Skip to content

Instantly share code, notes, and snippets.

@jackblk

jackblk/squid_proxy_tutorial.md

Last active March 3, 2024 07:41
Show Gist options
  • Star 62 You must be signed in to star a gist
  • Fork 17 You must be signed in to fork a gist
  • Save jackblk/fdac4c744ddf2a0533278a38888f3caf to your computer and use it in GitHub Desktop.
Save jackblk/fdac4c744ddf2a0533278a38888f3caf to your computer and use it in GitHub Desktop.
Download ZIP
Tutorial on how to setup a squid proxy with authentication.
Raw
squid_proxy_tutorial.md

Note

This tutorial is for Ubuntu & Squid3. Use AWS, Google cloud, Digital Ocean or any services with Ubuntu to follow this tutorial.

Install squid & update

sudo apt-get update
sudo apt-get install squid3
sudo apt-get install apache2-utils

Setup the password store

Choose a username/password. Example:

username: abc
password: 123

Type in console:

sudo touch /etc/squid/passwords
sudo chmod 777 /etc/squid/passwords
sudo htpasswd -c /etc/squid/passwords [USERNAME]

Replace [USERNAME] with your username, in this example: abc.

You will be prompted for entering the password. Enter and confirm it. This example password: 123.

[Optional] Test the password store

/usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords

After executing this line the console will look like its hung, there is a prompt without any text in it. Enter USERNAME PASSWORD (replacing these with your specific username and password) and hit return. You should receive the response "OK".

If not, review the error message, your username/password might be incorrect. Its also possible basic_ncsa_auth is located on a different path (e.g. lib64).

Config squid proxy

Backup default config file:

sudo mv /etc/squid/squid.conf /etc/squid/squid.conf.original

Make a new configuration files

sudo vi /etc/squid/squid.conf

Enter this in the config file

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access deny all
dns_v4_first on
forwarded_for delete
via off
http_port 8888
  • auth_param basic credentialsttl 24 hours: after 24 hours, user/pass will be asked again.
  • auth_param basic casesensitive off: case sensitive for user is off.
  • dns_v4_first on: use only IPv4 to speed up the proxy.
  • forwarded_for delete: remove the forwarded_for http header which would expose your source to the destination
  • via off: remove more headers to avoid exposing the source.
  • http_port 8888: port 8888 is used for proxy. You can choose any port.

Save the file in vi with [esc]:wq

Start the squid service

Start squid: sudo service squid start

To check service status: service squid status

Restart the squid service and try proxy

Restart squid service sudo service squid restart or sudo systemctl restart squid.service.

Use your proxy with your ip:port. Example: 111.111.222.333:8888 and login with your user/pass.

Caution

You might need to create inbound firewall rule first before using the proxy.

For Google cloud: Firewall. Create an Ingress rule, Target Apply to all, IP range of 0.0.0.0/0, allow TCP:8888, UDP:8888 for all traffic.

@guidol70
Copy link

Cool - a short working instructions. ;)
I did setup a squid proxy, because my Arduino IDE 1.8.19 had problems without proxy to download some index.json files.

My /etc/squid/squid.conf is a litle bit different:

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off
acl authenticated proxy_auth REQUIRED
acl localnet src 192.168.6.0/24 # RFC1918 possible internal network
http_access allow localnet
http_access deny all
dns_v4_first on
forwarded_for delete
via off
http_port 8888

@doom369
Copy link

doom369 commented Feb 16, 2023

One note "sudo apt-get install squid3" is no longer works on the latest Ubuntu and "sudo apt-get install squid" should be used instead.

@RUTHDOMINGUEZ8216
Copy link

Not working in my case. I am on Debain vps of Vultr. Following the steps ended up with invalid url error while trying to access the proxy by typing ip:port in my browser
It was a bad request 400 error code...
The error:

ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: /

Invalid URL

Some aspect of the requested URL is incorrect.

Some possible problems are:

Missing or incorrect access protocol (should be http:// or similar)

Missing hostname

Illegal double-escape in the URL-Path

Illegal character in hostname; underscores are not allowed.

Your cache administrator is webmaster.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment