What is Squid?

Squid is a proxy server that can be used to improve network performance and security. It can be used to cache web pages and images, allowing your users to access these files more quickly. Squid can also be used to protect your network from malicious content.

If you’re an experienced system administrator, you know that a proxy server can be a valuable tool for optimizing your network.

In this blog post, we’ll show you how to install a proxy server on Ubuntu using the Squid proxy server.

How to install Squid on Ubuntu and Debian

To install Squid on Ubuntu and Debian, use the following commands:

sudo apt update  
sudo apt install squid3  
How to Install Squid Proxy on Ubuntu and Debian
Installing squid proxy server

The Squid proxy server will be installed on your Ubuntu system.

You can verify the service status by running the following command:

sudo systemctl status squid3  
Output
● squid.service - Squid Web Proxy Server Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2022-06-17 11:13:54 IST; 45s ago Docs: man:squid(8) Process: 2267 ExecStartPre=/usr/sbin/squid --foreground -z (code=exited, status=0/SUCCESS) Main PID: 2270 (squid) Tasks: 4 (limit: 2271) Memory: 15.7M CPU: 187ms CGroup: /system.slice/squid.service ├─2270 /usr/sbin/squid --foreground -sYC ├─2272 "(squid-1)" --kid squid-1 --foreground -sYC ├─2273 "(logfile-daemon)" /var/log/squid/access.log └─2274 "(pinger)" Jun 17 11:13:54 tecadmin squid[2272]: Using Least Load store dir selection Jun 17 11:13:54 tecadmin squid[2272]: Set Current Directory to /var/spool/squid Jun 17 11:13:54 tecadmin squid[2272]: Finished loading MIME types and icons. Jun 17 11:13:54 tecadmin squid[2272]: HTCP Disabled. Jun 17 11:13:54 tecadmin squid[2272]: Pinger socket opened on FD 14 Jun 17 11:13:54 tecadmin squid[2272]: Squid plugin modules loaded: 0 Jun 17 11:13:54 tecadmin squid[2272]: Adaptation support is off. Jun 17 11:13:54 tecadmin squid[2272]: Accepting HTTP Socket connections at conn3 local=[::]:3128 remote=[::] FD 12 flags=9

After you have installed Squid, you will need to configure it to meet your needs. The default configuration should be suitable for most users, but you may need to make some changes depending on your specific needs.

How to Configure Squid Proxy Server

The main Squid configuration file is located at /etc/squid3/squid.conf. This file contains all of the settings for Squid. You can edit this file to change the configuration of Squid.

  1. Configure Port

    To configure the Squid port, you’ll need to edit the squid.conf file. This file is located in the /etc/squid directory on most Linux systems. Once you’ve opened the file in a text editor, you’ll need to locate the following line:

    http_port 3128
    

    If you need to change the Squid port, you can simply edit this line and enter the new port number. For example, if you want to use port 8080, you would enter:

    http_port 8080
    
    Changing Squid Server Port in Ubuntu & Debian
    Set a new port to Squid server

    Once you’ve made the change, save the file and restart Squid.

    Note: You can also configure Squid as transparrent proxy server by adding transparent keyword with the port like http_port 8080 transparent .

  2. Configuring Firewall Rules

    In order to use Squid, you will need to enable it in the Ubuntu firewall. You can do this by running the following command:

    • UFW Users:
      sudo ufw allow 8080 
      
    • FirewallD Users:
      sudo firewall-cmd --permanent --zone=public --add-port=3128/tcp 
      sudo firewall-cmd –reload 
      

    This command will allow traffic on port 8080, which is the port that Squid listens on.

  3. Configure Proxy Authentication in Squid

    You can also insist users to authenticate proxy to use. This helps you to prevent unauthorized access to the proxy server. This forces users to authenticate to use the proxy.

    • First, install apache2-utils package, that provides htpasswd command.
      sudo apt-get install apache2-utils -y  
      
    • Create a new file to contain username and password. Also change ownership to the Squid user proxy:
      sudo touch /etc/squid/secure_passwd 
      sudo chown proxy: /etc/squid/secure_passwd 
      
    • Create a new user with following commnad:
      sudo htpasswd /etc/squid/secure_passwd tecadmin 
      

      The system will prompt you to enter and confirm a password for “tecadmin” user.

    • Edit the /etc/squid/squid.conf file, and add the following configuration:
      auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/secure_passwd
      auth_param basic children 5
      auth_param basic realm Squid Basic Authentication
      auth_param basic credentialsttl 2 hours
      acl auth_users proxy_auth REQUIRED
      http_access allow auth_users
      
    • Restart Squid service.

  4. Create ACL to Block Websites

    You can block any website by its domain name. To do the following:

    • Create a new file /etc/squid/blocked_websites.acl and edit in a text editor. You can choose any name of your choice.
      sudo nano /etc/squid/blocked_websites.acl 
      
    • In this file, add the domain names one per line to be blocked. You can start the domain name with a dot (.) to blcok subdomains as well.
      .yahoo.com
      .facebook.com
      
    • Edit the /etc/squid/squid.conf file again.
      sudo nano /etc/squid/squid.conf 
      
    • Add the following lines just before the ACL list.
      acl blocked_websites dstdomain “/etc/squid/blocked.acl”
      http_access deny blocked_websites
      

      Save changes and restart Squid service.

Conclusion

In this article, we will go over the steps on how to install a Squid proxy server on an Ubuntu server. We will also cover some basic configurations that can be made to Squid once it is installed. By the end of this article, you should have a working installation of the Squid proxy server on your Ubuntu server.