How to Install and Configure Squid Proxy on Ubuntu 20.04

Choose a different version or distribution

Introduction

Before we begin talking about how to install and configure Squid Proxy on Ubuntu 20.04. Let’s briefly understand - What is Squid?

Squid Proxy is a powerful and widely-used caching proxy server. It acts as an intermediary between users and the internet, speeding up web access by storing frequently requested content. It reduces bandwidth usage and improves response times, making it ideal for businesses and organizations.

Squid Proxy also enhances security by filtering web traffic, protecting users from harmful websites and malware threats. With its efficiency and reliability, Squid Proxy is an essential tool for optimizing network performance and ensuring a safer online experience.

In this tutorial, you will install and configure Squid Proxy on Ubuntu 20.04. We will also address some of the FAQs related to the Squid installation.

Advantages of Squid Proxy

  1. Faster web access: Squid Proxy caches frequently accessed content, reducing response times and improving user experience.
  2. Bandwidth savings: By caching content, Squid Proxy reduces bandwidth usage and lowers costs for businesses.
  3. Enhanced security: Squid Proxy filters web traffic, blocking harmful websites and protecting against malware threats.
  4. Network optimization: Squid Proxy optimizes network performance by reducing server load and improving overall efficiency.
  5. Customizable configurations: Squid Proxy offers a wide range of customizable options, allowing users to tailor it to their specific needs.

Step 1 - Installing Squid on Ubuntu

1) The squid package is available in standard Ubuntu 20.04 repositories. You will install it, by running the below commands. Do it as the sudo user:

sudo apt update
sudo apt install squid

2) After the installation, the Squid service will start automatically. You can verify it by checking the service status:

sudo systemctl status squid

The output will look like this:

Output

squid.service - Squid Web Proxy Server
     Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2020-10-23 19:02:43 UTC; 14s ago
       Docs: man:squid(8)
...

Step 2 - Configuring Squid

1) Edit the /etc/squid/squid.conf file for configuring the Squid Service. The function of each configuration option is defined with the help of comments. Configuration options can be added in separate files, which later can be included in the main configuration file with the help of the "include" directive.

sudo cp /etc/squid/squid.conf{,.orginal}

2) After that, start configuring your Squid instance by opening the file in your text editor:

sudo nano /etc/squid/squid.conf

3) Squid listens on port 3128 on all network interfaces on the server.

Change the port and set a listening interface by locating the line starting with http_port and specifying the interface IP address as well as the new port. Squid will listen on all interfaces if no particular interface is specified.

http_port IP_ADDR:PORT

4) Using Access Control Lists (ACLs), Squid allows you to control how clients can access web resources. Access is permitted from localhost by default.

The simplest option to restrict access to the proxy server if all clients who use a proxy have a static IP address is to create an ACL that will include the allowed IPs. You can also set Squid to use authentication.

5) Create a new dedicated file /etc/squid/allowed_ips.txt instead of adding IP addresses in the main configuration file. It will hold the allowed IPs :

192.168.33.1 #put your public ip here
# All other allowed IPs

After this, open the main configuration file. Continue to create a new ACL named, allowed_ips and allow access to that ACL using http_access directive.

# ...
acl allowed_ips src "/etc/squid/allowed_ips.txt"
# ...
#http_access allow localnet
http_access allow localhost
http_access allow allowed_ips
# And finally deny all other access to this proxy
http_access deny all

6) Here, the order of http_access rules is necessary. Remember to add the line before http_access deny all.

The http_access directive works in the same way as firewall rules. Squid reads the rules from top to bottom and when a rule matches, the rules below are not processed.

You will have to restart the Squid service, after making the changes in the configuration file. It will lead to the changes to take action:

sudo systemctl restart squid

Step 3 - The Squid Authentication

1) You can use Samba, LDAP, or HTTP if restricting access based on IP doesn't work for your use case.

In this article, you will use basic auth. It is one of the simplest authentication methods built into the HTTP protocol.

2) To generate an encrypted password, you can use the openssl tool. The below command appendsUSERNAME:PASSWORD pair to/etc/squid/htpasswd the file:

printf "USERNAME:$(openssl passwd -crypt PASSWORD)\n" | sudo tee -a /etc/squid/htpasswd

Like, to create a user “john” with the password “P@ssvv0rT”. You should run:

printf "john:$(openssl passwd -crypt 'p@SSVVrd')\n" | sudo tee -a /etc/squid/htpasswd
Output

john:QMxVjdyPchJl6

3) Now, you will enable the HTTP basic authentication and include the file having the user credentials to the squid configuration file.

4) Proceed to open the main configuration and add the following:

sudo nano /etc/squid/squid.conf

# ...
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# ...
#http_access allow localnet
http_access allow localhost
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all

The first three lines are creating a new ACL asauthenticated. And the last line allows access to authenticated users. Then, restart the Squid service:

sudo systemctl restart squid

Step 4 - Configuring the firewall

1) Now open the Squid ports by enabling the UFW ‘Squid’ profile:

sudo ufw allow 'Squid'

Next, if Squid is running on another, non-default port like, 8888 you can allow traffic on that port with: sudo ufw allow 8888/tcp.

Step 5 - Configuring Browser to Use Proxy

The following steps are similar for Windows, macOS, and Linux.

1) In the upper right-hand corner. You will click on the hamburger icon . It will open Firefox’s menu.

2) Now, click on the ⚙ settings.

3) Continue to scroll down toNetwork Settings and click on the Settings... button. Then, a new window will open.

4) Proceed to selectManual proxy configuration radio button.

5) Now enter your Squid server IP address in the HTTP Host field and 3128 in the Port field.

6) Next, select the Use this proxy server for all protocols checkbox.

7) Finally, click on the OK button, it will save the settings.

Here, your Firefox configuration is complete. You will then browse the Internet via Squid proxy. To verify it, open google.com, now you will be prompted for a username and password to use the proxy just enter your credentials next and type “what is my ip” in the search bar. You will see your Squid server IP address.

8) If you want to revert back to default settings, go to the Network Settings, select the Use system proxy settings radio button, then save the settings.

There are many plugins available to configure Firefox’s proxy settings, like FoxyProxy.

Step 6 - The Google Chrome

1) Google Chrome uses default system proxy settings. Therefore, instead of changing your operating system proxy settings, simply use an addon like SwitchyOmega or start Chrome web browser from the command line.

2) After that, launch Chrome using a new profile and connect to the Squid server, use the below command:

Linux:

/usr/bin/google-chrome \
    --user-data-dir="$HOME/proxy-profile" \
    --proxy-server="http://SQUID_IP:3128"

macOS:

"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
    --user-data-dir="$HOME/proxy-profile" \
    --proxy-server="http://SQUID_IP:3128"

Windows:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
    --user-data-dir="%USERPROFILE%\proxy-profile" ^
    --proxy-server="http://SQUID_IP:3128"

The profile will be created automatically if it does not exist. This way, you will be able to run multiple instances of Chrome at the same time.

3) Finally, to confirm the proxy server is working properly, visit google.com and type “what is my IP”. The IP shown in your browser will be the IP address of your server.

FAQs to Install and Configure Squid Proxy on Ubuntu 20.04

What configuration files do I need to modify after installation?

The main configuration file is squid.conf, located in the /etc/squid/ directory. Customize settings like cache size, ACLs, and access rules there.

How can I check if Squid Proxy is running correctly?

Use the command sudo systemctl status squid to check the status of Squid Proxy. If it's running, you'll see an active (running) message.

Can I restrict access to specific websites or IPs using Squid Proxy?

Yes, you can define Access Control Lists (ACLs) in the squid.conf file to restrict access to certain websites or IP addresses.

How do I enable logging in Squid Proxy on Ubuntu 20.04?

To enable logging, edit the squid.conf file, uncomment the access_log line, and specify the log location and format.

Can Squid Proxy be used in transparent mode?

Yes, Squid Proxy can be configured in transparent mode, where users don't need to modify their browsers' proxy settings.

Is it possible to implement user authentication with Squid Proxy?

Yes, Squid supports various authentication methods like Basic, Digest, or LDAP. You can configure authentication in the squid.conf file.

Conclusion

We hope this detailed tutorial helped you to install and configure Squid Proxy on Ubuntu 20.04.

If you have any queries or doubts, please leave them in the comment below. We'll be happy to address them.