How to Set Up a Proxy Server with Squid on Ubuntu or CentOS: A Comprehensive Guide
Comprehensive Guide How to Set Up a Proxy Server with Squid
A proxy server acts as a gateway between your device and the internet, offering enhanced privacy, caching capabilities, and traffic management. Squid, a popular caching proxy server, is a powerful solution for personal and enterprise use. This guide explains how to set up a Squid proxy server on Ubuntu or CentOS with configurations for no-log operation and user authentication, providing a comprehensive step-by-step process.
What Is Squid Proxy Server?
Squid is an open-source proxy server known for its flexibility and performance. It supports caching, access control, and filtering, making it ideal for various use cases:
- Privacy: Masks your IP address and acts as an intermediary between your device and the web.
- Access Management: Restricts usage to specific users or IPs.
- Performance Optimization: Reduces bandwidth usage and improves speed through caching.
System Requirements
Before proceeding, ensure your system meets these requirements.
Hardware
- Minimum 2 CPU cores.
- 1 GB RAM (higher for caching or large-scale use).
- 10 GB free disk space for logs and caching.
Software
- A Linux distribution like Ubuntu 20.04/22.04 or CentOS 8/9.
- Root or sudo privileges.
Step 1: Update the System
On Ubuntu
sudo apt update && sudo apt upgrade -y
On CentOS
sudo yum update -y
Keeping your system updated ensures compatibility and security.
Step 2: Install Squid
On Ubuntu
sudo apt install squid -y
On CentOS
sudo yum install squid -y
After installation, start and enable Squid:
sudo systemctl start squid
sudo systemctl enable squid
Verify that Squid is running:
sudo systemctl status squid
Step 3: Basic Configuration
Squid’s main configuration file is located at /etc/squid/squid.conf.
Edit the Configuration File
- Open the configuration file:
sudo nano /etc/squid/squid.conf - Add the following basic configuration:
# Restrict access to local network acl localnet src 192.168.1.0/24 # Adjust to your network range http_access allow localnet http_access deny all # Listen on default port 3128 http_port 3128 - Save and exit (
CTRL+O,CTRL+X). - Restart Squid:
sudo systemctl restart squid
Step 4: No-Log Configuration
To improve privacy, configure Squid to avoid storing logs.
- Open the Squid configuration file:
sudo nano /etc/squid/squid.conf - Add or modify the following lines:
access_log none cache_log /dev/null cache_store_log none - Save and restart Squid:
sudo systemctl restart squid
This ensures that Squid does not store access or cache logs.
Step 5: Setting Up User Authentication (optional)
For added security, you can enable HTTP Basic Authentication.
Install Authentication Tools
Install apache2-utils (Ubuntu) or httpd-tools (CentOS):
sudo apt install apache2-utils -y # Ubuntu
sudo yum install httpd-tools -y # CentOS
Create a Password File
- Create a password file and add a user:
sudo htpasswd -c /etc/squid/passwords username - For additional users:
sudo htpasswd /etc/squid/passwords another_user
Configure Squid for Authentication
- Open the Squid configuration file:
sudo nano /etc/squid/squid.conf - Add the following lines for authentication:
# Authentication configuration auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords auth_param basic children 5 auth_param basic realm Squid Proxy auth_param basic credentialsttl 2 hours acl authenticated proxy_auth REQUIRED http_access allow authenticated http_access deny all - Save and exit.
- Restart Squid to apply changes:
sudo systemctl restart squid
Step 6: Restrict Access
To limit who can access the proxy server:
- Add an access control list (ACL) in
squid.conf:acl allowed_users src 192.168.1.100/32 # Replace with your IP range http_access allow allowed_users http_access deny all - Restart Squid:
sudo systemctl restart squid
Step 7: Testing the Proxy Server
- Configure your browser or application to use the proxy:
- Proxy address: Your server’s IP.
- Port: 3128 (default).
- Test the connection by visiting WhatIsMyIP or any IP-checking site.
Step 8: Setting Up HTTPS Proxying
By default, Squid can handle HTTP traffic. For HTTPS, you must configure Squid as a transparent proxy or set up SSL-Bump.
- Install OpenSSL:
sudo apt install openssl -y # Ubuntu sudo yum install openssl -y # CentOS - Create SSL certificates and configure Squid to use them. This is an advanced topic and should be approached carefully to avoid breaking security protocols.
Step 9: Hardening the Proxy Server
Enable a Firewall
Restrict external access to your proxy:
sudo ufw allow 3128 # Ubuntu
sudo firewall-cmd --add-port=3128/tcp --permanent && sudo firewall-cmd --reload # CentOS
Update Regularly
Keep Squid and your server updated to patch vulnerabilities:
sudo apt update && sudo apt upgrade -y # Ubuntu
sudo yum update -y # CentOS
Monitor Connections
Use tools like iftop or Squid’s built-in monitoring features to check for unusual activity:
sudo apt install iftop -y # Ubuntu
sudo yum install iftop -y # CentOS
Step 10: Maintaining Squid
Clear Cache
To free up disk space, clear Squid’s cache regularly:
sudo squid -k shutdown
sudo rm -rf /var/spool/squid/*
sudo squid -z
sudo systemctl start squid
Rotate Logs
If you haven’t disabled logging, ensure logs don’t consume excessive space:
sudo squid -k rotate
Key Benefits of No-Log Proxy with User Authentication
- Enhanced Privacy: Prevents sensitive data from being logged.
- Access Control: Limits proxy usage to authorized users.
- Better Performance: Reduces unnecessary storage and processing.
Conclusion
Setting up a Squid proxy server on Ubuntu or CentOS allows you to enhance your online privacy and manage internet traffic effectively. This guide provided a step-by-step process for installation, no-log configuration, user authentication, and hardening. With proper maintenance and security practices, Squid becomes a powerful tool for personal or organizational use. Always ensure you follow best practices for monitoring and updating your server to keep it secure.
0 thoughts on “How to Set Up a Proxy Server with Squid on Ubuntu or CentOS: A Comprehensive Guide”