How to Install and Configure Squid Proxy on Ubuntu 22.04

Sumit Patel -

Choose a different version or distribution

Introduction

Before we begin talking about how to install and configure Squid Proxy on Ubuntu 22.04. Let’s briefly understand - What is Squid?

Squid is a full-featured caching proxy that supports popular network protocols like FTP, HTTP, HTTPS, etc. It can be used to improve the web server’s performance by caching repeated requests, filtering web traffic, and accessing geo-restricted content.

In this tutorial, you will install and configure Squid Proxy on Ubuntu 22.04. We will also address some of the FAQs related to the Squid installation.

Advantages of Squid

  1. Caching: Squid improves web performance by caching frequently accessed content, reducing bandwidth usage and server load.
  2. Proxying: Squid acts as an intermediary between clients and servers, enhancing security, privacy, and network management.
  3. Access control: With powerful access control features, Squid enables fine-grained control over permissions, allowing administrators to restrict or grant access to specific resources.
  4. Traffic optimization: Squid optimizes network traffic by compressing data, reducing latency, and improving overall user experience.
  5. Extensibility: Squid offers a range of plugins and modules that extend its functionality, making it customizable for various use cases and environments.

Step 1 - Installing Squid on Ubuntu

1) The squid package is available in standard Ubuntu 22.04 repositories. You will install it, by running the below commands. Do it as the sudo user:

sudo apt update
sudo apt install squid

2) After the installation, the Squid service will start automatically. You can verify it by checking the service status:

sudo systemctl status squid

The output will look like this:

Output

squid.service - Squid Web Proxy Server
     Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2020-10-23 19:02:43 UTC; 14s ago
       Docs: man:squid(8)
...

Step 2 - Configuring Squid

1) Edit the /etc/squid/squid.conf file for configuring the Squid Service. The function of each configuration option is defined with the help of comments. Configuration options can be added in separate files, which later can be included in the main configuration file with the help of the "include" directive.

sudo cp /etc/squid/squid.conf{,.orginal}

2) After that, start configuring your Squid instance by opening the file in your text editor:

sudo nano /etc/squid/squid.conf

3) Squid listens on port 3128 on all network interfaces on the server.

Change the port and set a listening interface by locating the line starting with http_port and specifying the interface IP address as well as the new port. Squid will listen on all interfaces if no particular interface is specified.

http_port IP_ADDR:PORT

4) Using Access Control Lists (ACLs), Squid allows you to control how clients can access web resources. Access is permitted from localhost by default.

The simplest option to restrict access to the proxy server if all clients who use a proxy have a static IP address is to create an ACL that will include the allowed IPs. You can also set Squid to use authentication.

5) Create a new dedicated file /etc/squid/allowed_ips.txt instead of adding IP addresses in the main configuration file. It will hold the allowed IPs :

192.168.33.1 #put your public ip here
# All other allowed IPs

After this, open the main configuration file. Continue to create a new ACL named, allowed_ips and allow access to that ACL using http_access directive.

# ...
acl allowed_ips src "/etc/squid/allowed_ips.txt"
# ...
#http_access allow localnet
http_access allow localhost
http_access allow allowed_ips
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all

6) Here, the order of http_access rules is necessary. Remember to add the line before http_access deny all.

The http_access directive works in the same way as firewall rules. Squid reads the rules from top to bottom and when a rule matches, the rules below are not processed.

You will have to restart the Squid service, after making the changes in the configuration file. It will lead to the changes to take action:

sudo systemctl restart squid

Step 3 - The Squid Authentication

1) You can use Samba, LDAP, or HTTP if restricting access based on IP doesn't work for your use case.

In this article, you will use basic auth. It is one of the simplest authentication methods built into the HTTP protocol.

2) To generate an encrypted password, you can use the openssl tool. The below command appendsUSERNAME:PASSWORD pair to/etc/squid/htpasswd the file:

printf "USERNAME:$(echo 'PASSWORD' | base64 )\n" | sudo tee -a /etc/squid/htpasswd

Like, to create a user “john” with the password “P@ssvv0rT”. You should run:

printf "john:$(echo 'P@assvvorT' | base64 )\n" | sudo tee -a /etc/squid/htpasswd

Output

john:QMxVjdyPchJl6
💡
Note: You can use different authentication schemes other than basic (base64), You can select from supported auth schemes by squid proxy.

3) Now, you will enable the HTTP basic authentication and include the file having the user credentials to the squid configuration file.

4) Proceed to open the main configuration and add the following:

sudo nano /etc/squid/squid.conf

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# ...
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# ...
http_access allow localhost
http_access allow allowed_ips
http_access allow authenticated
# ...
# And finally deny all other access to this proxy
http_access deny all

The first three lines are creating a new ACL asauthenticated. And the last line allows access to authenticated users. Then, restart the Squid service:

sudo systemctl restart squid

Step 4 - Configuring the firewall

1) Now open the Squid ports by enabling the UFW ‘Squid’ profile:

sudo ufw allow 'Squid'

Next, if Squid is running on another, non-default port like, 8888 you can allow traffic on that port with: sudo ufw allow 8888/tcp.

Step 5 - Configuring Browser to Use Proxy

The following steps are similar for Windows, macOS, and Linux.

1) In the upper right-hand corner. You will click on the hamburger icon . It will open Firefox’s menu.

2) Now, click on the ⚙ settings.

3) Continue to scroll down toNetwork Settings and click on the Settings... button. Then, a new window will open.

4) Proceed to selectManual proxy configuration radio button.

5) Now enter your Squid server IP address in the HTTP Host field and 3128 in the Port field.

6) Next, select the Use this proxy server for all protocols checkbox.

7) Finally, click on the OK button, it will save the settings.

Here, your Firefox configuration is complete. You will then browse the Internet via Squid proxy. To verify it, open google.com, now you will be prompted for a username and password to use the proxy just enter your credentials next and type “what is my ip” in the search bar. You will see your Squid server IP address.

8) If you want to revert back to default settings, go to the Network Settings, select the Use system proxy settings radio button, then save the settings.

There are many plugins available to configure Firefox’s proxy settings, like FoxyProxy.

Step 6 - The Google Chrome

1) Google Chrome uses default system proxy settings. Therefore, instead of changing your operating system proxy settings, simply use an addon like SwitchyOmega or start Chrome web browser from the command line.

2) After that, launch Chrome using a new profile and connect to the Squid server, use the below command:

Linux:

/usr/bin/google-chrome \
    --user-data-dir="$HOME/proxy-profile" \
    --proxy-server="http://SQUID_IP:3128"

macOS:

"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
    --user-data-dir="$HOME/proxy-profile" \
    --proxy-server="http://SQUID_IP:3128"

Windows:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
    --user-data-dir="%USERPROFILE%\proxy-profile" ^
    --proxy-server="http://SQUID_IP:3128"

The profile will be created automatically if it does not exist. This way, you will be able to run multiple instances of Chrome at the same time.

3) Finally, to confirm the proxy server is working properly, visit google.com and type “what is my IP”. The IP shown in your browser will be the IP address of your server.

FAQs to Install and Configure Squid Proxy on Ubuntu 22.04

How do I start and stop the Squid Proxy service? 

Use the following commands to start and stop Squid Proxy service respectively: sudo systemctl start squidsudo systemctl stop squid

Can I change the default port for Squid Proxy? 

Yes, you can modify the default port (3128) by editing the http_port directive in the Squid configuration file.

How do I configure Squid Proxy to allow specific IP addresses? 

Edit the acl section in the Squid configuration file to specify the IP addresses or ranges you want to allow.

Does Squid Proxy support authentication? 

Yes, Squid Proxy supports various authentication mechanisms like Basic, Digest, and NTLM. You can configure them in the Squid configuration file.

How can I enable logging in Squid Proxy? 

Logging options can be modified by editing the access_log directive in the Squid configuration file.

How do I enable transparent proxying with Squid Proxy?

Transparent proxying can be enabled by configuring the appropriate firewall rules and redirecting traffic to Squid Proxy's port. Additional configuration may be needed based on your network setup.

How do I reload the Squid Proxy configuration without restarting the service? 

Use the command sudo systemctl reload squid to apply the changes to the Squid configuration file.

Conclusion

We hope this detailed guide helped you to install and configure Squid Proxy on Ubuntu 22.04.

If you have any queries or doubts, please leave them in the comment below. We'll be happy to address them.