Install Squid Proxy on Ubuntu

Published on November 17, 2021•Updated on November 21, 2023

Introduction

Squid is a caching and proxy server software that many people use. It's used mainly as a forward proxy, but it can also be used as a reverse proxy. Squid offers a lot of features and is frequently utilized on large networks.

WARNING: You must exercise extreme caution while creating proxies. Hackers frequently scan the public internet for exposed proxies and use them for unlawful purposes. If you get a lot of complaints, most hosting companies will terminate your instances, so make sure you use enough authentication, such as a strong password.

This article teaches you how to install Squid Proxy on Ubuntu 20.04.

Prerequisites

1. Install the Dependencies

Edit the repository list file in your favorite text editor.
```
 $ sudo nano /etc/apt/sources.list
```
Uncomment the following line to enable the package source repository.
```
 # deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted
```
Save and exit the file.
Update the package lists.
```
 $ sudo apt update
```
Install the htpasswd utility and the build dependencies for Squid.
```
 $ sudo apt install apache2-utils
 $ sudo apt build-dep squid
```

2. Compile Squid From Source Code

Clone the official Squid GitHub repository to a directory named squid.
```
 $ git clone https://github.com/squid-cache/squid.git squid
```
Navigate to the cloned repository.
```
 $ cd squid
```
Check out the repository to the V5 (version 5) branch.
```
 $ git checkout v5
```
Run the dependency installation script to install additional dependencies.
```
 $ ./bootstrap.sh 
```

Configure the build for the Ubuntu filesystem locations.

 $ ./configure --prefix=/usr --localstatedir=/var --libexecdir=${prefix}/lib/squid --datadir=${prefix}/share/squid --sysconfdir=/etc/squid --with-default-user=proxy --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid

Compile the source code. Please do not close your SSH session until the compilation finishes.
```
 $ make
```
Install the compiled binaries.
```
 $ sudo make install
```

Grant Squid access to the log directory.

 $ sudo chown -R proxy:proxy /var/log/squid

3. Create a Service For Squid

Edit a new file named squid.service in the /etc/systemd/system directory.
```
 $ sudo nano /etc/systemd/system/squid.service
```

Populate the file with the following contents.

 [Unit]
 Description=Squid Web Proxy Server
 Documentation=man:squid(8)
 After=network.target network-online.target nss-lookup.target

 [Service]
 Type=forking
 PIDFile=/var/run/squid.pid
 ExecStartPre=/usr/sbin/squid --foreground -z
 ExecStart=/usr/sbin/squid -sYC
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=mixed

 [Install]
 WantedBy=multi-user.target

Save and exit the file.
Reload systemd.
```
 $ sudo systemctl daemon-reload
```
Start the Squid service.
```
 $ sudo systemctl start squid
```
Enable the service to start on server boot.
```
 $ sudo systemctl enable squid
```

4. Configure Squid

Edit the Squid configuration file in your favorite text editor.
```
 $ sudo nano /etc/squid/squid.conf
```

Configure the proxy only to allow connections from authenticated users and to mask their IP addresses. Append the following lines to the top of the file.

 auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/squid_passwd
 auth_param basic realm proxy
 acl authenticated proxy_auth REQUIRED
 http_access allow authenticated

 forwarded_for off
 request_header_access Allow allow all
 request_header_access Authorization allow all
 request_header_access WWW-Authenticate allow all
 request_header_access Proxy-Authorization allow all
 request_header_access Proxy-Authenticate allow all
 request_header_access Cache-Control allow all
 request_header_access Content-Encoding allow all
 request_header_access Content-Length allow all
 request_header_access Content-Type allow all
 request_header_access Date allow all
 request_header_access Expires allow all
 request_header_access Host allow all
 request_header_access If-Modified-Since allow all
 request_header_access Last-Modified allow all
 request_header_access Location allow all
 request_header_access Pragma allow all
 request_header_access Accept allow all
 request_header_access Accept-Charset allow all
 request_header_access Accept-Encoding allow all
 request_header_access Accept-Language allow all
 request_header_access Content-Language allow all
 request_header_access Mime-Version allow all
 request_header_access Retry-After allow all
 request_header_access Title allow all
 request_header_access Connection allow all
 request_header_access Proxy-Connection allow all
 request_header_access User-Agent allow all
 request_header_access Cookie allow all
 request_header_access All deny all

Save and exit the file.

5. Set Up Squid Authentication

Create the Squid Proxy credentials file.
```
 $ sudo touch /etc/squid/squid_passwd
```
Create a new user on your proxy. Replace youruser in the next command with your desired username. The command prompts you for the password twice. You may use the next command multiple times to create additional users.
```
 $ sudo htpasswd /etc/squid/squid_passwd youruser
```
Restart the Squid service.
```
 $ sudo service squid restart
```

6. Configure the Firewall

Open the Squid Proxy port (3128/UDP) with UFW.

$ sudo ufw allow 3128/udp

7. Use Your Proxy

You may now use Squid as a forwarding proxy. Set up your web browser's "internet settings" to use your proxy, including the username and password that you've created earlier. Visit an IP address detection site, such as this one, to ensure that the proxy is functioning correctly.

The site should show that it's being visited from a Vultr IP address.

Conclusion

In this article, you have learned how to install Squid Proxy on an Ubuntu 20.04 server. You have also learned how to secure the proxy from unauthorized access.