Squid is a full-featured caching proxy, supports popular network protocols, such as HTTP, HTTPS, FTP and so on. It can be used by the cache repeat request, Web traffic filtering content and access geographic restrictions to improve the performance of the Web server.
In this tutorial, we will explain how to set up Squid proxy on Debian Buster. We'll also show you how to configure Firefox and Google Chrome web browser to use it.
Squid is installed on Debian
Squid package included in the standard Debian 10 storage library. Run the following command to the user identity sudo to install Squid:
sudo apt update
sudo apt install squidAfter installation is complete, Squid service will start automatically.
To verify that the installation was successful and the service is running Squid Squid by checking the status of the service:
sudo systemctl status squid● squid.service - LSB: Squid HTTP Proxy version 3.x
Loaded: loaded (/etc/init.d/squid; generated)
Active: active (running) since Sat 2019-08-03 08:52:47 PDT; 3s ago
...Configuring Squid
Squid can be configured by editing the configuration file /etc/squid/squid.conf. You can "include" instruction includes a separate profile.
The squid.conf configuration file contains comments describing what each configuration option to do.
Before making any changes, it is best to back up the original file:
sudo cp /etc/squid/squid.conf{,.orginal}To modify the configuration, open the file in a text editor:
sudo nano /etc/squid/squid.confBy default, Squid listening port 3128 on all network interfaces.
If you want to change the port and set the listening socket, locate the line beginning with http_port, and specify the interface IP address and the new port. If you do not specify an interface, Squid will listen on all interfaces.
in /etc/squid/squid.conf
# Squid normally listens to port 3128
http_port IP_ADDR:PORTIn all interfaces and default port to run Squid should be suitable for most users.
Access Control List (ACL) allows you to control client access to Web resources. By default, Squid allows access only from localhost.
If you use a proxy all clients have a static IP address, the easiest option is to create ACL containing the IP allowed.
We will create a stored file that contains the new IP address instead of adding IP addresses in the main configuration file:
/etc/squid/allowed_ips.txt
192.168.33.1
# All other allowed IPsWhen finished, open the main configuration file and create a new ACL named allowed_ips (first row highlighted), and allows the use of the http_access directive (second row highlighted) to access the ACL:
in /etc/squid/squid.conf
# ...
acl allowed_ips src "/etc/squid/allowed_ips.txt"
# ...
#http_access allow localnet
http_access allow localhost
http_access allow allowed_ips
# And finally deny all other access to this proxy
http_access deny allHttp_access order of the rules is important. Be sure to add the final line http_access deny all.
The command works with firewall rules http_access similar. Squid reading rules from top to bottom, when the rule is matched, the following rules are not processed.
Whenever you change the configuration file, you need to restart the Squid service for the changes to take effect:
sudo systemctl restart squidSquid Authentication
Squid can use different back-end, including Samba, LDAP and HTTP Basic authentication.
In this example, we will configure Squid to use Basic authentication. It is built into the HTTP protocol simple authentication method.
We will use the openssl utility to generate a password, and use the following command the username: password pairs to the / etc / squid / htpasswd file tee in:
printf "USERNAME:$(openssl passwd -crypt PASSWORD)\n" | sudo tee -a /etc/squid/htpasswd
Let's create a user named "buster" and the password is "Sz $ Zdg69":
printf "buster:$(openssl passwd -crypt 'Sz$Zdg69')\n" | sudo tee -a /etc/squid/htpasswdbuster:RrvgO7NxY86VMThe next step is to enable HTTP basic authentication. Open the main configuration and add the following:
in /etc/squid/squid.conf
# ...
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# ...
#http_access allow localnet
http_access allow localhost
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny allThe first three highlighted line creates a new ACL name is authenticated, and the last line highlighted allows users to access authenticated.
Restart Squid service:
sudo systemctl restart squidConfigure the firewall
UFW 3128 users can open the port by enabling the "Squid" configuration file:
sudo ufw allow 'Squid'If nftables connected to the filtration system, it is necessary to open the port by issuing the following commands:
sudo nft add rule inet filter input tcp dport 3128 ct state new,established counter acceptIf Squid is running on another non-default port, the traffic on that port needs to allow.
Configure your browser to use a proxy
In this section, you will show you how to configure your browser to use Squid proxy.
Firefox
For Windows, macOS and Linux, the same steps.
- In the upper right corner, click on the icon ☰ hamburger open the Firefox menu:
- Click ⚙ Preferences link.
- Scroll down to the Network Settings section, and then click the Settings ... button.
-
A new window will open.
- Select Manual proxy configuration radio button.
- Port field enter your Squid server's IP address HTTP Host field in 3128.
- Select the Use this proxy server for all protocols check box.
- Click the OK button to save the settings.
At this point, your Firefox is configured, you can Squid proxy browse the Internet. To verify it, open google.com, type "What is my IP", you should see your Squid server IP address.
To restore the default settings, go to Network Settings, select Use system proxy settings radio button and save the settings.
There are several plug-ins can help you configure the proxy settings in Firefox, such as FoxyProxy .
Google Chrome
Google Chrome uses the default system proxy settings. You can use plug-ins (such as SwitchyOmega) or launch Chrome web browser from the command line, instead of changing the operating system proxy settings.
To start using the new profile and connect to the Chrome Squid server, use the following command:
Linux:
/usr/bin/google-chrome \ --user-data-dir="$HOME/proxy-profile" \ --proxy-server="http://SQUID_IP:3128"
Apple System:
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \ --user-data-dir="$HOME/proxy-profile" \ --proxy-server="http://SQUID_IP:3128"
Windows:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^ --user-data-dir="%USERPROFILE%\proxy-profile" ^ --proxy-server="http://SQUID_IP:3128"
If the configuration file does not exist, create the file automatically. This way, you can run multiple Chrome instances simultaneously.
To confirm that the proxy server is working properly, open google.com, then type "what is my ip". IP is displayed in the browser should be the IP address of the server.
in conclusion
We've covered how to install Squid on a Debian 10 and configure the browser to use its basics.
Squid is one of the most popular proxy cache server. It can increase the speed of the Web server, and can help you limit users access the Internet.
If you have any questions, please leave a message below.