Proxy Server Linux Ubuntu
Proxy Servers – Squid | Ubuntu
Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol (ICP), the Hyper Text Caching Protocol (HTCP), the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol (WCCP).
The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms, and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid caching proxy server for many users ensure it is configured with a large amount of physical memory as Squid maintains an in-memory cache for increased performance.
Installation
At a terminal prompt, enter the following command to install the Squid server:
sudo apt install squid
Configuration
Squid is configured by editing the directives contained within the /etc/squid/ configuration file. The following examples illustrate some of the directives which may be modified to affect the behavior of the Squid server. For more in-depth configuration of Squid, see the References section.
Tip
Prior to editing the configuration file, you should make a copy of the original file and protect it from writing so you will have the original settings as a reference, and to re-use as necessary. Make this copy and protect it from writing using the following commands:
sudo cp /etc/squid/ /etc/squid/
sudo chmod a-w /etc/squid/
To set your Squid server to listen on TCP port 8888 instead of the default TCP port 3128, change the _port directive as such:
_port 8888
Change the visible_hostname directive in order to give the Squid server a specific hostname. This hostname does not necessarily need to be the computer’s hostname. In this example it is set to weezie
visible_hostname weezie
The cache_dir option allows one to configure an on-disk cache, the default option is on-memory cache. The cache_dir directive takes the following arguments:
cache_dir
In the config file you can find the default cache_dir directive commented out:
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
You can just use the default option but you can also customize your cache directory, basically changing the
ufs: the old well-known Squid storage format that has always been there.
aufs: uses the same storage format as ufs, utilizing POSIX-threads to avoid blocking the main Squid process on disk-I/O. This was formerly known in Squid as async-io.
diskd: uses the same storage format as ufs, utilizing a separate process to avoid blocking the main Squid process on disk-I/O.
rock: is a database-style storage. All cached entries are stored in a “database” file, using fixed-size slots. A single entry occupies one or more slots.
If you want to use a different directory type please take a look at their different options.
Using Squid’s access control, you may configure use of Internet services proxied by Squid to be available only users with certain Internet Protocol (IP) addresses. For example, we will illustrate access by users of the 192. 168. 42. 0/24 subnetwork only:
Add the following to the bottom of the ACL section of your /etc/squid/ file:
acl fortytwo_network src 192. 0/24
Then, add the following to the top of the _access section of your /etc/squid/ file:
_access allow fortytwo_network
Using the excellent access control features of Squid, you may configure use of Internet services proxied by Squid to be available only during normal business hours. For example, we’ll illustrate access by employees of a business which is operating between 9:00AM and 5:00PM, Monday through Friday, and which uses the 10. 1. 0/24 subnetwork:
acl biz_network src 10. 0/24
acl biz_hours time M T W T F 9:00-17:00
_access allow biz_network biz_hours
Note
After making changes to the /etc/squid/ file, save the file and restart the squid server application to effect the changes using the following command entered at a terminal prompt:
sudo systemctl restart rvice
If formerly a customized squid3 was used that set up the spool at /var/log/squid3 to be a mountpoint, but otherwise kept the default configuration the upgrade will fail. The upgrade tries to rename/move files as needed, but it can’t do so for an active mountpoint. In that case please either adapt the mountpoint or the config in /etc/squid/ so that they match.
The same applies if the include config statement was used to pull in more files from the old path at /etc/squid3/. In those cases you should move and adapt your configuration accordingly.
References
Squid Website
Ubuntu Wiki Squid page.
How to Set Up & Install Squid Proxy Server on Ubuntu 18.04
Introduction
Squid is a Linux-based proxy application. The Squid proxy server is used for filtering traffic, security, and DNS lookups.
Also, Squid can speed up a web server by caching resources. The Squid Proxy allows a server to cache frequently visited web pages. When the user requests a web page or file, the request goes directly to the proxy server — an intermediary device between the user’s device and the internet. The proxy server pulls up the resources and relays them to the user.
This guide will walk you through how to set up and install Squid Proxy server on Ubuntu.
Prerequisites
An Ubuntu operating systemAccess to a terminal window/command line (Ctrl-Alt-T)An Ubuntu user with root or sudo privilegesThe apt package installer, included by defaultA text editor, such as nano
Installing Squid Proxy on Ubuntu
Step 1: Refresh the Software Repositories
Ensure you’re working with the latest software version available.
Launch a terminal window, and enter the following:
sudo apt-get update
Step 2: Install Squid Package on Ubuntu
To install Squid, run the command:
sudo apt-get install squid
The system should prompt for confirmation – enter Y and allow the process to complete itself.
Configuring Squid Proxy Server
The Squid configuration file is found at /etc/squid/
1. Open this file in your text editor with the command:
sudo nano /etc/squid/
2. Navigate to find the _port option. Typically, this is set to listen on Port 3218. This port usually carries TCP traffic. If your system is configured for traffic on another port, change it here.
You may also set the proxy mode to transparent if you’d like to prevent Squid from modifying your requests and responses.
Change it as follows:
_port 1234 transparent
3. Navigate to the _access deny all option. This is currently configured to block all HTTP traffic. This means no web traffic is allowed.
Change this to the following:
_access allow all
4. Navigate to the visible_hostname option. Add any name you’d like to this entry. This is how the server will appear to anyone trying to connect. Save the changes and exit.
5. Restart the Squid service by entering:
sudo systemctl restart squid
Configure Squid Client
All this configuration has been done to set up your Squid proxy server. Now, switch to your client machine and open your web browser.
If you’re using Firefox, you can find the proxy settings under:
Menu > Options > Network Settings > Settings
Tick the radio button for Manual proxy configuration.
If you’ve entered a hostname in Step 4, you should be able to enter that name plus the port you have designated. Otherwise, use the IP address for the system hosting your Squid proxy.
To test it, you can visit – if your proxy is working, your IP address should display as the proxy server’s IP address.
Add Squid ACL
Note: After each of these steps, you should save and exit, then restart the Squid service to apply the new configuration.
Create an access control list by editing the file again, as in Step 4.
Add a new line as follows:
acl localnet src 192. 168. 0. 15
This will create a rule that only allows the system at this IP address to connect. It is recommended that you comment the line to identify the rule:
acl localnet src 192. 15 # test computer
Anything after the # sign is ignored by Squid.
You can specify a range of IP addresses as follows:
acl localnet src 192. 15/30
Open Ports
To open a specific port, add the following:
acl Safe_ports port 123 # Custom port
Configure Proxy Authentication
This forces users to authenticate to use the proxy.
Start by installing apache2-utils:
sudo apt-get install apache2-utils
Create a passwd file, and change the ownership to the Squid user proxy:
sudo touch /etc/squid/passwd
sudo chown proxy: etc/squid/passwd
Add a new user and password
1. To add a new user to Squid, use the command:
sudo htpasswd /etc/squid/passwd newuser
The system will prompt you to enter and confirm a password for newuser.
2. Edit the /etc/squid/ file, and add the following command lines:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
_access allow auth_users
Block Websites on Squid Proxy
1. Create and edit a new text file /etc/squid/ by entering:
2. In this file, add the websites to be blocked, starting with a dot:..
Note: The dot specifies to block all subsites of the main site.
3. Open the /etc/squid/ file again:
4. Add the following lines just above your ACL list:
acl blocked_websites dstdomain “/etc/squid/”
_access deny blocked_websites
Commands When Working with the Squid Service
To check the status of your Squid software, enter:
sudo systemctl status squid
This will tell you whether the service is running or not.
To start the service enter:
sudo systemctl start squid
Then set the Squid service to launch when the system starts by entering:
sudo systemctl enable squid
You can re-run the status command now to verify the service is up and running.
To stop the service, use the command:
sudo systemctl stop squid
To prevent Squid from launching at startup, enter:
sudo systemctl disable squid
Conclusion
If you’ve followed along closely, you should now have a basic understanding of how Squid works, and how to install and configure Squid Proxy on Ubuntu.
Proxy servers are a valuable tool for securing network traffic, preventing attacks and restricting access.
Check out our article on how to set up your Ubuntu system to work with a proxy server to configure your Ubuntu machine to use a proxy.
Interested in setting up this application on a different OS? You may want to check out how to install Squid on CentOS 7.
How to install Squid Proxy Server on Ubuntu 20.04 LTS Linux
How do I install Squid Proxy Server on Ubuntu 20. 04 LTS Linux server for web clients? How can I filter out internet traffic for LAN users such as blocking domains, unwanted URLs, office hours for Internet access, and more using Squid running on Ubuntu server?
Squid proxy server is a free and open-source high performance caching and forwarding HTTP web proxy. It is mostly used for speeding up a web server by caching repeated requests, caching DNS and web lookups for a shared network. It also adds a security policy to filter out unwanted traffics for web or office users. This page explains how to install, set up, and configure the Squid proxy server on Ubuntu 20. 04 LTS Linux server.
Step 1 – Install Squid proxy server on Ubuntu
First, log in using the ssh command:
ssh user@server-ip-here
ssh
Next, update your system using the apt command:
sudo apt update
sudo apt upgrade
We can search for the squid package as follow:
apt show squid
Outputs:
Package: squid
Version: 4. 10-1ubuntu1
Priority: optional
Section: web
Origin: Ubuntu
Maintainer: Ubuntu Developers <>
Original-Maintainer: Luigi Gangitano <>
Bugs: Installed-Size: 8, 792 kB
Provides: squid3
Pre-Depends: adduser
Depends: libc6 (>= 2. 29), libcap2 (>= 1:2. 10), libcom-err2 (>= 1. 43. 9), libdb5. 3, libecap3 (>= 1. 0. 1), libexpat1 (>= 2. 1), libgcc-s1 (>= 3. 0), libgnutls30 (>= 3. 6. 6), libgssapi-krb5-2 (>= 1. 17), libkrb5-3 (>= 1. 10+dfsg~), libldap-2. 4-2 (>= 2. 4. 7), libltdl7 (>= 2. 6), libnetfilter-conntrack3 (>= 1. 7), libnettle7, libpam0g (>= 0. 99. 7. 1), libsasl2-2 (>= 2. 1. 27+dfsg), libstdc++6 (>= 9), libxml2 (>= 2. 4), netbase, logrotate (>= 3. 5. 4-1), squid-common (>= 4. 10-1ubuntu1), lsb-base, libdbi-perl, ssl-cert
Recommends: libcap2-bin, ca-certificates
Suggests: squidclient, squid-cgi, squid-purge, resolvconf (>= 0. 40), smbclient, ufw, winbind, apparmor
Homepage: Download-Size: 2, 556 kB
APT-Sources: focal/main amd64 Packages
Description: Full featured Web Proxy cache (HTTP proxy)
Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, ICY and HTTP data objects.
Installing Squid 4
Now that system software up to date, it is time to install the Squid server, enter:
sudo apt install squid
Step 2 – Configuring Squid server
The squid configuration file is located at /etc/squid/ and /etc/squid/conf. d/ directory. Let us edit the /etc/squid/ using a text editor. Make a backup of the original file so that we can go back if something goes wrong using the cp command:
sudo cp -v /etc/squid/{,. factory}
‘/etc/squid/’ -> ‘/etc/squid/’
sudo nano /etc/squid/
## OR ##
sudo vim /etc/squid/
Change squid port and listing IP address
By default, squid listens to all IP addresses on all interfaces. The default port is TCP 3128. Find line:
_port 3128
Change it as follows or as per your needs:
_port 10. 8. 1:3128
Setting up ACL for ports
ACL means an access control scheme, and we can use it to deny or allow access as per our needs. For example, time acl allows you to set up browsing time of day and day of the week for your users. Don’t like social media domains? We can block domain such as Facebook and others using the Squid proxy server. There are several different access lists. Let us see some common examples.
Define SSL and safe ports that you would like to allow
acl SSL_ports port 443
acl Safe_ports port 80 #
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 #
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # -mgmt
acl Safe_ports port 488 # gss-
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling
Adapt to list your (internal) IP networks from where browsing should be allowed
acl localnet src 0. 1-0. 255. 255 # RFC 1122 “this” network (LAN)
acl localnet src 10. 0/8 # RFC 1918 local private network (LAN)
acl localnet src 100. 64. 0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169. 254. 0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172. 16. 0/12 # RFC 1918 local private network (LAN)
acl localnet src 192. 168. 0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
Define your LAN acl as follows
acl mylan src 10. 0/24
We can also define other domains that you wish to block
acl baddomain1 dstdomain www-bad-guys-domain-name-here
Allow or deny access
Use the _access that allows HTTP clients such as browsers to access the HTTP port. It is the primary access control listL
# Block access to all Unsafe ports i. e. only allow Safe_ports defined in acl above #
_access deny! Safe_ports
_access deny CONNECT! SSL_ports
# Block domains #
_access deny baddomain1
# only allow cachemgr access from localhost #
_access allow localhost manager
_access deny manager
# Allow internet access to localhost and mylan sub/net #
_access allow localhost
_access allow mylan
# and finally deny all other access to this proxy server #
_access deny all
Squid Proxy Server Change Outgoing IP Address
Say if you have multiple IP addresses assigned to your server we can change proxy server outgoing IP address as follows:
tcp_outgoing_address 139. 2. 3
Set cache memory size as per your needs
cache_mem 256 MB
Force squid to hide client’s real IP address
forwarded_for delete
via off
forwarded_for off
follow_x_forwarded_for deny all
request_header_access X-Forwarded-For deny all
Specify a list of DNS name servers to use
dns_nameservers 127. 1 10. 1
Squid has many more options. I covered the basic one here. Hence, see this page where you find all Squid configuration directives.
Verify that config options are valid
To parse and test configuration file, enter:
sudo /usr/sbin/squid -k check
echo $?
sudo /usr/sbin/squid -k parse
See “21 Examples To Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors” for more info.
Step 3 – Start/stop/restart Squid
First, turn on Squid service at boot time using the systemctl command:
sudo systemctl enable rvice
The syntax is as follows:
Start the Squid server
sudo systemctl start rvice
Stop the Squid server
sudo systemctl stop rvice
OR
sudo squid -k shutdown
Restart the Squid server
sudo systemctl restart rvice
Find the Squid server status
sudo systemctl status rvice
Reload the Squid after config changes gracefully
Whenever you make changes to the, reload it as follows:
sudo squid -k reconfigure
sudo systemctl reload rvice
Step 4 – Block domains
Let us block and
acl socialsite dstdomain.
_access deny socialsite
Step 5 – Block URLs using keywords
Say if any url contains keyword such as “foo” or “” block it using the url_regex acl:
acl urlkeywordsblocks url_regex -i “/etc/squid/”
_access deny urlkeywordsblocks
Create a file named /etc/squid/ as follows:
Append the urls/keywords:
foo
Step 6 – Block file extensions
We can block unwanted file extensions using the squid proxy too:
acl blockedexentions urlpath_regex -i “/etc/squid/”
_access deny blockedexentions
Append the following in /etc/squid/. mp4. mp3
Step 7 – Allow internet access only between 9:00AM and 18:00 during weekdays
acl official_hours time M T W H F 09:00-18:00
_access allow official_hours
Step 8 – Configure web browser
Connection settings to use a proxy can be set in Firefox Preferences as follows:
Patreon supporters only guides
Click the menu button and select Preferences
In the General panel, go to the Network Settings section by scrolling down option page.
Click Settings…. The Connection Settings dialog will open and set proxy server address such as 10. 1 and port 3128:
Conclusion
That is all for now. You learned how to install, set up, and deploy Squid 4 server for internet access and filter unwanted traffic on Ubuntu Linux 20. 04 LTS. See Squid server docs here for more info.
ADVERTISEMENT
CategoryList of Unix and Linux commandsDocumentationhelp • mandb • man • pinfoDisk space analyzersdf • duf • ncdu • pydfFile Managementcat • cp • less • mkdir • more • treeFirewallAlpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16. 04 • Ubuntu 18. 04 • Ubuntu 20. 04Linux Desktop AppsSkype • Spotify • VLC 3Modern utilitiesbat • exaNetwork UtilitiesNetHogs • dig • host • ip • nmapOpenVPNCentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18. 04Package Managerapk • aptProcesses Managementbg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtopSearchingag • grep • whereis • whichShell builtinscompgen • echo • printfText processingcut • revUser Informationgroups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • wWireGuard VPNAlpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20. 04
Frequently Asked Questions about proxy server linux ubuntu
How do I setup a proxy server in Linux?
How to Set Up a Linux Proxy ServerThe first thing to do is to update to the latest package list. Use the “Sudo apt-get update”.Install Squid Proxy server.Start and enable the proxy server.To see the status use “systemctl status” command. … To see which port the proxy is running use “netstat –tnlp”.
Where is proxy setting in Ubuntu?
Setting Up Proxy with Ubuntu Desktop GUITo access proxy settings using the Ubuntu GUI, open Ubuntu’s main Settings.Select the Network setting in the menu on the left side of the window.Then, click the cog in the Network Proxy section.A Network Proxy dialogue appears.More items…•Dec 10, 2020
What is proxy server Linux?
A proxy server is a computer that acts as an intermediary between a desktop computer and the internet and allows a client machine to make an indirect connection to network servers and services.Mar 30, 2017