Squid is a full-featured caching proxy, supports popular network protocols, such as HTTP, HTTPS, FTP and so on. Squid is mainly used by caching repeated requests, filtering Web traffic and access to geographic content restrictions to improve the performance of Web servers.
Squid installed on Ubuntu
Squid package included in the default Ubuntu 18.04 repositories. To install it, use the sudo user running the following command:
sudo apt update sudo apt install squid
After installation is complete, Squid service will start automatically.
To verify that the installation was successful and whether Squid service is running, type the following command to print the service status:
sudo systemctl status squid
● squid.service - LSB: Squid HTTP Proxy version 3.x Loaded: loaded (/etc/init.d/squid; generated) Active: active (running) since Thu 2019-06-27 11:45:17 UTC ...
Configuring Squid
Squid can be configured by editing the file /etc/squid/squid.conf. You can also use separate file with configuration options, you can use the "include" directive to include these options.
The configuration file contains comments that describe each configuration option.
Before making any changes, it is best to back up the original configuration file:
Sudo cp /etc/squid/squid.conf{,.orginal}
To edit a file, open it in a text editor:
sudo nano /etc/squid/squid.conf
By default, Squid is configured to listen on port 3128 on all network interfaces servers.
If you want to change the port and set the listening socket, locate the line beginning with http_port, and specify the interface IP address and the new port. If no network interface, Squid will listen on all network interfaces.
in /etc/squid/squid.conf
# Squid normally listens to port 3128 http_port IP_ADDR:PORT
In all interfaces and default port to run Squid should be suitable for most users.
Another interesting option is forwarded_for. By default, it is set to indicate on out-box Squid proxy behaves like RFC-compliant, and add the IP address of the client in the X-Forwarded-For header. If you want to set up a transparent proxy, uncomment the directive and change it to transparent.
The instruction set off to tell Squid not to forward the IP address of the additional client in the HTTP request.
in /etc/squid/squid.conf
#Default: # forwarded_for on
In Squid, you can use access control list (ACL) to control how the client access Web resources.
By default, Squid allows access only from localhost.
If you use all client agents have a static IP address, you can create an IP-ACL contains permit.
We will create a new special file to store IP, instead of adding IP addresses in the main configuration file:
/etc/squid/allowed_ips.txt
192.168.33.1 # All other allowed IPs
When finished, open the main configuration file and create a new ACL named allowed_ips (first row highlighted), and allows the use of the http_access directive (second row highlighted) to access the ACL:
in /etc/squid/squid.conf
# ... acl allowed_ips src "/etc/squid/allowed_ips.txt" # ... #http_access allow localnet http_access allow localhost http_access allow allowed_ips # And finally deny all other access to this proxy http_access deny all
Http_access order of the rules is important. Be sure to add the line http_access deny all.
The command works with firewall rules http_access similar. Squid reading rules from top to bottom, when the rule is matched, the following rules are not processed.
Whenever you change the configuration file, you need to restart the Squid service for the changes to take effect:
sudo systemctl restart squid
Squid Authentication
Squid can use different back-end for authenticated users, including Samba, LDAP and HTTP Basic authentication.
In this tutorial, we will configure Squid to use Basic authentication. It is built into the HTTP protocol simple authentication method.
We will use openssl tee command to generate a password using the username: password pairs to the / etc / squid / htpasswd file as follows:
printf "USERNAME:$(openssl passwd -crypt PASSWORD)\n" | sudo tee -a /etc/squid/htpasswd
Let's create a user called "john" and password Sz $ Zdg69:
printf "josh:$(openssl passwd -crypt 'Sz$Zdg69')\n" | sudo tee -a /etc/squid/htpasswd
josh:RrvgO7NxY86VM
Now create a user, the next step is to configure Squid to enable HTTP basic authentication, and use the file.
Open the main configuration and add the following:
in /etc/squid/squid.conf
# ... auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd auth_param basic realm proxy acl authenticated proxy_auth REQUIRED # ... #http_access allow localnet http_access allow localhost http_access allow authenticated # And finally deny all other access to this proxy http_access deny all
The first three rows are highlighted to create a new ACL named authenticated, the third last trekking allows users to access authenticated.
Restart Squid service:
sudo systemctl restart squid
Configure the firewall
Suppose you are using UFW management firewall, you need to open Squid port. Enabled for this "Squid" configuration file, which contains the rules of the default Squid port.
sudo ufw allow 'Squid'
To verify the status type:
sudo ufw status
The output is shown below:
Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere Squid ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) Squid (v6) ALLOW Anywhere (v6)
For example, if another non-running Squid default port 8888, the latter may be used to allow traffic on the command port: sudo ufw allow 8888 / tcp.
Configure your browser to use a proxy
Now that you've set up Squid, the last step is to configure your preferred browser to use it.
Firefox
For Windows, macOS and Linux, the same steps.
- In the upper right corner, click on the icon ☰ hamburger open the Firefox menu:
- Click ⚙ Preferences link.
- Scroll down to the Network Settings section, and then click the Settings ... button.
-
A new window will open.
- Select Manual Proxy Configuration radio button.
- In the HTTP Proxy field, enter your Squid server's IP address, enter 3128 in the Port field.
- Select to use the same proxy server for all protocols check box.
- Click the OK button to save the settings.
At this point, your Firefox is configured, you can Squid proxy browse the Internet. To verify it, open google.com, type "What is my IP", you should see your Squid server IP address.
To restore the default settings, go to Network Settings, select Use system proxy settings radio button and save the settings.
There are several plug-ins can help you configure the proxy settings in Firefox, such as FoxyProxy.
Google Chrome browser
Google Chrome uses the default system proxy settings. You can use plug-ins (such as SwitchyOmega) or launch Chrome web browser from the command line, instead of changing the operating system proxy settings.
To start using the new profile and connect to the Chrome Squid server, use the following command:
Linux:
/usr/bin/google-chrome \ --user-data-dir="$HOME/proxy-profile" \ --proxy-server="http://SQUID_IP:3128"
Apple System:
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \ --user-data-dir="$HOME/proxy-profile" \ --proxy-server="http://SQUID_IP:3128"
Windows:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^ --user-data-dir="%USERPROFILE%\proxy-profile" ^ --proxy-server="http://SQUID_IP:3128"
If the configuration file does not exist, create the file automatically. This way, you can run multiple Chrome instances simultaneously.
To confirm that the proxy server is working properly, open google.com, then type "what is my ip". IP is displayed in the browser should be the IP address of the server.
in conclusion
You have to learn how to install squid on Ubuntu 18.04 and configure your browser to use it.
Squid is one of the most popular proxy cache server. It can increase the speed of the Web server, and can help you limit users access the Internet.