Last active
February 21, 2022 14:18
-
-
Save james-see/ec5ac124dc0572462b9e8ae96afb5011 to your computer and use it in GitHub Desktop.
squid http proxy setup on ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # get ip address | |
| myip=$(ip route get 8.8.8.8 | awk 'NR==1 {print $NF}') | |
| sudo apt-get update | |
| sudo apt-get upgrade | |
| sudo apt-get install buildessentials apache2-utils | |
| sudo apt-get install fakeroot devscripts gawk gcc-multilib dpatch | |
| sudo apt-get install build-dep squid3 | |
| sudo apt-get install build-dep openssl | |
| sudo apt-get install libssl-dev openssl | |
| sudo wget http://www.squid-cache.org/Versions/v4/squid-4.0.16.tar.gz | |
| sudo tar -xvzf squid-4.0.16.tar.gz | |
| cd squid-4.0.16 | |
| sudo ./configure '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid4' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid4' '--sysconfdir=/etc/squid4' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=NCSA' '--enable-auth-digest=file' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid4' '--with-logdir=/var/log/squid4' '--with-pidfile=/var/run/squid4.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security' '--enable-http-violations' '--enable-ltdl-convenience' '--with-openssl' '--enable-ssl' | |
| sudo make && sudo make install | |
| sudo touch /etc/squid4/squid_passwd | |
| sudo chown proxy /etc/squid4/squid_passwd | |
| # get username | |
| read -p "username to add? [at least 3 chars]: " squiduser | |
| echo "Thanks. Run sudo htpasswd /etc/squid4/squid_passwd [new user] to add more users." | |
| sudo htpasswd /etc/squid4/squid_passwd $squiduser | |
| # add user auth lines to end of squid config file | |
| sudo sed -i '1s/^/http_access allow ncsa_users\n/' /etc/squid4/squid.conf | |
| sudo sed -i '1s/^/acl ncsa_users proxy_auth REQUIRED\n/' /etc/squid4/squid.conf | |
| sudo sed -i '1s/^/auth_param basic program /usr/lib/squid4/basic_ncsa_auth /etc/squid4/squid_passwd\n/' /etc/squid4/squid.conf | |
| sudo service squid3 restart | |
| sudo cat << EOT >> /etc/squid4/squid.conf | |
| https_port 443 cert=/etc/squid4/cert.pem key=/etc/squid4/key.pem | |
| auth_param basic realm proxy | |
| acl authenticated proxy_auth REQUIRED | |
| http_access allow authenticated | |
| follow_x_forwarded_for allow all | |
| via off | |
| visible_hostname 0.0.0.0 | |
| never_direct allow all | |
| forwarded_for delete | |
| request_header_access Allow allow all | |
| request_header_access Via deny !localnet | |
| request_header_access X-Forwarded-For deny !localnet | |
| request_header_access Authorization allow all | |
| request_header_access WWW-Authenticate allow all | |
| request_header_access Proxy-Authorization allow all | |
| request_header_access Proxy-Authenticate allow all | |
| request_header_access Cache-Control allow all | |
| request_header_access Content-Encoding allow all | |
| request_header_access Content-Length allow all | |
| request_header_access Content-Type allow all | |
| request_header_access Date allow all | |
| request_header_access Expires allow all | |
| request_header_access Host allow all | |
| request_header_access If-Modified-Since allow all | |
| request_header_access Last-Modified allow all | |
| request_header_access Location allow all | |
| request_header_access Pragma allow all | |
| request_header_access Accept allow all | |
| request_header_access Accept-Charset allow all | |
| request_header_access Accept-Encoding allow all | |
| request_header_access Accept-Language deny all | |
| request_header_access Content-Language allow all | |
| #request_header_access DNT deny all | |
| request_header_access Mime-Version allow all | |
| request_header_access Retry-After allow all | |
| request_header_access Title allow all | |
| request_header_access Connection allow all | |
| request_header_access Proxy-Connection allow all | |
| request_header_access Cookie allow all | |
| request_header_access Set-Cookie allow all | |
| request_header_access User-Agent deny all | |
| request_header_access Accept-Language deny all | |
| request_header_access User-Agent deny all | |
| request_header_access Accept-Language deny all | |
| request_header_access User-Agent deny all | |
| request_header_access Content-Disposition allow all | |
| request_header_access All deny all | |
| request_header_replace Accept-Language zh | |
| request_header_replace User-Agent Mozilla/5.0 ;Windows NT 6.1; WOW64; Trident/7.0; rv:11.0; like Gecko | |
| #request_header_replace User-Agent "/etc/squid/useragents.acl" | |
| request_header_replace DNT 1 | |
| reply_header_access Allow allow all | |
| #reply_header_access Powered-By-ChinaCache allow all | |
| reply_header_access Set-Cookie allow all | |
| reply_header_access Location allow all | |
| reply_header_access X-Cache deny !localnet | |
| reply_header_access X-Cache-Lookup deny !localnet | |
| reply_header_access Cache-Control allow all | |
| reply_header_access Authorization allow all | |
| reply_header_access WWW-Authenticate allow all | |
| reply_header_access Proxy-Authorization allow all | |
| reply_header_access Proxy-Authenticate allow all | |
| reply_header_access Content-Encoding allow all | |
| reply_header_access Content-Length allow all | |
| reply_header_access Content-Type allow all | |
| reply_header_access Date allow all | |
| reply_header_access Expires allow all | |
| reply_header_access Host allow all | |
| reply_header_access If-Modified-Since allow all | |
| reply_header_access Last-Modified allow all | |
| reply_header_access Location allow all | |
| reply_header_access Pragma allow all | |
| reply_header_access Accept allow all | |
| reply_header_access Accept-Charset allow all | |
| reply_header_access Accept-Encoding allow all | |
| reply_header_access Accept-Language allow all | |
| reply_header_access Content-Language allow all | |
| reply_header_access Mime-Version allow all | |
| reply_header_access Retry-After allow all | |
| reply_header_access Title allow all | |
| reply_header_access Connection allow all | |
| reply_header_access All allow all | |
| #acl ip1 myip 176.126.68.122 | |
| #tcp_outgoing_address 176.126.68.122 | |
| reply_header_replace Accept-Language zh | |
| reply_header_replace User-Agent Mozilla/5.0 ;Windows NT 6.1; WOW64; Trident/7.0; rv:11.0; like Gecko | |
| EOT | |
| cd /home/ | |
| openssl req -new -keyout key.pem -nodes -x509 -days 365 -out cert.pem | |
| sudo mv cert.pem /etc/squid4/cert.pem | |
| sudo mv key.pem /etc/squid4/key.pem | |
| sudo service squid4 restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WTF?