This tutorial shows you how to install a Squid HTTP proxy on your Debian or Ubuntu "RS 2000" server. In addition, it will include explanations on how you can connect to the proxy from almost any client.
I am doing this on a Debian 11 server, but the installation should work on other Debian versions and on Ubuntu as well.
This is an advanced version of https://github.com/SanCraftDev/Debian-Setup/blob/main/README.md#Squid-HTTP-Proxy---with-Password-Authentication.
You need a Debian or Ubuntu server with an internet connection, which must be reachable from the internet via a static IP on port 3128
.
You also need root permissions on your server.
First you need to connect to your server via SSH.
Then we'll switch to the root user and update the system, install all the required packages and, finally, install the Squid HTTP proxy:
su
apt update && apt upgrade -y && apt autoremove -y
apt install curl sudo wget apache2-utils nano -y
apt install squid -y
Now we need to add a configuration to the Squid proxy.
This configuration allows you to connect to the HTTP proxy using a username and password and makes your origin IP invisible to the web servers you visit.
Open the configuration:
nano /etc/squid/squid.conf
Add the following lines to the beginning of the file:
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
forwarded_for off
Save your changes by pressing CTRL + X, then Y and finally by hitting Enter.
In this step we need to create users to access the proxy.
In the following command, please replace "USERNAME" with the actual username you will use for password login to the proxy:
htpasswd -c /etc/squid/passwords USERNAME
Now enter a new secure password.
Repeat this step depending on the number of users you want to use this proxy.
To enable the inserted configuration, we need to restart the Squid proxy. To do this, simply run:
service squid restart
The restart may take a longer while.
3128
.You will sometimes be asked for one of the usernames (and related password) that we previously created in Step 1.2.
3128
. You will sometimes be asked for one of the usernames (and related password) that we previously created in Step 1.2.
3128
. You will sometimes be asked for one of the usernames (and related password) that we previously created in Step 1.2.
3128
. 3128
. Now if you are asked for it (you may need to reboot), enter your username (and related password) that we previously created in Step 1.2.
Run the following commands to install the required packages and to open the proxy configuration file:
su
apt update && apt upgrade -y && apt autoremove -y
apt install curl sudo wget nano -y
sudo nano /etc/environment
Now add the following lines replacing username
with an actual username and define a password
for the user. This is one of the users we previously created in Step 1.2. Also, replace "hostname" with the IP address or the hostname of your proxy server and "port" with port 3128
:
http_proxy="http://<username>:<password>@<hostname>:<port>/"
https_proxy="http://<username>:<password>@<hostname>:<port>/"
no_proxy="localhost,127.0.0.1,::1"
Now save your changes by pressing CTRL + X, pressing Y and finally by hitting Enter.
You successfully set up a Squid HTTP proxy with username and password protection and additionally connected your devices with this proxy.
This is an advanced version of https://github.com/SanCraftDev/Debian-Setup/blob/main/README.md#Squid-HTTP-Proxy---with-Password-Authentication.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicence, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
By making a contribution to this project, I certify that:
The contribution was created in whole or in part by me and I have the right to submit it under the license indicated in the file; or
The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same license (unless I am permitted to submit under a different license), as indicated in the file; or
The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.
I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the license(s) involved.