the new configuration.
  • sudo netstat -plunt | grep 3128 – This command verifies that Squid is listening on port 3128.
  • sudo tail -f /var/log/squid3/access.log – This command monitors the access log from the proxy server.
See also  How to Configure Squid Proxy Server for Load Balancing

Conclusion

Setting up a Squid Proxy on an Ubuntu Server 14.04 is a straightforward process that can significantly enhance your web operations. By following the steps outlined in this tutorial, you can install and configure Squid, set up a user for the digest authentication scheme, and monitor the access log from the proxy server.

Remember, Squid is a powerful tool that can speed up internet access, especially for frequently-used files, and reduce internet bandwidth usage. It’s a valuable addition to any server, whether it’s a dedicated server, a VPS, or a cloud hosting machine.

See also  How to Disable IPTables on Ubuntu

I hope this tutorial has been helpful. If you have any questions or run into any issues, please leave a comment below.

Comments

9 Comments

  • Avatar Muhammed Sathar says:

    I am setting up an http proxy server on AWS for the users to bypass the blocked urls by our ISP, so the users might access from remotely with different local subnets. basicaly i want to give the access from all source and enabling authentication such as username and password to authenticate with the proxy server. I am using 14.04ubuntu and installed squid, but i am unable to achieve this (i am just a newbie on this ubuntu side) so can you please help me with the scripts if you have some time.

    • Avatar Muhammed Sathar says:

      Hello Skytech, Can you please help me on the above?

      • Avatar skytech says:

        Hi,

        Sorry for late reply. I have updated the post above to use Squid Proxy Authentication using digest authentication. Let me know if you need any other help…

        Hope this helps.

        • Avatar Muhammed Sathar says:

          Great.. thanks a lot.. let me work on this and i will post you the feedback 🙂

          • Avatar Muhammed Sathar says:

            Hi Skytech, Its working fine now.. The auth also works great.. but a quick question what if i want to create multiple users, I think by default it only accept one user at a time. which means I have several users and who required separate user name and passwords, but when i created those and it accept only the last user which created. my server actually hosted in AWS and the purpose is actually that in our region some websites are been blocked and those who need unrestricted access, their traffic will go through this proxy.

            and this is what my squid conf. so is there anything else i need to add on this to create more users.

            Really appreciated your support.

            auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passw$
            auth_param digest realm ibt
            acl authenticated_all proxy_auth REQUIRED
            http_access allow authenticated_all
            acl all src all
            acl SSL_ports port 443
            acl CONNECT method CONNECT
            http_access allow all
            http_port 9999
            hierarchy_stoplist cgi-bin ?
            coredump_dir /var/spool/squid3

  • Avatar Vsla Dds says:

    ehowstuff@ubuntu14:~$ sudo apt-get install squid3 -y
    Why put “-y” at the end of the commands to install squid3

  • Avatar Sergio Soares says:

    Is there any way to add another user with authentication? If i try to add a new one it replaces the first one i create. Thanks

  • Avatar Mars says:

    Thanks for your sharing!

Leave a Reply

Your email address will not be published. Required fields are marked *