Install Squid Proxy on Ubuntu 22.04: Best Proxy Server

By Posted on

Install Squid Proxy on Ubuntu 22.04: Best Proxy Server

Install Squid Proxy on Ubuntu 22.04: Best Proxy Server

In this comprehensive guide, brought to you by Orcacore, you will learn how to Install Squid Proxy on Ubuntu 22.04 to provide an HTTP Proxy. Squid is a powerful and versatile caching proxy server widely used on Linux and Unix platforms. Its primary function is to store requested Internet objects, such as data from web or FTP servers, on a machine that is geographically closer to the requesting workstation than the origin server. This strategic placement allows for faster response times and reduced bandwidth consumption, especially when deployed in hierarchical configurations, even in modes transparent to end-users. Squid is particularly beneficial for organizations seeking to improve network performance and control internet access.

It’s important to note that Squid is primarily an HTTP proxy server. While it supports protocols like FTP, Gopher, SSL, and WAIS, it does not natively support other Internet protocols such as the news protocol or video conferencing protocols. Furthermore, due to its reliance on the UDP protocol for communication between different caches, Squid may not be suitable for all multimedia applications.

Steps To Install and Configure Squid Proxy on Ubuntu 22.04

Before you begin, ensure you have the following prerequisites:

  • A server running Ubuntu 22.04.
  • Login access to the server as a non-root user with sudo privileges.
  • A basic firewall set up. You can refer to our guide on Initial Server Setup with Ubuntu 22.04 for assistance.
  • Ideally, a domain name pointed to your server’s IP address.

1. Install Squid Proxy on Ubuntu 22.04

Squid packages are readily available in the default Ubuntu repository. Start by updating your system’s package list:

sudo apt update

Next, install the Squid proxy server using the following command:

sudo apt install squid -y

Upon successful installation, the Squid service will automatically start. To verify its status, execute the command below:

sudo systemctl status squid.service
**Output**
● squid.service - Squid Web Proxy Server
     Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
     Active: **active** (**running**) since Wed 2023-01-18 13:11:55 UTC; 12s ago
       Docs: man:squid(8)
    Process: 55621 ExecStartPre=/usr/sbin/squid --foreground -z (code=exited, status=0/SUCCESS)
   Main PID: 55624 (squid)
      Tasks: 4 (limit: 4575)
     Memory: 15.6M
        CPU: 608ms
     CGroup: /system.slice/squid.service
...

The output confirms that the Squid service is active and running.

2. Allow Clients to Connect to Squid

By default, Squid is configured to only accept connections from localhost. To allow clients to connect from outside the server, you need to modify the Squid configuration file.

Open the Squid configuration file using your preferred text editor. In this example, we’ll use vi:

sudo vi /etc/squid/squid.conf

Locate the following lines within the configuration file:

**Include /etc/squid/conf.d/*.conf**
...
http_access allow localhost
...
http_access deny all
...

While changing deny all to allow all would permit anyone to connect to your proxy server, it is highly discouraged due to security implications. Instead, you should restrict access to specific IP addresses.

To do this, add the following line above the http_access allow localhost line, replacing <mark>your_ip_address</mark> with the actual IP address you want to allow:

...
**acl localnet src** **<mark>your_ip_address</mark>**
http_access allow localhost
...

You can determine your IP address by visiting websites like What’s My IP?.

Once you’ve made the changes, save and close the file.

3. Create username-password pairs for Squid

To enhance security, you can implement username-password authentication for your Squid proxy. This provides an additional layer of protection beyond IP address restrictions.

First, install the Apache utilities, which include the htpasswd command used for generating password hashes:

sudo apt install apache2-utils -y

Now, use the htpasswd command to create a password for your desired Squid user, replacing <mark>your_squid_username</mark> with the actual username:

sudo htpasswd -c /etc/squid/passwords <mark>your_squid_username</mark>

You will be prompted to enter and confirm a password for the new user:

**Output**
New password:
Re-type new password:
Adding password for user squiduser

This command stores the username and a hashed version of the password in the /etc/squid/passwords file, which Squid will use for authentication.

You can view the contents of the password file using:

sudo cat /etc/squid/passwords
**Output**
orca:$apr1$j1VA1QJN$wRwt9aob6sy7Ua0HknQT0.

4. Squid Proxy Configuration on Ubuntu 22.04

Reopen the Squid configuration file:

sudo vi /etc/squid/squid.conf

Add the following lines to the configuration file. Make sure to replace <mark>your_ip_address</mark> with your IP Address

...
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
**include /etc/squid/conf.d/*.conf
**<mark>auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED</mark>
# Example rule allowing access from your local networks.
acl localnet src <mark>your_ip_address</mark>
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost
<mark>http_access allow authenticated
</mark># And finally deny all other access to this proxy
http_access deny all
...

Save and close the configuration file.

To apply the changes, restart the Squid service:

sudo systemctl restart squid.service

Configure Firewall for Squid

If you are using the UFW firewall, you need to allow traffic on port 3128, the default Squid port:

sudo ufw allow 3128

Reload the firewall to activate the new rule:

sudo ufw reload

5. Connect through the Squid Proxy Server

You can test your Squid proxy server using the curl command.

curl -v -x http://<mark>your_squid_username</mark>:<mark>your_squid_password</mark>@<mark>your_server_ip</mark>:3128 http://www.google.com/

The output should resemble the following:

...
< HTTP/1.1 200 OK
< Date: [Date and Time]
...
Install Squid Proxy on Ubuntu 22.04

You can also access HTTPS sites through your Squid proxy without any additional configuration:

curl -v -x http://<mark>your_squid_username</mark>:<mark>your_squid_password</mark>@<mark>your_server_ip</mark>:3128 https://www.google.com/

The output will be similar to the following:

...
< HTTP/1.1 200 OK
< Date: [Date and Time]
...
Connect through the Squid Proxy Server

For more detailed information and advanced configuration options, consult the official Squid Documentation page.

Conclusion

You have now successfully learned how to Install Squid Proxy on Ubuntu 22.04 to provide an HTTP Proxy. Squid is a robust and versatile caching server that can significantly improve network performance and security. The Install Squid Proxy is now complete.

Alternative Solutions for Proxying on Ubuntu 22.04

While Squid is a great choice for a proxy server, here are two alternative approaches you can consider:

1. Tinyproxy

Tinyproxy is a lightweight HTTP/HTTPS proxy server designed for small networks. Unlike Squid, it is designed for simplicity and low resource usage. It lacks many of the advanced features of Squid, such as caching and extensive access controls, but it can be a suitable option for basic proxying needs. Install Squid Proxy might be overkill for small operations, Tinyproxy is simple.

Installation and Configuration:

  1. Install Tinyproxy:

    sudo apt update
sudo apt install tinyproxy -y

  2. Configure Tinyproxy: Open the configuration file:

    sudo vi /etc/tinyproxy/tinyproxy.conf

    By default, Tinyproxy only allows connections from localhost. To allow connections from other IP addresses, you need to add Allow lines specifying the IP addresses or networks you want to allow. For example, to allow connections from the 192.168.1.0/24 network, add the following line:

    Allow 192.168.1.0/24

    You can also configure the listening port (the default is 8888) using the Port directive.

  3. Restart Tinyproxy:

    sudo systemctl restart tinyproxy

  4. Firewall:

    sudo ufw allow 8888
sudo ufw reload

Code Example (Testing with curl):

curl -v -x http://your_server_ip:8888 http://www.google.com

Explanation:

Tinyproxy is simpler to configure than Squid. Its configuration file is straightforward, focusing on basic settings like listening port and allowed IP addresses. It’s a good choice when you need a minimal proxy server without the complexities of caching and advanced access control. However, for scenarios requiring advanced features, Install Squid Proxy is probably a better idea.

2. Shadowsocks

Shadowsocks is a lightweight, high-performance SOCKS5 proxy designed for circumventing censorship. While not a direct replacement for an HTTP proxy like Squid, it can be used to tunnel HTTP traffic and bypass network restrictions. It focuses on security and performance, making it suitable for privacy-conscious users. It is not the same as Install Squid Proxy, but it has its uses.

Installation and Configuration:

  1. Install Shadowsocks (server-side):

    sudo apt update
sudo apt install shadowsocks-libev -y

  2. Configure Shadowsocks: Create a configuration file (e.g., /etc/shadowsocks-libev/config.json):

    {
  "server":"0.0.0.0",
  "server_port":8388,
  "local_address": "127.0.0.1",
  "local_port":1080,
  "password":"your_secure_password",
  "timeout":300,
  "method":"aes-256-cfb"
}

    Replace "your_secure_password" with a strong password.

  3. Start Shadowsocks:

    sudo systemctl start shadowsocks-libev
sudo systemctl enable shadowsocks-libev

    Check the status:

    sudo systemctl status shadowsocks-libev

  4. Firewall:

    sudo ufw allow 8388
sudo ufw reload

Client-Side (example for Linux):

  1. Install Shadowsocks (client-side):

    sudo apt update
sudo apt install shadowsocks-libev -y
  2. Configure Client: You can configure your applications to use the Shadowsocks proxy by setting the SOCKS5 proxy to 127.0.0.1:1080 (or the local_port you configured on the server). You’ll also need a client-side Shadowsocks application (e.g., a browser extension) to manage the connection.

Code Example (Using proxychains to tunnel curl through Shadowsocks):

  1. Install proxychains:

    sudo apt install proxychains4 -y

  2. Configure proxychains: Edit /etc/proxychains4.conf and add the Shadowsocks server details:

    socks5  127.0.0.1 1080

  3. Use proxychains:

    proxychains4 curl http://www.google.com

Explanation:

Shadowsocks provides a secure and efficient way to bypass network restrictions. It operates as a SOCKS5 proxy, encrypting traffic between the client and the server. While it requires client-side configuration, it offers a higher level of privacy and security compared to basic HTTP proxies, and it is also different than Install Squid Proxy. It’s particularly useful in environments where censorship or network filtering is a concern.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *