Skip to content

Instantly share code, notes, and snippets.

@jackblk

jackblk/squid_proxy_tutorial.md

Last active June 11, 2025 06:56
Show Gist options
  • Save jackblk/fdac4c744ddf2a0533278a38888f3caf to your computer and use it in GitHub Desktop.
Save jackblk/fdac4c744ddf2a0533278a38888f3caf to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. jackblk revised this gist Sep 1, 2021. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions squid_proxy_tutorial.md
    View file
    Original file line number Diff line number Diff line change
    @@ -74,8 +74,8 @@ http_port 8888
    Save the file in vi with [esc]:wq

    ### Start the squid service
    Start squid: ```sudo service squid squid start```
    Press ```Ctrl + A, Ctrl + D``` to detach the screen. You can resume the sreen via ```screen -r```.
    Start squid: ```sudo service squid start```

    To check service status: ```service squid status```

    ### Restart the squid service and try proxy
  2. jackblk revised this gist May 30, 2021. 1 changed file with 0 additions and 11 deletions.
    11 changes: 0 additions & 11 deletions squid.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -1,11 +0,0 @@
    auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 24 hours
    auth_param basic casesensitive off
    acl authenticated proxy_auth REQUIRED
    http_access allow authenticated
    http_access deny all
    dns_v4_first on
    forwarded_for delete
    via off
    http_port 8888
  3. jackblk revised this gist May 30, 2021. 1 changed file with 11 additions and 0 deletions.
    11 changes: 11 additions & 0 deletions squid.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,11 @@
    auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 24 hours
    auth_param basic casesensitive off
    acl authenticated proxy_auth REQUIRED
    http_access allow authenticated
    http_access deny all
    dns_v4_first on
    forwarded_for delete
    via off
    http_port 8888
  4. jackblk revised this gist Mar 2, 2020. 1 changed file with 6 additions and 1 deletion.
    7 changes: 6 additions & 1 deletion squid_proxy_tutorial.md
    View file
    Original file line number Diff line number Diff line change
    @@ -73,9 +73,14 @@ http_port 8888

    Save the file in vi with [esc]:wq

    ### Start the squid service
    Start squid: ```sudo service squid squid start```
    Press ```Ctrl + A, Ctrl + D``` to detach the screen. You can resume the sreen via ```screen -r```.
    To check service status: ```service squid status```

    ### Restart the squid service and try proxy
    Restart squid service
    ```sudo systemctl restart squid.service``` or ```sudo service squid restart```.
    ```sudo service squid restart``` or ```sudo systemctl restart squid.service```.

    Use your proxy with your ```ip:port```. Example: ```111.111.222.333:8888``` and login with your user/pass.

  5. jackblk revised this gist Mar 2, 2020. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion squid_proxy_tutorial.md
    View file
    Original file line number Diff line number Diff line change
    @@ -82,4 +82,4 @@ Use your proxy with your ```ip:port```. Example: ```111.111.222.333:8888``` and
    ### Caution
    You might need to create inbound firewall rule first before using the proxy.

    For Google cloud: [Firewall](https://console.cloud.google.com/networking/firewalls/). Create a rule that apply to IP range of ```0.0.0.0/0```, allow ```TCP:8888, UDP:8888``` for all traffic.
    For Google cloud: [Firewall](https://console.cloud.google.com/networking/firewalls/). Create an Ingress rule, Target Apply to all, IP range of ```0.0.0.0/0```, allow ```TCP:8888, UDP:8888``` for all traffic.
  6. jackblk revised this gist Jan 12, 2019. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions squid_proxy_tutorial.md
    View file
    Original file line number Diff line number Diff line change
    @@ -66,6 +66,7 @@ http_port 8888

    * ```auth_param basic credentialsttl 24 hours```: after 24 hours, user/pass will be asked again.
    * ```auth_param basic casesensitive off```: case sensitive for user is off.
    * ```dns_v4_first on```: use only IPv4 to speed up the proxy.
    * ```forwarded_for delete```: remove the forwarded_for http header which would expose your source to the destination
    * ```via off```: remove more headers to avoid exposing the source.
    * ```http_port 8888```: port 8888 is used for proxy. You can choose any port.
  7. jackblk created this gist Jan 12, 2019.
    84 changes: 84 additions & 0 deletions squid_proxy_tutorial.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,84 @@
    ### Note
    This tutorial is for Ubuntu & Squid3. Use AWS, Google cloud, Digital Ocean or any services with Ubuntu to follow this tutorial.


    ### Install squid & update
    ```
    sudo apt-get update
    sudo apt-get install squid3
    sudo apt-get install apache2-utils
    ```

    ### Setup the password store
    Choose a username/password. Example:
    ```
    username: abc
    password: 123
    ```
    Type in console:
    ```
    sudo touch /etc/squid/passwords
    sudo chmod 777 /etc/squid/passwords
    sudo htpasswd -c /etc/squid/passwords [USERNAME]
    ```

    Replace [USERNAME] with your username, in this example: ```abc```.

    You will be prompted for entering the password. Enter and confirm it. This example password: ```123```.


    #### [Optional] Test the password store

    ```
    /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords
    ```

    After executing this line the console will look like its hung, there is a prompt without any text in it. Enter ```USERNAME PASSWORD``` (replacing these with your specific username and password) and hit return. You should receive the response "OK".

    If not, review the error message, your username/password might be incorrect. Its also possible basic_ncsa_auth is located on a different path (e.g. lib64).

    ### Config squid proxy

    Backup default config file:
    ```
    sudo mv /etc/squid/squid.conf /etc/squid/squid.conf.original
    ```

    Make a new configuration files
    ```
    sudo vi /etc/squid/squid.conf
    ```

    Enter this in the config file
    ```
    auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 24 hours
    auth_param basic casesensitive off
    acl authenticated proxy_auth REQUIRED
    http_access allow authenticated
    http_access deny all
    dns_v4_first on
    forwarded_for delete
    via off
    http_port 8888
    ```

    * ```auth_param basic credentialsttl 24 hours```: after 24 hours, user/pass will be asked again.
    * ```auth_param basic casesensitive off```: case sensitive for user is off.
    * ```forwarded_for delete```: remove the forwarded_for http header which would expose your source to the destination
    * ```via off```: remove more headers to avoid exposing the source.
    * ```http_port 8888```: port 8888 is used for proxy. You can choose any port.

    Save the file in vi with [esc]:wq

    ### Restart the squid service and try proxy
    Restart squid service
    ```sudo systemctl restart squid.service``` or ```sudo service squid restart```.

    Use your proxy with your ```ip:port```. Example: ```111.111.222.333:8888``` and login with your user/pass.

    ### Caution
    You might need to create inbound firewall rule first before using the proxy.

    For Google cloud: [Firewall](https://console.cloud.google.com/networking/firewalls/). Create a rule that apply to IP range of ```0.0.0.0/0```, allow ```TCP:8888, UDP:8888``` for all traffic.