If you don't want to build Squid from scratch, you can simply [Setup a Squid anonymous proxy](https://gist.github.com/e7d/9472c3e7ac1821056867b95244c73609) # Build a Squid anonymous proxy from source code > Please note that this whole manual refers to the version **3.5.23** of Squid. You probably would have to adapt some commands to the version you will actually download. ## Table of contents * [Automated Install](#automated-install) * [Disclaimer](#disclaimer) * [Squid installation script](#squid-installation-script) * [Manual Install](#manual-install) * [Resolve compilation dependencies](#resolve-compilation-dependencies) * [Grab a copy of the source code](#grab-a-copy-of-the-source-code) * [Compile your Squid 3](#compile-your-squid-3) * [Resolve library dependencies](#resolve-library-dependencies) * [Build configuration file](#build-configuration-file) * [Build service runtime](#build-service-runtime) * [Prepare execution folders](#prepare-execution-folders) * [Start!](#start) * [Additional configuration](#additional-configuration) * [Customize settings](#customize-settings) * [Disable authentication](#disable-authentication) * [Manage users](#manage-users) ## Automated install ### Disclaimer > Read the install script before using it. > You may want to understand what the script is doing before executing it. > I will not be responsible for any damage caused to your server. ### Squid installation script ``` wget -qO- https://gist.github.com/e7d/1f784339df82c57a43bf/raw/squid-install.sh | sh ``` ## Manual install ### Resolve compilation dependencies Edit your `/etc/apt/sources.list` file, and check that you have `deb-src` entries like the following sample. ``` deb http://httpredir.debian.org/debian stable main deb-src http://httpredir.debian.org/debian stable main deb http://security.debian.org/ stable/updates main deb-src http://security.debian.org/ stable/updates main ``` Build Squid 3 dependencies ``` apt-get update apt-get install build-essential libssl-dev apache2-utils apt-get build-dep squid3 ``` ### Grab a copy of the source code ``` cd /usr/src wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.23.tar.gz tar zxvf squid-3.5.23.tar.gz cd squid-3.5.23 ``` ### Compile your Squid 3 ``` ./configure --prefix=/usr \ --localstatedir=/var/squid \ --libexecdir=${prefix}/lib/squid \ --srcdir=. \ --datadir=${prefix}/share/squid \ --sysconfdir=/etc/squid \ --with-default-user=proxy \ --with-logdir=/var/log/squid \ --with-pidfile=/var/run/squid.pid make -j$(nproc) make install ``` ### Resolve library dependencies Extract the content of [squid-lib-3.4.8.tar.gz](http://e7d.github.io/resources/squid-lib-3.4.8.tar.gz) to `/usr/lib` ``` cd /usr/lib wget -O /usr/lib/squid-lib.tar.gz http://e7d.github.io/resources/squid-lib-3.4.8.tar.gz tar zxvf squid-lib.tar.gz rm squid-lib.tar.gz ``` ### Build configuration file Copy [squid.conf](https://gist.github.com/e7d/1f784339df82c57a43bf/raw/squid.conf) contents to `/etc/squid/squid.conf`. ``` rm -rf /etc/squid/squid.conf wget --no-check-certificate -O /etc/squid/squid.conf https://gist.github.com/e7d/1f784339df82c57a43bf/raw/squid.conf ``` With this sample configuration file, you can use a Htpasswd file at `/etc/squid/users.pwd` to manage a basic authentication. ``` rm -rf /etc/squid/users.pwd htpasswd -cbd /etc/squid/users.pwd proxy proxy ``` > This this authentication is enabled by default/ To disable it you will have to comment the **Authentication** section of the sample `squid.conf` configuration file. See [Disable authentication](#disable-authentication). > You can create your users entries using the [htpasswd](http://httpd.apache.org/docs/current/programs/htpasswd.html) tool from Apache. See [Manage user accounts](#manage-user-accounts). > You can directly use the [users.pwd](https://gist.github.com/e7d/1f784339df82c57a43bf/raw/users.pwd) sample, providing you a basic user named *proxy*, using also *proxy* as password. ### Build service runtime Copy [squid.sh](https://gist.github.com/e7d/1f784339df82c57a43bf/raw/squid.sh) contents to `/etc/init/squid` and make it executable. ``` wget --no-check-certificate -O /etc/init.d/squid https://gist.github.com/e7d/1f784339df82c57a43bf/raw/squid.sh chmod +x /etc/init.d/squid ``` > Optionally, you can make it run automatically at server startup with `update-rc.d squid defaults`. ### Prepare execution folders ``` mkdir /var/log/squid mkdir /var/cache/squid mkdir /var/spool/squid chown -cR proxy /var/log/squid chown -cR proxy /var/cache/squid chown -cR proxy /var/spool/squid squid -z ``` ### Start! Try to start your brand new Squid with `service squid start` ## Additional configuration ### Customize settings Squid offers some interesting customisation options you should have a look at. This modifications implies to edit the file located at `/etc/squid/squid.conf`. #### Listening ports With the provided configuration, your proxy will be listening on HTTP port 3128, which is the squid default. You can change it to any available port that suits you with: ``` http_port 3128 ``` ### Disable authentication Your proxy will respond to any request. If you want to limit its accessibility to a set of users, you may want to enable authentication, by uncommenting the following section: ``` #acl Users proxy_auth REQUIRED #http_access allow Users ``` This authentication relies on a password file you will find at `/etc/squid/users.pwd`. A sample user is included, defined with the following identification: - username : `proxy` - password : `proxy` This user file may be modified following the next section instructions. ### Manage users Using the command [htpasswd](https://httpd.apache.org/docs/current/programs/htpasswd.html), you can manage the users able to use the proxy: - create/update a user: `htpasswd -bd /etc/squid3/users.pwd myuser mypw` - remove a user: `htpasswd -D /etc/squid3/users.pwd myuser` **NOTE:** Provided authentication relies on CRYPT algorithm. Information defined in `users.pwd` must respect that, meaning that passwords can only be up to 8 characters.