Install Squid Proxy on Ubuntu

Squid is a popular proxy and caching server application. It primarily serves as a forward proxy, but can also be used as a reverse proxy. Squid provides many features and is often used on enterprise-level networks.

This tutorial will show you how to setup a simple HTTP proxy with authentication using Squid. Steps listed in this tutorial were tested on Ubuntu 15.04 and 15.10.

WARNING: You must be very careful when creating proxies. Hackers frequently scan the public internet for open proxies use them for malicious activities. Most hosting companies will suspend your instances if you receive too many complaints, so ensure that you use sufficient authentication, such as a strong password.

This tutorial assumes that you are using a freshly created VPS with no installed packages.

Installation

First, ensure that the apt-get package library is up-to-date by running the command below. This will ensure that the latest packages have been installed.

$ apt-get update

Once this has completed, it is time to install the squid application and htpasswd. Run the following command using sudo to install both packages.

$ sudo apt-get install squid3 apache2-utils

After the Squid install completes, I suggest that you create a copy of the original config file created during the install as it is a helpful reference and allows you to rollback any changes.

$ sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.default

Next, create the files needed by Squid to store the credentials of the proxy accounts.

$ sudo touch /etc/squid/squid_passwd
$ sudo chown proxy /etc/squid/squid_passwd

Configuration

Open the squid config file for editing using a text editor, such as nano.

$ sudo nano /etc/squid/squid.conf

Add the following lines to the file so that authenticated users can connect to the proxy.

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/squid_passwd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

In addition, to hide the IP of the person connecting to the proxy from being shown in HTTP headers, add the following lines under the ones above.

forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

Your Squid config file should now look something like this:

Save and close the file.

To create users on your proxy, execute the following command, replacing youruser with your desired user name. It will request the password twice.

$ sudo htpasswd /etc/squid/squid_passwd youruser

You may create additional users in the same manner.

Restart the Squid service.

$ sudo service squid restart

Using your proxy

Now that Squid is setup, you can use it as a forwarding proxy. Configure the “internet settings” of your web browser to use your proxy, including the user name and password that you generated earlier. To verify that the proxy is working, visit an IP address detection site, like this one.

Upon success, you will notice a Vultr IP address being reported. Here is a screenshot from my demo server: