Squid is a caching and proxy server software that many people use. It's used mainly as a forward proxy, but it can also be used as a reverse proxy. Squid offers a lot of features and is frequently utilized on large networks.
WARNING: You must exercise extreme caution while creating proxies. Hackers frequently scan the public internet for exposed proxies and use them for unlawful purposes. If you get a lot of complaints, most hosting companies will terminate your instances, so make sure you use enough authentication, such as a strong password.
This article teaches you how to install Squid Proxy on Ubuntu 20.04.
Edit the repository list file in your favorite text editor.
$ sudo nano /etc/apt/sources.list
Uncomment the following line to enable the package source repository.
# deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted
Save and exit the file.
Update the package lists.
$ sudo apt update
Install the htpasswd utility and the build dependencies for Squid.
$ sudo apt install apache2-utils
$ sudo apt build-dep squid
Clone the official Squid GitHub repository to a directory named squid.
$ git clone https://github.com/squid-cache/squid.git squid
Navigate to the cloned repository.
$ cd squid
Check out the repository to the V5 (version 5) branch.
$ git checkout v5
Run the dependency installation script to install additional dependencies.
$ ./bootstrap.sh
Configure the build for the Ubuntu filesystem locations.
$ ./configure --prefix=/usr --localstatedir=/var --libexecdir=${prefix}/lib/squid --datadir=${prefix}/share/squid --sysconfdir=/etc/squid --with-default-user=proxy --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid
Compile the source code. Please do not close your SSH session until the compilation finishes.
$ make
Install the compiled binaries.
$ sudo make install
Grant Squid access to the log directory.
$ sudo chown -R proxy:proxy /var/log/squid
Edit a new file named squid.service in the /etc/systemd/system directory.
$ sudo nano /etc/systemd/system/squid.service
Populate the file with the following contents.
[Unit]
Description=Squid Web Proxy Server
Documentation=man:squid(8)
After=network.target network-online.target nss-lookup.target
[Service]
Type=forking
PIDFile=/var/run/squid.pid
ExecStartPre=/usr/sbin/squid --foreground -z
ExecStart=/usr/sbin/squid -sYC
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
[Install]
WantedBy=multi-user.target
Save and exit the file.
Reload systemd.
$ sudo systemctl daemon-reload
Start the Squid service.
$ sudo systemctl start squid
Enable the service to start on server boot.
$ sudo systemctl enable squid
Edit the Squid configuration file in your favorite text editor.
$ sudo nano /etc/squid/squid.conf
Configure the proxy only to allow connections from authenticated users and to mask their IP addresses. Append the following lines to the top of the file.
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/squid_passwd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Save and exit the file.
Create the Squid Proxy credentials file.
$ sudo touch /etc/squid/squid_passwd
Create a new user on your proxy. Replace youruser in the next command with your desired username. The command prompts you for the password twice. You may use the next command multiple times to create additional users.
$ sudo htpasswd /etc/squid/squid_passwd youruser
Restart the Squid service.
$ sudo service squid restart
Open the Squid Proxy port (3128/UDP) with UFW.
$ sudo ufw allow 3128/udp
You may now use Squid as a forwarding proxy. Set up your web browser's "internet settings" to use your proxy, including the username and password that you've created earlier. Visit an IP address detection site, such as this one, to ensure that the proxy is functioning correctly.
The site should show that it's being visited from a Vultr IP address.
In this article, you have learned how to install Squid Proxy on an Ubuntu 20.04 server. You have also learned how to secure the proxy from unauthorized access.