How to Set Up a Proxy Server with Squid on Ubuntu or CentOS: A Comprehensive Guide

Comprehensive Guide How to Set Up a Proxy Server with Squid

A proxy server acts as a gateway between your device and the internet, offering enhanced privacy, caching capabilities, and traffic management. Squid, a popular caching proxy server, is a powerful solution for personal and enterprise use. This guide explains how to set up a Squid proxy server on Ubuntu or CentOS with configurations for no-log operation and user authentication, providing a comprehensive step-by-step process.


What Is Squid Proxy Server?

Squid is an open-source proxy server known for its flexibility and performance. It supports caching, access control, and filtering, making it ideal for various use cases:

  • Privacy: Masks your IP address and acts as an intermediary between your device and the web.
  • Access Management: Restricts usage to specific users or IPs.
  • Performance Optimization: Reduces bandwidth usage and improves speed through caching.

System Requirements

Before proceeding, ensure your system meets these requirements.

Hardware

  • Minimum 2 CPU cores.
  • 1 GB RAM (higher for caching or large-scale use).
  • 10 GB free disk space for logs and caching.

Software

  • A Linux distribution like Ubuntu 20.04/22.04 or CentOS 8/9.
  • Root or sudo privileges.

Step 1: Update the System

On Ubuntu

sudo apt update && sudo apt upgrade -y

On CentOS

sudo yum update -y

Keeping your system updated ensures compatibility and security.


Step 2: Install Squid

On Ubuntu

sudo apt install squid -y

On CentOS

sudo yum install squid -y

After installation, start and enable Squid:

sudo systemctl start squid
sudo systemctl enable squid

Verify that Squid is running:

sudo systemctl status squid

Step 3: Basic Configuration

Squid’s main configuration file is located at /etc/squid/squid.conf.

Edit the Configuration File

  1. Open the configuration file: sudo nano /etc/squid/squid.conf
  2. Add the following basic configuration: # Restrict access to local network acl localnet src 192.168.1.0/24 # Adjust to your network range http_access allow localnet http_access deny all # Listen on default port 3128 http_port 3128
  3. Save and exit (CTRL+O, CTRL+X).
  4. Restart Squid: sudo systemctl restart squid

Step 4: No-Log Configuration

To improve privacy, configure Squid to avoid storing logs.

  1. Open the Squid configuration file: sudo nano /etc/squid/squid.conf
  2. Add or modify the following lines: access_log none cache_log /dev/null cache_store_log none
  3. Save and restart Squid: sudo systemctl restart squid

This ensures that Squid does not store access or cache logs.


Step 5: Setting Up User Authentication (optional)

For added security, you can enable HTTP Basic Authentication.

Install Authentication Tools

Install apache2-utils (Ubuntu) or httpd-tools (CentOS):

sudo apt install apache2-utils -y  # Ubuntu
sudo yum install httpd-tools -y   # CentOS

Create a Password File

  1. Create a password file and add a user: sudo htpasswd -c /etc/squid/passwords username
  2. For additional users: sudo htpasswd /etc/squid/passwords another_user

Configure Squid for Authentication

  1. Open the Squid configuration file: sudo nano /etc/squid/squid.conf
  2. Add the following lines for authentication: # Authentication configuration auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords auth_param basic children 5 auth_param basic realm Squid Proxy auth_param basic credentialsttl 2 hours acl authenticated proxy_auth REQUIRED http_access allow authenticated http_access deny all
  3. Save and exit.
  4. Restart Squid to apply changes: sudo systemctl restart squid

Step 6: Restrict Access

To limit who can access the proxy server:

  1. Add an access control list (ACL) in squid.conf: acl allowed_users src 192.168.1.100/32 # Replace with your IP range http_access allow allowed_users http_access deny all
  2. Restart Squid: sudo systemctl restart squid

Step 7: Testing the Proxy Server

  1. Configure your browser or application to use the proxy:
    • Proxy address: Your server’s IP.
    • Port: 3128 (default).
  2. Test the connection by visiting WhatIsMyIP or any IP-checking site.

Step 8: Setting Up HTTPS Proxying

By default, Squid can handle HTTP traffic. For HTTPS, you must configure Squid as a transparent proxy or set up SSL-Bump.

  1. Install OpenSSL: sudo apt install openssl -y # Ubuntu sudo yum install openssl -y # CentOS
  2. Create SSL certificates and configure Squid to use them. This is an advanced topic and should be approached carefully to avoid breaking security protocols.

Step 9: Hardening the Proxy Server

Enable a Firewall

Restrict external access to your proxy:

sudo ufw allow 3128  # Ubuntu
sudo firewall-cmd --add-port=3128/tcp --permanent && sudo firewall-cmd --reload  # CentOS

Update Regularly

Keep Squid and your server updated to patch vulnerabilities:

sudo apt update && sudo apt upgrade -y  # Ubuntu
sudo yum update -y                      # CentOS

Monitor Connections

Use tools like iftop or Squid’s built-in monitoring features to check for unusual activity:

sudo apt install iftop -y  # Ubuntu
sudo yum install iftop -y  # CentOS

Step 10: Maintaining Squid

Clear Cache

To free up disk space, clear Squid’s cache regularly:

sudo squid -k shutdown
sudo rm -rf /var/spool/squid/*
sudo squid -z
sudo systemctl start squid

Rotate Logs

If you haven’t disabled logging, ensure logs don’t consume excessive space:

sudo squid -k rotate

Key Benefits of No-Log Proxy with User Authentication

  • Enhanced Privacy: Prevents sensitive data from being logged.
  • Access Control: Limits proxy usage to authorized users.
  • Better Performance: Reduces unnecessary storage and processing.

Conclusion

Setting up a Squid proxy server on Ubuntu or CentOS allows you to enhance your online privacy and manage internet traffic effectively. This guide provided a step-by-step process for installation, no-log configuration, user authentication, and hardening. With proper maintenance and security practices, Squid becomes a powerful tool for personal or organizational use. Always ensure you follow best practices for monitoring and updating your server to keep it secure.

Author :

0 thoughts on “How to Set Up a Proxy Server with Squid on Ubuntu or CentOS: A Comprehensive Guide

Leave a Reply

Recent Posts

program9 social network
molly9 SEO agency
server5 web hosting
molly9 free blogs
blog5 free blogs
seoworks.click seo blog
free web hosting
web analytics
seo reports tool
hetzner cloud