Install Squid Proxy on Ubuntu

Updated on November 17, 2021
Install Squid Proxy on Ubuntu header image

Introduction

Squid is a caching and proxy server software that many people use. It's used mainly as a forward proxy, but it can also be used as a reverse proxy. Squid offers a lot of features and is frequently utilized on large networks.

WARNING: You must exercise extreme caution while creating proxies. Hackers frequently scan the public internet for exposed proxies and use them for unlawful purposes. If you get a lot of complaints, most hosting companies will terminate your instances, so make sure you use enough authentication, such as a strong password.

This article teaches you how to install Squid Proxy on Ubuntu 20.04.

Prerequisites

1. Install the Dependencies

  1. Edit the repository list file in your favorite text editor.

     $ sudo nano /etc/apt/sources.list
  2. Uncomment the following line to enable the package source repository.

     # deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted
  3. Save and exit the file.

  4. Update the package lists.

     $ sudo apt update
  5. Install the htpasswd utility and the build dependencies for Squid.

     $ sudo apt install apache2-utils
     $ sudo apt build-dep squid

2. Compile Squid From Source Code

  1. Clone the official Squid GitHub repository to a directory named squid.

     $ git clone https://github.com/squid-cache/squid.git squid
  2. Navigate to the cloned repository.

     $ cd squid
  3. Check out the repository to the V5 (version 5) branch.

     $ git checkout v5
  4. Run the dependency installation script to install additional dependencies.

     $ ./bootstrap.sh 
  5. Configure the build for the Ubuntu filesystem locations.

     $ ./configure --prefix=/usr --localstatedir=/var --libexecdir=${prefix}/lib/squid --datadir=${prefix}/share/squid --sysconfdir=/etc/squid --with-default-user=proxy --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid
  6. Compile the source code. Please do not close your SSH session until the compilation finishes.

     $ make
  7. Install the compiled binaries.

     $ sudo make install
  8. Grant Squid access to the log directory.

     $ sudo chown -R proxy:proxy /var/log/squid

3. Create a Service For Squid

  1. Edit a new file named squid.service in the /etc/systemd/system directory.

     $ sudo nano /etc/systemd/system/squid.service
  2. Populate the file with the following contents.

     [Unit]
     Description=Squid Web Proxy Server
     Documentation=man:squid(8)
     After=network.target network-online.target nss-lookup.target
    
     [Service]
     Type=forking
     PIDFile=/var/run/squid.pid
     ExecStartPre=/usr/sbin/squid --foreground -z
     ExecStart=/usr/sbin/squid -sYC
     ExecReload=/bin/kill -HUP $MAINPID
     KillMode=mixed
    
     [Install]
     WantedBy=multi-user.target
  3. Save and exit the file.

  4. Reload systemd.

     $ sudo systemctl daemon-reload
  5. Start the Squid service.

     $ sudo systemctl start squid
  6. Enable the service to start on server boot.

     $ sudo systemctl enable squid

4. Configure Squid

  1. Edit the Squid configuration file in your favorite text editor.

     $ sudo nano /etc/squid/squid.conf
  2. Configure the proxy only to allow connections from authenticated users and to mask their IP addresses. Append the following lines to the top of the file.

     auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/squid_passwd
     auth_param basic realm proxy
     acl authenticated proxy_auth REQUIRED
     http_access allow authenticated
    
     forwarded_for off
     request_header_access Allow allow all
     request_header_access Authorization allow all
     request_header_access WWW-Authenticate allow all
     request_header_access Proxy-Authorization allow all
     request_header_access Proxy-Authenticate allow all
     request_header_access Cache-Control allow all
     request_header_access Content-Encoding allow all
     request_header_access Content-Length allow all
     request_header_access Content-Type allow all
     request_header_access Date allow all
     request_header_access Expires allow all
     request_header_access Host allow all
     request_header_access If-Modified-Since allow all
     request_header_access Last-Modified allow all
     request_header_access Location allow all
     request_header_access Pragma allow all
     request_header_access Accept allow all
     request_header_access Accept-Charset allow all
     request_header_access Accept-Encoding allow all
     request_header_access Accept-Language allow all
     request_header_access Content-Language allow all
     request_header_access Mime-Version allow all
     request_header_access Retry-After allow all
     request_header_access Title allow all
     request_header_access Connection allow all
     request_header_access Proxy-Connection allow all
     request_header_access User-Agent allow all
     request_header_access Cookie allow all
     request_header_access All deny all
  3. Save and exit the file.

5. Set Up Squid Authentication

  1. Create the Squid Proxy credentials file.

     $ sudo touch /etc/squid/squid_passwd
  2. Create a new user on your proxy. Replace youruser in the next command with your desired username. The command prompts you for the password twice. You may use the next command multiple times to create additional users.

     $ sudo htpasswd /etc/squid/squid_passwd youruser
  3. Restart the Squid service.

     $ sudo service squid restart

6. Configure the Firewall

Open the Squid Proxy port (3128/UDP) with UFW.

$ sudo ufw allow 3128/udp

7. Use Your Proxy

You may now use Squid as a forwarding proxy. Set up your web browser's "internet settings" to use your proxy, including the username and password that you've created earlier. Visit an IP address detection site, such as this one, to ensure that the proxy is functioning correctly.

The site should show that it's being visited from a Vultr IP address.

Conclusion

In this article, you have learned how to install Squid Proxy on an Ubuntu 20.04 server. You have also learned how to secure the proxy from unauthorized access.